Insurance and Human Rights (AIDA Europe Research Series on Insurance Law and Regulation, 5) 3030827038, 9783030827038

Citation preview

AIDA Europe Research Series on Insurance Law and Regulation 5

Margarida Lima Rego Birgit Kuschke   Editors

Insurance and Human Rights

AIDA Europe Research Series on Insurance Law and Regulation Volume 5

Series Editor Pierpaolo Marano, Catholic University of the Sacred Heart, Milano, Italy Editorial Board Members Juan Bataller Grau, Polytechnic University of Valencia, Valencia, Spain Johnny Chang, National Chengchi University, Taipei, Taiwan Christos S Chrissanthis, University of Athens, Athens, Greece Herman Cousy, KU Leuven, Leuven, Belgium Simon Grima , University of Malta, Msida, Malta Ozlem Gurses, King’s College London, London, UK Helmut Heiss, University of Zurich, Zurich, Switzerland Johanna Hjalmarsson, University of Southampton, Southampton, UK Peter Kochenburger, University of Connecticut, Hartford, CT, USA Tadao Koezuka, Kagawa University, Takamatsu, Japan Jérôme Kullmann, Paris Dauphine University, Paris, France Birgit Kuschke, University of Pretoria, Pretoria, South Africa W. Jean J. Kwon, St. John’s University, New York, NY, USA Sara Landini, University of Florence, Florence, Italy Rafael Lara Gonzáles, Public University of Navarra, Pamplona, Spain Margarida Lima Rego , NOVA University Lisbon, Lisbon, Portugal JJ Lin, National Chengchi University, Taipei, Taiwan Can Luo, Southwest University of Political Scienc, Chongqing, China Katarzyna Malinowska, Kozminski University, Warsaw, Poland Leo P. Martinez, University of California - Hastings, San Francisco, CA, USA Patricia McCoy, Boston College, Newton, MA, USA Gary Meggit, University of Hong Kong, Hong Kong, Hong Kong Robert Merkin, University of Exeter, Exeter, UK Daleen Millard, University of Johannesburg, Johannesburg, South Africa Maria Luisa Munoz Paredes, University of Oviedo, Oviedo, Spain Satoshi Nakaide, Waseda University, Tokyo, Japan Jaana Norio, University of Helsinki, Helsinki, Finland Kyriaki Noussia , University of Exeter, Exeter, UK Laura Núñez, IE Business School, Madrid, Spain Stefan Perner, University of Linz, Linz, Austria Roberto Ríos Ossa, Pontifica Universidad Católica de Chile, Santiago, Chile Ioannis Rokas, Athens University of Economics and Business, Athens, Greece

Michele Siri, University of Genoa, Genoa, Italy Caroline Van Schoubroeck, KU Leuven, Leuven, Belgium Abel Veiga Copo, Universidad Pontifica Comillas, Madrid, Spain Wouter Verheyen, University of Antwerp, Antwerp, Belgium Manfred Wandt, Goethe University Frankfurt, Frankfurt am Main, Germany Hsin-Chun Wang, National Taiwan University, Taipei, Taiwan Ecehan Yeşilova Aras, Izmir Democracy University, Izmir, Turkey Ling Zhu, Hong Kong Polytechnic University, Hong Kong, Hong Kong The AIDA Europe Research Series on Insurance Law and Regulation is the first book series of its kind and area of specialization. It comprises volumes on topics researched and written with an international, comparative or European perspective. The regulatory response to the financial crisis in 2008 has pushed towards the adoption of transnational principles and rules also in the field of insurance by encouraging the convergence of national regulations to common regulatory framework. The need for a common legal language emerges to fully understand the process of transnational convergence in place and its impact on national legislation. On the other hand, persisting national peculiarities must be examined in the light of the transnational convergence of rules and concepts. Moreover, new risks, business practices and customers’ issues are emerging worldwide, so requiring increasingly global responses. The scope of the series is to bring together academics, practitioners and policy makers in order to exchange views and approaches to the topics concerned, which are based on the new transnational dimension of insurance law, business and regulation. All contributions are peer reviewed.

More information about this series at http://www.springer.com/series/16331

Margarida Lima Rego • Birgit Kuschke Editors

Insurance and Human Rights

Editors Margarida Lima Rego NOVA School of Law NOVA University Lisbon Lisbon, Portugal

Birgit Kuschke Faculty of Law University of Pretoria Pretoria, South Africa

ISSN 2662-1770 ISSN 2662-1789 (electronic) AIDA Europe Research Series on Insurance Law and Regulation ISBN 978-3-030-82703-8 ISBN 978-3-030-82704-5 (eBook) https://doi.org/10.1007/978-3-030-82704-5 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG. The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Preface

This volume of the AIDA Europe Research Series on Insurance Law and Regulation examines the impact of and the interplay between human rights and insurance. National, supranational and international legal instruments regulating the taking up of insurance and the pursuit of the business of insurance and reinsurance, (re)insurance distribution and the insurance contract often refer to or have an impact on human or fundamental rights. Courts are often faced with the sometimes seemingly impossible task of reconciling insurance core principles, practices and mindsets with the principles and values stemming from the protection of human rights. In some cases, such as that of discrimination in insurance, this discussion has been ongoing for decades. Some deal with hot topics that have more recently emerged considering developments stemming from rapid technologic innovations (‘InsurTech’). The first part of this truly global book focuses on insurance and the right to equal treatment, putting together three contributions from three different particularly trailblazing jurisdictions in the field. The first chapter aims to shed a more general light on the issue of discrimination bans in insurance, addressing discrimination based on factors such as gender, age or disability from the perspective of European law. The second chapter focuses on discrimination in the context of parametric insurance and on the delicate balance being attempted by the industry in the protection of dignity, equality and the right to privacy, as seen from the perspective of South African law. The third chapter addresses gender discrimination in insurance in Canada. The second part of the book, consisting of two chapters, highlights the highly relevant role played by insurance in the upholding of the human right to health. The fourth chapter of the book addresses reinsurance as a human right, putting forward the case for a core health right to state performance of the reinsurance function. Whilst it is written from the perspective of the law in the United States, it also touches upon the precursor roles to this idea found in such diverse parts of the world as Thailand, Uganda, China, the Philippines, and India. The fifth chapter in the book

v

vi

Preface

tackles the role of cooperatives and mutual health organizations in the extension of non-discriminatory universal health insurance in Africa. The third part of the book, consisting of two chapters, explores InsurTech’s manifold challenges upon the right to privacy, focusing on the legal systems within the European Union. Chapter ‘Big Data, Privacy, and Protection of the User of Autonomous Vehicles: Ethical Issues, Insurance Aspects, and Human Rights’ addresses the ethical and legal challenges resulting from new information and communication technologies and the collection and usage of massive amounts of data, particularly in the context of autonomous vehicles. Chapter ‘GDPR and the Processing of Health Data in Insurance Contracts: Opening a Can of Worms?’ is devoted to the delicate issue of the processing of personal data, especially health data, by insurers since the entry into force of the General Data Protection Regulation. The fourth and final part of the book analyzes the threat posed by insurance on the right to life. The contribution from Saudi Arabia juxtaposes this right with that in the United Kingdom. Written by legal scholars and practitioners, the book offers international, comparative, and regional or national perspectives, aiming to contribute to a more thorough and systematic understanding of the interactions between these two very different fields of law, namely insurance and human rights. It provides the industry as well as the scientific community with insights that could help attempt the seemingly difficult task of transposing this divide. Lisbon, Portugal Pretoria, South Africa April 2021

