Skip to Content
Datawarehouse 729932797

Insurers handle data and AI responsibly. The Association's ethical framework helps insurers carefully determine how they use data and why. Since 2021, the framework has been part of the Association's self-regulation: binding on all members.

"Only if the customer, regulator and legislator have sufficient confidence in the correct use of data, insurers will be able to incorporate new technology into their business processes in a future-proof way. That's why we think it's important for customers to be able to hold insurers accountable for how they use data-driven applications," says Managing Director Richard Weurding.

As early as 2016, the use of big data by insurers led to the paper 'Grip on data', which contains principles for insurers' actions. Since then, it has been one of the pillars of the Medium-Term Plan. With a Code of Conduct, the ethical framework (2020) and knowledge meetings, the sector wants to keep a grip on the collection and use of data.

Ethical framework and tools for implementation

The ethical framework (or the English version) helps insurers carefully determine which artificial intelligence (AI) and other data-driven products and processes they want to apply and why. It consists of requirements with basic principles, which insurers can use based on the central principle of customer trust. It may be the case that a certain data technique is permitted by law, but conflicts with the starting point(s) of the framework. In that case, the insurer will not use such a technique. It's about making conscious decisions about the use of data techniques.

Since 1 January 2021, the framework has been part of the Association's self-regulation: binding on all members. The first audits of this by the independent Foundation for the Assessment of Insurers (Stv) will take place in 2023.

"Compare the risks of new techniques with existing ones, think about the explanation to customers in advance, monitor the consequences and do all this with a diverse team. This allows you to keep a grip on the use of data-driven applications," explains Richard Weurding.

The framework is partly based on the seven principles for responsible Artificial Intelligence of the High-Level Expert Group on Artificial Intelligence, an advisory body of the European Commission.

Click on the image to zoom in

How do others apply the ethical framework?

In 2022, a number of insurers participated in a series on the application of the ethical framework. Be inspired by them:

Toolkit as a non-binding tool

Application of the ethicsframework of the Dutch Association of Insurers does not automatically ensure reliable and ethically responsible data-driven (AI) applications. To do this, you need to give the Ethical Framework a place in the existing organisation. The toolkit of KPMG, partner of the Dutch Association of Insurers, will help you on your way.

First step in the toolkit: a selection of existing data applications. KPMG has developed two models for this purpose:

  • The classification model is based on the type of application, such as queries and complex algorithms.
  • The domain model focuses on the type of service, product or process for which the application is used. For example, pricing products and services, accepting new customers and combating fraud.

As the next step in the process, you test the data application against the 30 standards of the framework. Each standard is linked to various questions that help the insurer to carry out the test (assessment). Here and there, the Toolkit provides additional information to weigh in on each standard. In this way, during the assessment process, it quickly becomes clear which changes are needed to comply with the Ethical Framework. For example, security measures due to new risks that arise when you use artificial intelligence and machine learning . This technology increases the so-called attack surface: the ways in which criminals use an attack to manipulate the behaviour of algorithms.

The Ethics Framework is binding, but use of the toolkit by insurers is non-binding.

Data protection: code of conduct for insurers

Respect for the privacy of customers is a prerequisite for trust in insurers. The Association has therefore drawn up its own code of conduct that contributes to transparency about data use by insurers. The Code of Conduct sets out the general obligations under the General Data Protection Regulation (GDPR) specifically for insurers. Insurers are obliged to periodically evaluate whether they comply with the Code of Conduct.

General Data Protection Regulation (GDPR)

The GDPR was introduced in all European member states in May 2018. As a result of this European law, consumers have more rights and control over the data they provide to organisations. In addition, organisations must demonstrate that they are in control, exactly which data they process and comply with other new obligations.

The European Data Protection Board has published guidelines with further explanations. The regulators have indicated that they also want to publish the following guidelines:

  • Certification (Articles 42 and 43)
  • The structure of the European Data Protection Board
  • Transparency
  • Transfer of data to countries outside the EU

Solidarity Monitor

Because more and more large databases and (AI) applications are becoming available, insurers can map out the high and low risks more and more accurately. As a result, in theory, the extremes can drift further and further apart. This may mean that certain groups of insured persons will no longer be accepted in the future or only at very high premiums. Since 2017, the Association has been conducting an annual Solidarity Monitor to map out this possible development. Insurers also emphasise that premiums can and may vary and that market forces are important and good.