Wearables and data collection: Insurers should think twice before tracking private data from wearables

16 / 03 / 2017

Wearable technology is increasingly recognised as a means to deliver a wide range of benefits to businesses. Recently, insurance providers have recognised ways of using data generated from wearable technology to balance risk, by identifying safe driving behaviour, as well as dangerous practices such as using a mobile phone while at the wheel.

However, the information generated by wearable technology includes personal data, the use of which is rapidly becoming a heavily regulated activity, with severe penalties for non-compliant operators. Insurers that may be considering using personal data collected from wearable technology should recognise that the legal risk they may inadvertently assume potentially dwarfs any benefits.

What is wearable tech?

The term ‘wearable technology’ covers a broad range of devices from smart watches to fitness monitors, and virtual reality headsets. The defining characteristics are that wearable technology is typically worn (or is at least kept close to the user, whether he or she is at rest and on the move), collects information about the user or his or her environment, provides information to the user, and is connected to the internet.

The ubiquitous smartphone should not be overlooked as a form of wearable tech, given its capacity to collect information about its user’s geographical location and movements, their interactions with other individuals and devices, and the fact that it tends to be kept close to hand.

Potential use in the insurance sector

A significant development concerns telemetric insurance, which involves the collection of data about drivers’ location, trip duration, acceleration, braking and cornering speed, to ascertain the likelihood of an accident. To date, telemetric insurance has generally required the insured driver to fit a monitoring device to his or her car, in return for a discounted premium. The requirement for the driver to fit the device may have had a prohibitive effect, meaning that telemetric insurance, despite the potential discount, has not been widely adopted.

However, using a smartphone app to collect driving data instead of a fitted device could potentially allow insurers to be more insistent on having the ability to track drivers, given the prevalence of smartphones. This development could potentially allow insurance companies to turn the tables so that instead of driver tracking being the exception rather than the rule, it would become the norm. Not only would the technology monitor driving, but also whether the driver was using their phone or texting as they drove.

The legal landscape

European data law is under reform, with the General Data Protection Regulation (GDPR) set to take effect across Europe from 25th May 2018. Despite Brexit, the new law will apply in the UK, or at least something very much like it, according to the government and the UK data protection authority.

The GDPR aims to puts individuals very much in control of their data by imposing strict obligations upon businesses, including insurers. It is likely to stamp out widespread practices such as relying on small print in privacy policies and complicated, misleading consent mechanisms to use individuals’ personal information unfairly. Where companies fail to comply with its provisions, the GDPR includes fines of up to 4% worldwide annual turnover. As an example, UK telecoms giant TalkTalk was recently fined £400,000 for breaching data protection legislation, which under the GDPR could have been almost £72,000,000.

In addition, recent developments in the English courts mean that an individual now has a legal right to compensation from organisations that have used his or her personal information in ways that cause them pure distress, i.e. where there is no financial loss. In effect, this adds another potential enforcement vector: as well as data protection authorities taking action, individuals can issue court proceedings for distress caused by the use of their personal information.

Insurance companies will need to ensure any driver monitoring activities are compliant with the GDPR, or they risk heavy fines and potential legal action from distressed individuals. Insurers should be aware that the GDPR aims to protect individuals’ interests rather than those of businesses, and is likely to be more difficult to ‘work around’ than current law.


The argument for using wearable technology to detect dangerous driving habits is a persuasive one. A driver using a mobile phone is estimated to be four times more likely to have an accident. Penalising drivers who drive dangerously or use a mobile phone by forcing them to pay higher premiums, while rewarding better driving with lower premiums appears likely to make roads safer. Insurers may be motivated by the opportunity to avoid paying out where the driver is acting illegally, rather than acting out of the kindness of their hearts, but improving road safety can only be a good thing.

However, from a privacy perspective, driver monitoring is an intrusive practice and the law regulating the use of personal information is set to become a lot stricter. Insurance companies that are considering implementing driver monitoring schemes and organisations developing the enabling technology must take steps to ensure they comply with the GDPR or face serious consequences.

For further information please contact James Castro-Edwards at jcastro-edwards@wedlakebell.com

This article was first published in Techworld on 27 February 2017.