Margarida Lima Rego Birgit Kuschke

AIDA Europe

AIDA Europe was established in 2007 with the aim of promoting, either directly or through its members, the development of insurance and related laws. It attempts to achieve this, mainly through: • furtherance of the study and knowledge of international and national insurance law and of related matters; • proposition of measures aiming at the harmonization of insurance law or the means for resolution of insurance disputes; • facilitation of exchange of academic know-how between its members or any other European organization dealing with insurance-related matters, similar to those of AIDA Europe; • support of academic work in the field of insurance, e.g. through cooperation with universities or the sponsoring of academic research and papers. AIDA Europe organizes conferences mainly geared to the European-based jurisdictions, offering to all interested stakeholders a platform for an open- and solutionminded scientific- and practice-related dialogue on key developments in the area of insurance, reinsurance and related law also supporting its members in their respective endeavours. Conferences are open to all stakeholders and regularly attract representatives from the insurance sector, academia, private practice, regulatory authorities or law-making bodies. AIDA Europe also maintains a keen focus on supporting the development of young academic talents by sponsoring academic work and by inviting young academics to its conferences. AIDA Europe’s Scientific Committee, which supports

vii

viii

AIDA Europe

AIDA Europe through the scientific agenda setting, also manages AIDA Europe’s Calls for Papers. AIDA Europe is a non-profit organization, pursuing altruistic goals and has its seat in Zurich, Switzerland. Its events are open to all interested parties. For further information, please see https://aidainsurance.org/regional-groupings/aida-europe.

Contents

Part I

Insurance and the Right to Equal Treatment

Discrimination Bans and Insurance Law . . . . . . . . . . . . . . . . . . . . . . . . Margarida Lima Rego

3

Discrimination in the Context of Parametric Insurance . . . . . . . . . . . . . Birgit Kuschke

27

Insurance and Discrimination in Canadian Law . . . . . . . . . . . . . . . . . . . Barbara Billingsley

53

Part II

Insurance and the Right to Health

Health Reinsurance as a Human Right . . . . . . . . . . . . . . . . . . . . . . . . . . Christina S. Ho

85

The Role of Cooperatives and Mutual Health Organizations in the Extension of Nondiscriminatory Universal Health Insurance in Africa . . 113 Clément Labi and Willy Tadjudje Part III

Insurance and the Right to Privacy

Big Data, Privacy, and Protection of the User of Autonomous Vehicles: Ethical Issues, Insurance Aspects, and Human Rights . . . . . . . 131 Sara Landini and Kyriaki Noussia GDPR and the Processing of Health Data in Insurance Contracts: Opening a Can of Worms? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Jeffrey Amankwah and Nele Stroobants Part IV

Insurance and the Right to Life

Gambling on My Life and My Right to Live . . . . . . . . . . . . . . . . . . . . . . 231 Mahfuz ix

Part I

Insurance and the Right to Equal Treatment

Discrimination Bans and Insurance Law Margarida Lima Rego

Abstract Insurers rely on data and statistics to assess the risk they take on from their customers. Their evaluation of these risks provides a scientific basis for their pricing decisions. Whilst statistical discrimination as such has been clearly identified and widely studied and discussed in scientific writings in economics at least since the 1970s, for a long time these discourses scarcely penetrated the insurance business. Insurers characteristically rely on the findings of actuarial science to assess and put a price on each risk that they cover. Their decisions purport to be based on solid statistical data. Therefore, it was assumed that insurance would remain safely within legal boundaries. In this chapter, I address the conflict between two seemingly different egalitarian accounts of distributive justice that the use of some actuarial factors by insurers appears to summon. I distinguish between acceptable and unacceptable uses of sex as an actuarial factor, making the case for a moderate version of the unisex rule. I contrast the treatment of sex as an actuarial factor in Europe with the prospects of other common actuarial factors, such as age and disability. I also analyse the impact of big data on discrimination bans and address the growing difficulties of combating direct and especially indirect discrimination in a world where tech-based decisionmaking tools resort to virtually unchecked self-learning algorithms that explore a multitude of factual correlations previously undetectable by humankind.

1 Introduction Insurers rely on data and statistics to assess the risk they take on from their customers. Their evaluation of these risks provides a scientific basis for their pricing decisions.

M. L. Rego (*) NOVA School of Law, NOVA University, Lisbon, Portugal e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_1

3

4

M. L. Rego

Whilst statistical discrimination as such has been clearly identified and widely studied and discussed in scientific writings in economics at least since the 1970s,1 for a long time these discourses scarcely penetrated the insurance business. Here they have reigned, almost unchallenged, on the assumption that people could safely be treated differently so long as solid, statistical data could be relied on to substantiate that differentiation. Discrimination of the illicit kind was assumed to be that which was rooted in prejudice, which is by definition unsubstantiated. Even though the insurance business is not immune to prejudice, as none could be, the occasional unsubstantiated decision is uncharacteristic of insurance. Insurers characteristically rely on the findings of actuarial science to assess and put a price on each risk that they cover. Their decisions purport to be based on solid statistical data. Therefore, as per the assumption, insurance would remain safely within legal boundaries so long as their decisions to treat different persons differently remained supported by statistical evidence that the risk profiles of persons were indeed different. After all, according to the classic Aristotelean maxim, like things should be treated alike, and unalike things should be treated unalike in proportion to their unalikeness.2 In Europe, a rather abrupt wake-up call to this naïve understanding of discrimination bans came about in the form of the European Court of Justice’s (ECJ’s) ruling that as from 21 December 2012, insurers could no longer treat men and women differently on the basis of their sex or gender, thus prohibiting ‘gender-rating’ in insurance and related financial services throughout the European Union.3 The terseness of the reasoning in the Test-Achats judgment might raise the question of whether a similar fate awaits the use of age or every other suspect classification as actuarial factors by insurers. If this were to happen, personal insurance as we know it would cease to remain a viable business. In Sect. 2, I briefly explain the role of statistics and statistical differentiation in insurance. In Sect. 3, I describe the conflict between two seemingly different egalitarian accounts of distributive justice that the use of ‘suspect classifications’ like sex by insurers appears to summon. In Sect. 4, I discuss the legislative and judicial processes leading up to the Test-Achats ruling to elucidate how the absolutist version of the unisex rule came to be. In Sect. 5, I distinguish between acceptable and unacceptable uses of sex as an actuarial factor, making the case for a moderate version of the unisex rule. In Sect. 6, I contrast the treatment of sex as an actuarial factor in Europe with the prospects of other common actuarial factors, such as age

Phelps (1972), p. 661: “Discrimination is no less damaging for being statistical. And it is no less important for social policy to counter”. In addition to Phelps (1972), see also Becker (1957) and Arrow (1971). 2 Aristotle, Ethica Nicomachea, paras. 1131a–1131b. 3 Case C-236/09, Association belge des Consommateurs Test-Achats ASBL, Yann van Vugt, Charles Basseler v. Conseil des Ministres, 01.03.2011, ECLI:EU:C:2011:100 (‘Test-Achats’). The decision addressed Council Directive 2004/113/EC of 13 December 2004 implementing the principle of equal treatment between men and women in the access to and supply of goods and services, Official Journal of the European Communities, L 373, 21.12.2004, 37-43 (‘EU Gender Directive’). 1

Discrimination Bans and Insurance Law

5

and disability, also taking into consideration the European Commission’s existing proposal for a directive prohibiting discrimination on the basis of such factors. In Sect. 7, I analyse the impact of big data on discrimination bans and address the growing difficulties of combating direct and especially indirect discrimination in a world where tech-based decision-making tools resort to virtually unchecked selflearning algorithms that explore a multitude of factual correlations previously undetectable by humankind.

