I'm not looking to enter into an argument or anything but feel that this bit needs clarifying because it will apply to nearly everyone reading your post...
If there's a customer/client relationship based on contract (which insurance is) the provider will likely not rely on consent as the basis for processing the data. Much more likely that 'legitimate interest' will be the legal basis instead. The data subjects do have the right to request that data processing ceases but that could mean that the service can no longer be provided.
Thanks for your post ChrisKnottInsurance.
I don't want arguments either but GDPR has put a huge spanners in the works and CLARITY is paramount. I would like to think that what you elude to is fair and industry standard. However the industry (not just insurance) are well behind the legal compliance and understanding of GDPR. I'm still receiving GDPR related approval requests LONG AFTER GDPR became mandatory and several years after GDPR was approved and passed by the EU with a future implementation date.
No complicated legal cases have come to court yet but this would be an interesting example one where the
insurance company loses out.
Hubby takes policy requiring "active tracking/monitoring device". Adds wife as as a named driver. Wife has accident where the monitoring device proves she was at fault. Wife then contests the that the data was not obtained with HER consent and hubby never told her. She takes her case to the European Court Of Justice claiming that data gathered about her was not specifically approved by her prior. More importantly this data is being used against her.
Now you, me or others can not say what would legally happen in this case. Would have to be played out in court.
However had the insurance company fully complied with GDPR as soon as a named driver is added to a policy then they should have specifically sought that person's approval to use monitoring data. If they say yes then fine the additional named driver is contracted into the policy. If they say no then the insurance company has the right to exclude them as a named driver.
My point is this. I want to be 100% legal and anybody in my family 100% legally covered in all/any circumstances. For this we all need absolute clarity and compliance by all parties and sadly this is not happening.
This is why I'm very over sensitive to "if **** happens" (my fault or otherwise) am I covered. Are you covered?
You will find posts by me about ensuring your insurance company is 100% aware of *any* additions/modifications/go faster stripes that are applied to a production standard vehicle. And quite rightly so. And yes underwrites can use the excuse that you put go faster stripes on your vehicle and thus invalidate your insurance if you did not tell them. Petty? Possibly? Fair? Possibly? The real point is defined clarity and correct information from all parties. GDPR has added a new requirement and sadly to date compliance is low and in the case of the hubby/wife scenario above I think the wife would win her day in court. And if you think this is a little tough then you also have to think about the EUs position. They have created GDPR. They want to enforce GDPR so they WILL favour the wife's case and use this as "case law" and also to shake up the industry. Makes 100% sense to them.
Again and please .... I'm not picking/looking for a fight/etc. I would certainly be interest in what your underwriter's legal people think of the hubby/wife example I've given?