2 The Insurance Industry’s Reliance on Statistical Data In its broadest sense, a financial market is an organised place where supply and demand for financial assets meet, where such assets are traded and where prices for them are determined. An insurance market is a financial market. Insurance is a risk management tool aimed at reducing the negative financial impact of an uncertain future event by securing the financial means required to face it. Insurance is not intended to address or provide for immediate financial needs. For instance, an entrepreneur must explore other sources of funds to finance a new business. But once the necessary means have been secured and the business is up and running, a wise entrepreneur would also consider what could go wrong. This is where insurance comes into the picture since any human activity has identifiable risks. Some of these risks may be avoided by taking steps to eliminate their sources. The probability or severity of the potential loss may be mitigated by taking measures to reduce exposure to risk. Some risks might be retained if it is decided that the financial capacity to do so exists and the potential loss is budgeted for. Alternatively, the risk may be transferred to an insurer in exchange for a sum of money. Individuals who are risk-averse prefer to transfer their risk to an insurer, thereby choosing a smaller loss that is certain—the payment of the insurance premium— over one that is uncertain and potentially much larger. Insurers, on the other hand, have no reason to be risk-averse because with a large-enough pool of clients, they can take advantage of the law of large numbers and calculate their risks. This law of large numbers is at the root of the insurance business. It is a principle of probability theory according to which the larger the number of analogous exposure units independently exposed to loss, the closer the actual loss will be to the value of the expected loss.4 Although insurers are in the risk-taking business, they must ground their business on solid scientific premises in order to prosper. The branch of applied mathematics that applies probability theory to statistical data to assess risk in insurance is called actuarial science. Actuaries take uncertain adverse events with uncertain outcomes and convert them into statistical events with a certain value, such value being equal to that of the expected losses.5 Based on that value, actuaries are

4 5

See, for instance, Aitken et al. (2010), p. 102. Landes (2014), p. 1.

6

M. L. Rego

then able to put a price tag on each insurance cover. Even though insurers will not be able to predict which of their clients will suffer a loss, they should be capable of estimating their aggregate losses, with an acceptable margin of error, and budgeting accordingly. Actuaries draw on statistical analysis to measure each individual risk and price it. They draw on hard data to come up with different outcome probabilities for each potential customer. If insurers are to continue to do that, they must treat persons as numbers, so to speak. They must be classified into groups large enough to be subject to the law of large numbers. So, for instance, persons are classified as men or women because many conclusions can be drawn from that classification alone. Several empirical studies have demonstrated that statistically women have a higher life expectancy than men, that women are more frequent users of healthcare services than men, or that serious traffic accidents are more often caused by men than by women.6 Even if insurers were to charge all policyholders the same premium, regardless of the characteristics of each individual risk, on an individual level the policyholders seeking to cover better-than-average risks would subsidise those who present worsethan-average risks.7 Thus, insurance is necessarily discriminating: its modus operandi is to classify risk bearers into more or less homogeneous groups and price their insurance according to such classifications so that members of each group pay the premium that best matches their individual risk.

3 Insurers’ Reliance on ‘Suspect Classifications’ The two risk assessment or actuarial factors most widely applied in the field of personal insurance are age and biological sex. The main, if not the only, reason for the choice of age and sex is their availability, simplicity, and reliability as compared to other factors. Insurers are not interested in the individuals’ age and sex per se; their interest in these factors is purely instrumental. For example, if the exact lifespan

6

See Eurostat’s Databases on Life Expectancy at Birth by Sex, https://ec.europa.eu/eurostat/web/ products-datasets/product?code¼sdg_03_10 (accessed 30 April 2021). See also pp. 6ff. of the European Commission’s Explanatory Memorandum, COM(2003)657, of 05.11.2003, on the proposal of what would become the EU Gender Directive, available at https://eur-lex.europa.eu/legalcontent/en/TXT/?uri¼CELEX:52003PC0657 (accessed 30 April 2021), See also Civic Consulting (2010). 7 See Gaulding (1995), pp. 1651–1652; and, criticizing this view, Baker (2002–2003). The author argues that ‘much of the literature on insurance treats risk classification as an inevitable, essential response to the problem of adverse selection and ignores the role of risk classification in promoting adverse selection’ (p. 276).

Discrimination Bans and Insurance Law

7

of an individual were somehow knowable, there would be no need for insurers to rely on surrogate factors such as age or sex for the pricing of life insurance.8 Insurers have to rely on statistics because the information that they would really wish to obtain is either unavailable or only available at too high a cost for their activity to be lucrative. They, thus, identify certain factors to which some, even imperfect, correlation has been found with the factors that insurers really care about—for instance longevity. These factors are chosen, and not others, because past data are readily available since the information can be easily obtained by asking potential customers to tick a box or to fill in a number, and their answers are also easily verifiable. In sum, although insurers’ interest in these factors is purely instrumental, they have been widely resorted to because they are cost-effective; using them makes sense from a financial perspective.9 And yet both age and sex are amongst the ‘suspect classifications’, an expression coined by American jurisprudence to refer to those classifications that have been identified as being most likely to lead to discrimination because historically they have been major sources of discrimination. According to this doctrine, any attempt to differentiate on the basis of these suspect classifications should be scrutinised more closely than other types of differentiation, given the presumption of wrongness that hovers over them. Hence, whilst other types of differentiation might undergo a more lenient test that may be satisfied on the ground that said differentiation is a rational way of furthering a legitimate governmental purpose, when suspect classifications are employed, rationality is a necessary but not a sufficient condition for their use to be deemed non-discriminatory. Their use will be barred unless the so-called strict scrutiny test is satisfied: the differentiation must be justified by a compelling governmental interest, it must be narrowly tailored to satisfy that interest, and it must be the least restrictive means available for pursuing that interest.10 Constitutional laws often include lists of such suspect classifications. One such list may be found in Article 21(1) of the Charter of Fundamental Rights of the European Union (henceforth the ‘Charter’).11 Article 21(1) reads as follows: Any discrimination based on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation shall be prohibited.

Hellman (1998), distinguishes between proxy discrimination, which ‘uses the classification in the law as a means to reach a set of persons with a different, correlated trait’, and non-proxy discrimination, which ‘aims at the set defined by the classification itself’ (p. 315). In this sense, this use of statistics falls under the category of proxy discrimination, given that actuarial factors are used as surrogate factors for what insurers are ultimately aiming for. 9 See Maitzen (1991); and Civic Consulting (2010), at pp. 6, 9, 33-34, 43, 48, 53–54, 59, 72 and 77. 10 See, for instance, Winkler (2006), pp. 798–801. 11 Charter of fundamental rights of the European Union, Official Journal of the European Communities, C 364, 18.12.2000, 1-22. Following the entry into force of the Lisbon Treaty on 1 December 2009, the Charter has the same legal force as the treaties of the European Union. 8

8

M. L. Rego

Surely unsupported differentiation based on stereotyping or prejudice amounts to discrimination and should therefore be prohibited. But what about the so-called rational discrimination?12 What about the rational discrimination that takes the form of differentiation based on accurate statistical findings, which is the type of differentiation most commonly resorted to in the insurance business? The differentiations of an insurer are characteristically rational, not only in the sense that such differentiations are based on scientifically proven risk assessment methods applying probabilistic theory to statistical data but also in a strictly utilitarian sense, given that the criteria applied in reaching such differentiations are those that allow the insurer to reach its goal of correctly measuring and pricing the risks it takes at the lowest possible cost. The theme of discrimination in insurance seems to summon a head-on collision between two apparently very different egalitarian accounts of distributive justice: on the one hand, an ideal of justice fundamentally grounded on the notion of human dignity and on individual rights and liberties, an ideal that resonates with the Kantian categorical imperative that no human being should be treated simply as a means to an end but rather as an end in themselves and, on the other hand, the ideal of justice more commonly known in the insurance industry as actuarial fairness, where in order to treat like things alike and unalike things unalike in proportion to their unalikeness, that is to say, in order to have each person pay a premium that exactly matches his or her own individual risk, insurers must disregard what is unique about each person and focus on (a limited number of) characteristics that allow them to classify that person into a risk group.13

4 The EU Gender Directive and the Test-Achats Ruling In Test-Achats, the ECJ did not tackle the question of whether there is a sufficient substantive justification, or a good enough reason, for an outright ban on gender rating—that is to say, it did not comment on whether taking sex into account as a risk factor in the formulation of private insurance contracts would be incompatible, in every instance, with the fundamental rights of the European Union. Indeed, the premise that gender rating is always incompatible with the principle of non-discrimination has yet to be validated. Reference is made in the EU Gender Directive to the universal right to equality before the law and protection against discrimination for all persons14 and to the The expression ‘rational discrimination’ was coined by Strauss (1986). See also Katz (1990). The Supreme Court of Canada took note of this conflict between ‘the determination of insurance rates and benefits’ and ‘traditional human rights concepts’ in Zurich Insurance Co. v. Ontario (Human Rights Commission) [1992] 2 SCR 321, at pp. 322–323. See also Thiery and Van Schoubroeck (2006). 14 Council Directive 2004/113/EC of 13 December 2004 implementing the principle of equal treatment between men and women in the access to and supply of goods and services, Official 12 13

Discrimination Bans and Insurance Law

9

fundamental principle of equality between men and women, as set out in Articles 21 and 23 of the Charter. Several inferences are made from this general idea of equality between men and women, which would be required ‘to be ensured in all areas’.15 The prevention of sex discrimination would require men and women not to be treated differently when they are placed ‘in a comparable situation’. Differences in treatment that ‘result from the physical differences between men and women do not relate to comparable situations and therefore do not constitute discrimination’.16 Otherwise, ‘differences in treatment may be accepted only if they are justified by a legitimate aim’.17 These statements of principle all lead to the general prohibition that may be found in Article 5(1) of the EU Gender Directive, which bans the practice of ‘gender rating’ in insurance: the use of sex as an actuarial factor in the calculation of premiums and benefits for the purposes of insurance and related financial services.18 The EU Gender Directive aimed to achieve ‘a common high level of protection against discrimination in all the Member States’, a purpose that ‘cannot be sufficiently achieved by the Member States and can, therefore, by reason of the scale and effects of the action, be better achieved at Community level’.19 In insurance, the promotion of equal treatment between men and women would require that the use of sex as an actuarial factor should not ‘result in differences in individuals’ premiums and benefits’.20 Such is the explanation provided for the general prohibition contained in Article 5(1) of the EU Gender Directive. Yet the effectiveness of the unisex rule in the insurance business would be significantly impaired by the derogation contained in Article 5(2) of the EU Gender Journal of the European Communities, L 373, 21.12.2004, 37–43 (‘EU Gender Directive’). See Recital 2 of the EU Gender Directive. 15 Recital 4 of the EU Gender Directive. 16 Recital 12 of the EU Gender Directive. 17 Recital 16 of the EU Gender Directive. 18 This directive was a follow-up to the ‘EU Race Directive’: Council Directive 2000/43/EC of 29 June 2000 implementing the principle of equal treatment between persons irrespective of racial or ethnic origin, Official Journal of the European Communities, L 180, 19.07.2000, 22–26. See Recital 10 of the EU Gender Directive. However, there are no insurance-specific provisions in the EU Race Directive. In addition to these, there was the ‘EU Employment Equality Directive’: Council Directive 2000/78/EC of 27 November 2000 establishing a general framework for equal treatment in employment and occupation, Official Journal of the European Communities, L 303, 02.12.2000, 16-22. It laid down a general framework for combating discrimination on the grounds of religion or belief, disability, age or sexual orientation as regards employment and occupation. Although it does not mention insurance, it is a direct precedent to the European Commission’s Proposal for a Council Directive implementing the principle of equal treatment between persons irrespective of religion or belief, disability, age or sexual orientation, Brussels, 02.07.2008, COM(2008)426. Both stem from what is now Art. 19(1) of the Treaty on the Functioning of the European Union (’TFEU’), originally the Treaty establishing the European Economic Community (’TEEC’). Consolidated version: Official Journal of the European Union, C 326, 26.10.2012, 47-390. 19 Recital 28 of the EU Gender Directive. 20 Recital 18 of the EU Gender Directive.

10

M. L. Rego

Directive, which permitted the application of proportionate differences in individuals’ premiums and benefits ‘where the use of sex is a determining factor in the assessment of risk based on relevant and accurate actuarial and statistical data’.21 This derogation did not apply to costs related to pregnancy and maternity on the ground that the economic burden of human reproduction should not be allowed to rest on women’s shoulders alone.22 The implementation of measures aimed at complying with the unisex rule at the national level could at best be deferred by Member States for a period of up to 2 years as of 21 December 2007, the date the EU Gender Directive came into force. The derogation contained in Article 5(2) more generously provided that Member States that had chosen to rely on the derogation—and all Member States did make use of this opt-out provision—were to review their decision by 21 December 2012. The ECJ did not wait for such a decision to be made by Member States: on 1 March 2011, in what would be known as the Test-Achats ruling, the Court declared that this derogation would cease to be effective on 21 December 2012.23 In order to assist Member States with the implementation of the Test-Achats ruling at the national level, the European Commission issued a Communication on 22 December 2011. In this Communication, the European Commission recognised that this ruling would have implications in all Member States, given that all Member States still allowed gender differentiation for at least one type of insurance: life insurance.24 So there would remain no doubt as to the bearing of the Test-Achats ruling, the European Commission issued the following guideline to all Members States: As from 21 December 2012, the unisex rule contained in Article 5(1) must be applied without any possible exception in relation to the calculation of individuals’ premiums and benefits in new contracts.25

In an earlier paper, I have put forward the view that the Test-Achats ruling, whilst constituting a most welcome landmark in the pursuit of equality between men and women, had nonetheless gone too far by saying too little on the question of what

21

In Recital 19, the English version of the EU Gender Directive qualifies the rule of Article 5(2) as an ‘exemption’ to that of Article 5(1), whereas the French version uses the term ‘derogation’ instead. Similar differences may be observed amongst the other official languages of this directive, the Italian and Portuguese versions using the equivalent to the French ‘derogation’, the German, Dutch and Spanish versions referring to an ‘exception’ to the rule. I am unfamiliar with the remaining official languages. In Test-Achats, the ECJ mostly uses the term ‘derogation’, possibly because French is both the Court’s official working language and the language of the case, which originated in Belgium. 22 Article 5(2) and Recital 20 of the EU Gender Directive. 23 European Commission’s Communication of 22 December 2011: guidelines on the application of Council Directive 2004/113/EC to insurance in light of the Test-Achats ruling, Brussels, 22.12.2011, C(2011)9497, Available at https://eur-lex.europa.eu/legal-content/EN/TXT/? uri¼uriserv:OJ.C_.2012.011.01.0001.01.ENG (accessed 30 April 2021), at Para 3. 24 European Commission’s Communication, 2011, Para 3. 25 European Commission’s Communication, 2011, Para 5 (emphasis added).

Discrimination Bans and Insurance Law

11

separates admissible criteria of differentiation from inadmissible forms of discrimination.26 This landmark decision marked a sharp turn away from the traditional view that insurers should be allowed to apply just about any risk assessment criterion so long as it is sustained by the findings of actuarial science. It was not the first time that a judicial decision had exposed the naïveté behind the assumption that insurers’ recourse to statistical data and probabilistic analysis, given their scientific nature, would suffice to keep them out of harm’s way.27 However, the shockwaves it sent across Europe and the rest of the world were unprecedented, possibly because it was the first time such a universal ban on the use of sex as an actuarial factor had been issued.28 As stated in a recent international report, ‘[m]ost countries in the world have responded to the judgment in some way or another, and whether in the EU or not, the number of publications generated on the judgment has appeared to sensitise insurers universally of discrimination issues in insurance practices’.29 Nonetheless, in setting out the reasoning behind this decision, the ECJ never found it necessary to answer the main question of substance, which permeated the dispute—a question that had been thus phrased by Advocate General Julie Kokott: Is it compatible with the fundamental rights of the European Union to take the sex of the insured person into account as a risk factor in the formulation of private insurance contracts? That is, in essence, the question which the Court has to examine in the present reference for a preliminary ruling.30

At the onset of a very succinct judgment,31 the Court acknowledged that in the progressive achievement of equality between men and women, ‘it is the EU legislature which (. . .) determines when it will take action, having regard to the development of economic and social conditions within the European Union’. It added that ‘when such action is decided upon, it must contribute, in a coherent manner, to the achievement of the intended objective, without prejudice to the possibility of 26

Rego (2015a, b). Amongst earlier decisions touching upon the subject of discrimination in insurance I would single out the judgment of the Supreme Court of Canada in Zurich Insurance Co. v. Ontario (Human Rights Commission) [1992] 2 SCR 321 as worthy of special notice in spite of its lack of direct impact on the promotion of equality, since in that case the Court dismissed an appeal sustained on the argument that differentiation in automobile insurance rates based upon age, sex, and marital status was neither reasonable nor bona fide within the meaning of s. 21 of the Human Rights Code, 1981. See Lemmens and Thiery (2007). 28 Sass and Seifried (2014), pp. 228–229. 29 B. Kuschke, “International report on discrimination in insurance” for the AIDA XIVth World Congress of the International Association for Insurance Law, presented in Rome on 2 October 2014, pp. 1–56, at p. 31. 30 Opening Statement of the Opinion of Advocate General Kokott in Case C-236/09, Association belge des Consommateurs Test-Achats ASBL, Yann van Vugt, Charles Basseler v. Conseil des Ministres, 01.03.2011, ECLI:EU:C:2011:100 (‘Test-Achats’), delivered on 30.09.2010, ECLI:EU: C:2010:564. 31 The terseness of the reasoning in the judgment was criticised by Koldinská (2001), pp. 1632–1637. 27

12

M. L. Rego

providing for transitional periods or derogations of limited scope’.32 In these lines, there is an allusion to the true essence of the problem, which would lead to the decision in Test-Achats: that of a fundamental incoherence between Article 5(1) and Article 5(2) of the EU Gender Directive.33 The ECJ recognised that when this Directive was adopted, the use of sex as an actuarial factor was ‘widespread in the provision of insurance services’ and as such might call for a gradual application of the unisex rule; its full application being preceded by ‘appropriate transitional periods’.34 The Court then evoked the often-quoted maxim that ‘the principle of equal treatment requires that comparable situations must not be treated differently, and different situations must not be treated in the same way, unless such treatment is objectively justified’.35 Rather than make its own assessment of whether or not the distinction under analysis referred to comparable situations, the Court chose to rely on the legislature’s prior assessment, as set forth in the EU Gender Directive. Recital 18 expressly states that ‘in order to guarantee equal treatment between men and women, the use of sex as an actuarial factor must not result in differences in premiums and benefits for insured individuals’, which meant that this Directive was ‘based on the premis[e] that, for the purposes of applying the principle of equal treatment for men and women, enshrined in Articles 21 and 23 of the Charter, the respective situations of men and women with regard to insurance premiums and benefits contracted by them are comparable’,36 and that was that. The ECJ found that this premise did not sit well with a rule such as that contained in Article 5(2) of the EU Gender Directive. Based on the legislature’s premise and qualification, the Court concluded that it was incompatible with Articles 21 and 23 of the Charter because it allowed a self-proclaimed ‘derogation’ from the rule of equal treatment of men and women to persist indefinitely rather than lead to its gradual introduction and application.37 The ECJ did not answer the question of whether or not taking sex into account as a risk factor in the formulation of private insurance contracts was compatible with the fundamental rights of persons in the European Union. The Court merely criticised the legislature’s poor drafting technique, leaving room for speculation that the Court’s ruling might have been different if, rather than setting up a unisex

32

Test-Achats, Para 20 and 21, emphasis added. Nanopoulos (2011). The author highlights that the ECJ merely pointed to a deficiency in Art. 5 (2) of the EU Gender Directive, which, through its indefiniteness, frustrated the Directive’s objective of combating discrimination under Article 19 TFEU and breached Arts. 21 and 23 of the Charter. 34 Test-Achats, Para 22 and 23. 35 Test-Achats, Para 28. Reference was made in this instance to Case C-127/07, Société Arcelor Atlantique et Lorraine and Others v. Premier ministre, Ministre de l’Écologie et du Développement Durable, Ministre de l’Économie, des Finances et de l’Industrie, 16.12.2008, [2008] ECR I-9895 (‘Arcelor Atlantique et Lorraine’), ECLI:EU:C:2008:728, at Para 23. 36 Test-Achats, Para 30. 37 Test-Achats, Para 30 to 32. 33

Discrimination Bans and Insurance Law

13

rule and a derogation to that rule, the drafters of Article 5 had built the case of gender rating upon the ground of an alleged lack of comparability of situations—a door that had been left open by Recital 12 of the EU Gender Directive. This incoherence between Article 5(1) and Article 5(2) and between Recitals 18 and 19 of the EU Gender Directive did not come about by chance. In its Explanatory Memorandum to the proposal of what would become the EU Gender Directive, the European Commission very clearly stated its view that ‘differences of treatment based on actuarial factors directly related to sex are not compatible with the principle of equal treatment and should be abolished’.38 The European Commission’s proposal coherently set forth the unisex rule that made its way to Article 5 (1) and the justification contained in Recital 18.39 A maximum transitional period of 6 years was then contemplated, with Member States being allowed to ‘defer implementation of the measures necessary to comply with paragraph 1’ until such period had elapsed ‘at the latest’.40 As it happened, this proposal did not get the unanimous approval of Member States. Article 5(2) and Recital 19 of the EU Gender Directive were a product of the difficult negotiations that ensued. The wording, devised to express the solution of compromise, would eventually enable the unanimous adoption of this Directive. Ironically, the ECJ’s ruling in Test-Achats occasioned a return to the origin, given that the prospective invalidation of Article 5(2) converted the existing derogation into something akin to the deferred implementation mechanism originally devised by the European Commission.41 No argument is made in this chapter against the decision in Test-Achats nor against the Court’s reasoning in Test-Achats. Its logic is impeccable. Nonetheless, it is unfortunate that we have reached an outcome where the unisex rule ‘must be applied without any possible exception in relation to the calculation of individuals’ premiums and benefits in new contracts’,42 and yet (i) the rule has never been sanctioned by the unanimous approval of Member States; (ii) neither was the premise upon which it rests, that taking sex into account as a risk factor in the formulation of private insurance contracts is always incompatible with the

38 European Commission’s Proposal for a Council Directive implementing the principle of equal treatment between women and men in the access to and supply of goods and services, Brussels, 05.11.2003, COM(2003)657, available at https://eur-lex.europa.eu/legal-content/en/TXT/? uri¼CELEX:52003PC0657 (accessed 30 April 2021), at p. 8. The European Commission also expressed the view that this conclusion was ‘in line with the ruling of the European Court of Justice in Coloroll, to the effect that different contributions for men and women to an occupational pension scheme are discriminatory’ (also at p. 8). See Case C-200/91, Coloroll Pension Trustees Ltd v. James Richard Russell, Daniel Mangham, Gerald Robert Parker, Robert Sharp, Joan Fuller, Judith Ann Broughton and Coloroll Group plc, 28.09.1994, [1994] ECR I-4389, ECLI:EU: C:1994:348. 39 Proposal, op. cit. Art. 4/1, Recital 13. 40 Id., Art. 4/2. 41 Reich (2013), pp. 268–269. 42 European Commission’s Communication Para 5.

14

M. L. Rego

fundamental rights of persons in the European Union, subject to full scrutiny by the ECJ.43

5 What Is Wrong with Statistical Discrimination? The absolutist version of the unisex rule does not appear to be founded on solid substantive grounds. The premise that gender rating is always incompatible with the principle of non-discrimination has yet to be validated. In fact, as we have seen above, a number of references in the EU Gender Directive point towards a more moderate version of the unisex rule as different treatment is only prohibited when men and women are placed ‘in a comparable situation’. Differences in treatment that ‘result from the physical differences between men and women do not relate to comparable situations and therefore do not constitute discrimination’.44 But why must a causal relation be established, and why must it relate to physical differences between men and women? More generally, why is it that, at least when it comes to differentiation based on suspect classifications, even rational discrimination may be struck down as wrong? Statistical analysis is aimed at identifying statistical correlations between different facts. Whilst there is an obvious positive correlation between a cause and its effect, correlation does not imply causation. It follows that what these provisions entail is the conclusion that the analytical tools that are commonly used by actuaries in risk assessment must be complemented by other tools if different treatment between men and women is to be justified and accepted: tools aimed at explaining the statistical findings, establishing causal relations that trace such findings back to physical or biological differences between men and women. Why is that so? The vast body of writings on statistical discrimination referred to at the beginning of this chapter45 provide ample evidence that statistical analysis, by using past data to predict the future, can be used as an instrument to perpetuate past injustices in a way that is incompatible with the promotion of equality.46 Indeed, the claim has been made that discriminatory practices within the insurance industry can be found ‘at all levels of statistical calculation’47 and that ‘[d]espite their conceit to

43 But see below text over nn. 55 and following, on Case C-318/13, Proceedings brought by X, 14.09.2014, ECLI:EU:C:2014:2133. 44 Recital 12 of the EU Gender Directive. 45 Phelps (1972), Becker (1957), and Arrow (1971). 46 See Katz (1990), p. 458: ‘Although rational discrimination is based on neutral market principles such as profitability and efficiency, its effects are far from neutral. In the insurance market, rational discrimination plays a part in perpetuating—even exacerbating—the economic disparities between the races. This seemingly “faultless” conduct not only is rooted in the harm of past intentional discrimination, it is a harm in its own right.’ 47 Leurs and Shepherd (2017), p. 219.

Discrimination Bans and Insurance Law

15

objectivity, data-based calculations reinforce inequalities specific to historical conjuncture’.48 The use of statistical findings, no matter how accurate, should be deemed intolerable whenever these findings are based on a suspect classification if the statistical regularities that are found could be traced back to some form of past discrimination because allowing such findings to base risk-rating decisions will reinforce the past discrimination, perpetuating it into the present. It is easy to find more than a few preposterous examples of this phenomenon. In the 1990s, for instance, there was a public outcry in the US over the news that a significant number of the country’s largest insurers denied health, life, and disability coverage to the victims of domestic violence.49 No one at that time denied that the decision was based on accurate statistical findings. Unfortunately, it is not hard to believe that such victims are statistically at a much greater risk of suffering other forms of violence than the average person. And yet the unfairness of allowing such women to be denied health, life, and disability coverage solely on the ground of their membership in a cohort of battered women is so obvious as to require no further elaboration. Discrimination based on ‘any ground’ is prohibited regardless of the grounds. However, whether or not the grounds for discrimination are on the list set forth in Article 21(1) of the Charter makes a difference. Those that are on the list are the grounds that have been identified as being most likely to lead to discrimination because historically they have been major sources of discrimination. Any differentiation based on a listed ground is presumed wrong, but this presumption is not an absolute one: differentiations would be allowed when the situations in question are found not to be comparable or when an objective justification is provided for such differentiation.50 In an earlier paper, I have put forward the proposition that a twofold test, aimed at narrowing the rules allowing insurers to differentiate on the basis of a ‘suspect classification’, should be applied to separate admissible criteria of differentiation from inadmissible forms of discrimination.51 This test consisted of the following two questions: (1) Is there evidence that the statistical findings related to the criterion under consideration have an explanation that is unrelated to some form of past discrimination? This question should be answered affirmatively in order for the differentiation criterion to pass this first part of the test since statistical analysis, by using past data to predict the future, can be used as an instrument to perpetuate past 48

Id., at p. 220. See Hellman (1997). Other examples, mostly related to racial discrimination, are provided by Katz (1990). 50 Thiery and Van Schoubroeck (2006), p. 199. The authors argue that ‘the legal possibility of justification of unequal treatment could function as the key to reconciling these different views on fairness in insurance classification and to bridge the insurance “group” tradition and the “individualistic” human rights tradition’. 51 Rego (2015a). The remainder of this paragraph contains a summary of the views I have put forward in that paper. 49

16

M. L. Rego

injustices in a way that is incompatible with the promotion of equality. (2) Comparing the actuarial factor under scrutiny with every other possible factor, is there evidence to support the conclusion that there is no other known factor that would have been (i) more suitable as a predictor of the relevant outcome or (ii) equally or even slightly less suitable for that purpose from an actuarial perspective but less burdensome from a human rights perspective? This question in the second part of the test should also be answered affirmatively in order for the differentiation to pass this part of the test, for the use of a suspect classification as a convenient surrogate criterion for other, more determining features would also fall short on promoting equality. Although it is not the place of legal researchers to separate those statistical findings that can be traced back to discrimination from those that cannot, I suspect that most would fail this test. I shall, therefore, focus on the one area where I believe sex might stand a chance of passing both legs of the test: life insurance. Everywhere in the world and across time, women seem to outlive men. There is much debate on the reasons behind this time difference, from both a sociological and a biological perspective.52 To the extent that social factors are found to explain the gap, these results might well be traced back to discrimination, as was the case with the undisputed statistical finding that, on average, white Americans live longer than black Americans, which formed the basis of race-based price differentiation by American insurers until the practice was eventually abolished in the 1960s.53 However, though it might appear that this race gap is explained by differences in opportunities, black women still outlive white men in the United States. Inasmuch as biological factors are found to lie behind the sex gap in life expectancy, sex as a risk factor does have a chance of someday passing the first leg of the test. Whilst mere correlation would not suffice, if a causal relationship were to be found between sex and life expectancy, then different treatment does have a chance of passing the admissibility test because to the extent that the reason behind the statistical finding lies in biology, it would not be due to some past form of discrimination. Of course, in order for this differentiation to pass that first leg of the test, it will not be enough to establish that the sex gap is partially caused by biological factors, but a time may come when these factors might be the only ones left influencing sex differences in longevity, in which case different treatment would be acceptable. The use of sex as a risk factor will not pass the second leg of the test if it is used as a surrogate for other, more determining features or if it is paid a disproportionate amount of attention when compared to all other potentially relevant features, as can be reckoned from another judgment of the ECJ on discrimination on the basis of a person’s sex, this time in the context of Council Directive 79/7/EEC of 19 December 1978 on the progressive implementation of the principle of equal treatment for men and women in matters of social security (the ‘EU Social Security Directive’). In a 52 53

Seifarth et al. (2012). Gaulding (1995), pp. 1659–1660; and Olshansky et al. (2012).

Discrimination Bans and Insurance Law

17

2014 judgment, the ECJ held that Article 4(1) of the EU Social Security Directive ‘must be interpreted as precluding national legislation on the basis of which the different life expectancies of men and women are applied as an actuarial factor for the calculation of a statutory social benefit payable due to an accident at work, when, by applying this factor, the lump-sum compensation paid to a man is less than that which would be paid to a woman of the same age and in a similar situation’.54 The Finnish government had argued that men and women are not in a comparable situation in this context because their life expectancies are different: ‘the method of calculating the compensation paid as a single payment for the compensation for long-term harm, laid down in national legislation, is intended to set the amount thereof at a level equivalent to the overall amount of that compensation were it to be paid as a life-long pension (. . .)’.55 The government’s case was that different treatment would be ‘necessary to avoid placing women at a disadvantage compared to men. Since women have a statistically longer life expectancy than men, the lumpsum compensation to remedy the harm suffered for the remainder of the injured person’s life must be higher for women than for men.’56 The ECJ concluded that ‘the calculation of that compensation cannot be made on the basis of a generalisation as regards the average life expectancy of men and women’ as ‘[s]uch a generalisation is likely to lead to discriminatory treatment of male insured persons as compared to female insured persons. Among other things, when account is taken of general statistical data, according to sex, there is a lack of certainty that a female insured person always has a greater life expectancy than a male insured person of the same age placed in a comparable situation.’57 In other words, even if sex is a relevant factor, a multitude of other factors would be relevant to the assessment of any given individual’s life expectancy. Placing a disproportionately heavy reliance or weightage on sex as an actuarial factor, mainly on account of its availability, simplicity, and reliability as compared to other factors, still leads to a disproportionate and thus unjustified differentiation between men and women. The European Commission had found that even in life insurance, insurers’ use of sex was based on ease of use rather than real value as a guide to life expectancy;58 other factors, such as marital status, socio-economic background, employment, regional area, smoking, and nutrition habits, were shown to be more relevant. Even if current actual usage of sex as an actuarial factor had been found lacking in every single instance, I submit that this is not a sufficient reason to stop testing. The presumption of wrongness that goes along with differentiations based on a suspect classification is just that—a presumption. If in the case of sex as an actuarial factor this presumption currently proves very difficult, perhaps impossible, to rebut, this is

54

Case C-318/13, Proceedings brought by X, 14.09.2014, ECLI:EU:C:2014:2133. Proceedings brought by X, Para 29. 56 Proceedings brought by X, Para 30. 57 Proceedings brought by X, Para 37 and 38. 58 Proposal, op. cit. at p. 8. See also the Opinion of Advocate General Kokott, maxime Para 67. 55

18

M. L. Rego

not the same as establishing that in abstract all gender rating would necessarily entail a violation of the right to non-discrimination. And yet every use of sex as a risk factor is currently off-limits in the European Union, without any possible exclusion, as a practical result of the judgment in Test-Achats. What if sex is used in addition to, rather than instead of, all the other more determining features? At this point, I should like to refer to the use of statistical findings in the field of evidence-based medicine. Since the 1950s, there has been a slow but steady paradigm shift in the healthcare decision-making process towards a practice of ‘integrating individual clinical expertise with the best available external clinical evidence from systematic research’.59 Since then, various studies have been undertaken comparing traditional clinical and model-based statistical diagnosis methods to the overwhelming conclusion that these mechanical diagnosticians systematically outperform their human counterparts, proving to be on average 10% more accurate in diagnosing individual patients’ medical conditions.60 It is one thing to identify a pre-existing disease on the basis of the symptoms that the patient is already experiencing and quite a different thing to estimate a person’s time of death. Nonetheless, in both scenarios, statistical findings are used to make a more informed decision about something for which not enough information is available. It would be safe to assume that in all these studies, the patient’s sex would be one amongst many pieces of information fed into the model so as to obtain a diagnosis. It is hard to point the accusing finger at this practice in the face of the ample evidence that shows that recourse to statistical data actually improves our perception of the individual.

6 Other Factors: Where Should We Draw the Line? In 2008, the European Commission adopted a proposal for a Council Directive on implementing the principle of equal treatment between persons irrespective of religion or belief, disability, age or sexual orientation (henceforth the ‘Proposal’) as a follow-up to the EU Race and Gender Directives.61 In 2009, the European Parliament issued its own proposal amending the Proposal.

59

Sackett (1997). Grove et al. (2000). 61 See the European Commission’s Proposal for a Council Directive implementing the principle of equal treatment between persons irrespective of religion or belief, disability, age or sexual orientation, Brussels, 02.07.2008, COM(2008)426. Original version available at: https://eur-lex.europa. eu/legal-content/EN/TXT/?uri¼celex%3A52008PC0426 (accessed 30 April 2021). Available as amended by the European Parliament legislative resolution of 02.04.2009, P6_TA(2009)0211, at http://www.europarl.europa.eu/sides/getDoc.do?pubRef¼-//EP//TEXT+TA+P6-TA-20090211+0+DOC+XML+V0//EN (accessed 30 April 2021). Consolidated text of the Directive reflecting the current state of play (ST 10740 2019 INIT) available at https://eur-lex.europa.eu/ legal-content/EN/TXT/?uri¼consil%3AST_10740_2019_INIT (accessed 30 April 2021). 60

Discrimination Bans and Insurance Law

19

Although more than 10 years have gone by since this proposal was first adopted by the Commission, its implementation is still being debated today. The European Parliament and Member States generally supported the Proposal, but some Member States have expressed concern that not enough had been done to assess the potential costs of its implementation. A study was therefore commissioned by the European Parliament to assess the potential impact of implementing the principle of equal treatment between persons irrespective of religion or belief, disability, age, or sexual orientation. The study was completed in 2014 and published in 2016.62 In February and March 2018, the European Parliament regretted the slow progress and called on the Commission and the Council to relaunch and conclude the negotiations before the end of the legislative term.63 In its 2018 report, the European Agency for Fundamental Rights recommended that efforts should continue for the adoption of the Proposal ‘to ensure that the EU offers comprehensive protection against discrimination in key areas of life, irrespective of a person’s sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation’.64 In 2019, the Agency underlined the lack of consensus amongst Member States and concluded that ‘more discussions at political level will be needed to attain the unanimity required to adopt the directive’.65 In 2021, the Agency claims that ‘despite calls by the European Parliament and the efforts of the European Commission, the Commission’s 2008 proposal for a Council Directive on implementing the principle of equal treatment between persons irrespective of religion or belief, disability, age or sexual orientation—the Equal Treatment Directive—remains blocked in the Council, where it needs to be adopted unanimously. Although 14 Member States fully endorse the proposal, an unspecified number of Member States remain opposed to it’.66

62 See Milieu Ltd (2014). The study focused on possible costs for small and medium-sized enterprises (SMEs) and public service providers. 63 See the European Parliament resolution of 7 February 2018 on protection and non-discrimination with regard to minorities in the EU Member States (2017/2937(RSP)), available at http://www. europarl.europa.eu/sides/getDoc.do?type¼TA&language¼EN&reference¼P8-TA-2018-0032 (accessed 30 April 2021); and the European Parliament resolution of 1 March 2018 on the situation of fundamental rights in the EU in 2016 (2017/2125(INI)), available at http://www.europarl.europa. eu/sides/getDoc.do?type¼TA&language¼EN&reference¼P8-TA-2018-0056 (accessed 30 April 2021). 64 The European Agency for Fundamental Rights’ Fundamental Rights Report 2018 is available at https://fra.europa.eu/en/publications-and-resources/publications/annual-reports/fundamentalrights-2018 (accessed 30 April 2021). 65 The European Agency for Fundamental Rights’ Fundamental Rights Report 2019 is available at https://fra.europa.eu/en/publications-and-resources/publications/annual-reports/fundamentalrights-2019 (accessed 30 April 2021). 66 The European Agency for Fundamental Rights’ “Equality in the EU 20 Years On From the Initial Implementation of the Equality Directives” is available at https://fra.europa.eu/sites/default/files/ fra_uploads/fra-2021-opinion-equality-directives-01-2021_en.pdf (accessed 30 April 2021). See also the consolidated text of the Directive reflecting the current state of play (ST 10740 2019 INIT), available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri¼consil%3AST_10740_ 2019_INIT (accessed 30 April 2021).

20

M. L. Rego

An analysis of the insurance-related provisions in the Proposal would lead to the conclusion that there should be no cause for concern with a possible rerun of the ECJ’s argument in Test-Achats with regard to age and disability as there is good cause to believe that insurers will be able to provide evidence in support of the conclusion that in the field of personal insurance, age should continue to be used as a risk factor, although some of the current practices involving both age and disability as risk factors might not pass the test of compatibility with the fundamental rights of the European Union. The insurance-related provisions of the amended Proposal bear little resemblance to those of the EU Gender Directive. In the original Proposal, the European Commission had recognised that ‘age and disability can be an essential element of the assessment of risk for certain products, and therefore of price’67 and that ‘the use of age or disability by insurers and banks to assess the risk profile of customers does not necessarily represent discrimination: it depends on the product’.68 The European Commission also announced that it would ‘initiate a dialogue with the insurance and banking industry together with other relevant stakeholders to achieve a better common understanding of the areas where age or disability are relevant factors for the design and pricing of the products offered in these sectors’.69 In the amended Proposal, as it stands, no ‘derogation’ is proposed to the non-discrimination principle, the proposed wording making it reasonably clear that some differentiations based on age and/or disability would be permitted, not by releasing financial service providers from the principle of non-discrimination but because in such cases, different treatment ‘should not be regarded as constituting discrimination’.70 Therefore, if the proposed wording remains the same, there should be no cause for concern about a possible rerun of the ECJ’s argument in Test-Achats, there being no inherent contradiction in the insurance-related provisions of the amended Proposal. Every suspect classification bears its own history. Whereas in the US the greatest effort has been placed in combating racial discrimination,71 in Europe more emphasis has been placed on ensuring equal treatment between persons of different nationalities and different sex. Article 119 of the Treaty Establishing the European Economic Community (1958) already laid down the ‘principle of equal remuneration for equal work as between men and women workers’. Since then, equal

Proposal, op. cit. p. 8. There is no definition of ‘disability’ in the Proposal, but the term could be broadly defined so as to include all ‘those who have long-term physical, mental, intellectual or sensory impairments which in interaction with various barriers may hinder their full and effective participation in society on an equal basis with others’. Art. 1(2) of the United Nations Convention on the Rights of Persons with Disabilities adopted on 13 December 2006 during the sixty-first session of the UN General Assembly by resolution A/RES/61/106. Available at: http://www.un.org/ esa/socdev/enable/rights/convtexte.htm (accessed 30 April 2021). 68 Id., p. 5. 69 Id., p. 5. 70 Recital 15 of the amended Proposal. See also Art. 2(7) of the amended Proposal. 71 See Adarand Constructors, Inc. v. Peña 515 U.S. 200 (1995). 67

Discrimination Bans and Insurance Law

21

treatment of men and women gradually ‘took its place at the forefront of EU social policy’.72 Sex is foremost amongst the suspect classifications listed in Article 21 of the Charter. Risk factors such as age or disability have thus far not been subject to as intense a scrutiny in the European legal arena.73 Although they have also been singled out in Chapter III of the Charter, when it comes to the promotion of equality, the strongest language is to be found in Article 23.74 The European Commission seems more willing to accept insurers’ use of age or disability as risk factors, having expressed the view that at least ‘under certain conditions’, such use would ‘continue to be allowed’ under the Proposal as ‘it would not be considered discriminatory’.75 The European Commission maintains the view that when it comes to assessing life expectancy, persons of a different age are not in a comparable situation; thus, in life insurance, the use of age as a rating variable is not discriminatory.76 Although my background in law does not place me in the best position to conclude whether and to what extent age is a determining factor in risk assessment, I believe that it would be safe to assume that when it comes to life insurance, and more broadly in the field of personal insurance, insurers should be able to demonstrate that a person’s age is an indispensable element in the evaluation of that person’s risk.77 However, if any lesson should be learnt at all from Test-Achats, it is that insurers should be wary of making use of suspect classifications in circumstances where no such evidence is readily available or widely accepted by the scientific community. Age is used by insurers as a risk factor in a multitude of insurance classes, oftentimes

72 Ellis and Watson (2012), p. 24. Marano (2012) argues that race, ethnicity, and sex, differently from age and disability, would no longer be ‘socially accepted criteria for distinguishing within the European Union’. 73 See, however, the section on “EU’s increasing focus on rights of older people” in the European Agency for Fundamental Rights’ Fundamental Rights Report 2018, pp. 17–19. 74 Sex discrimination is the subject of Article 23, age is the relevant factor in Articles 24 (young age) and 25 (old age) and disability in Article 26. At least with regard to age, there is ample consensus that ‘a wider range of justifications for different treatment on grounds of age may be available than in relation to grounds such as sex or race’ Schiek (2011), p. 778. The author argues that the ECJ adopts a looser or more lenient standard of judicial review in age-related differentiations than in cases dealing with sex or racial discrimination (where a strict standard of scrutiny was found to be more appropriate). 75 European Commission’s Communication, Para 20. 76 European Commission’s Communication, n. 17. 77 See Civic Consulting (2010), pp. 54–55. According to this study, it is in life insurance that a person’s age ‘most obviously operates as a key risk factor’, life insurers having access to ‘data which is likely to be fuller and more convincing than in any other line of insurance’ (p. 54). This conclusion would be consistent with the finding by B. Kuschke, “International report on discrimination in insurance” for the AIDA XIVth World Congress of the International Association for Insurance Law, presented in Rome on 2 October 2014, pp. 1–56, that ‘[s]tatistical discrimination is often used and tolerated, for example, when older people are charged more for life insurance, and people with a medical history are charged more for health insurance’ (p. 5).

22

M. L. Rego

as a surrogate for behavioural traits such as reckless driving.78 The amended Proposal’s emphasis on ‘objective and verified medical facts’ and ‘undisputed medical knowledge that comply with medical data collection standards’79 appears to be aimed at leaving out precisely this sort of behavioural stereotyping. The Proposal’s reference to proportionality is also significant: ‘[t]he service provider must be able to objectively demonstrate significantly higher risks and ensure that the difference in treatment is objectively and reasonably justified by a legitimate aim and the means of achieving that aim are proportionate, necessary and effective’.80 It would be unduly burdensome to stop using age as a risk factor in personal insurance but perhaps not elsewhere. Proportionality also appears to call for insurers to abandon the use of ample age bands or limits because their use might lead to a disproportionate difference in treatment between two persons of a slightly different age but who happen to fall on different sides of an age band boundary. In addition, if the use of age as a rating variable is found not to be discriminatory in personal insurance, its use as a ground for refusing to provide insurance altogether might be found not to comply with the principle of proportionality.81 The same could be said of the refusal to provide insurance to a disabled person. However, disability as a risk factor poses an additional set of challenges to the insurance industry due to a lack of reliable statistical data. An insurer might be led to deny coverage to a disabled person because it simply lacks the data that it would require in order to evaluate that risk. A case of a person suffering from a heart condition who has been subject to groundbreaking surgery serves as an example, there being no past data to draw upon to assess that person’s life expectancy. Under the amended Proposal, the lack of reliable statistical data does not appear to be a valid excuse for differentiation.82

78 According to Civic Consulting (2010), there is ‘convincing evidence illustrating the relationship between driver age and the incidence of motor accidents’ (p. 39). 79 Recital 15 of the amended Proposal. See also Article 2(7) of the amended Proposal. 80 Final section of Article 2(7) of the amended Proposal. 81 This conclusion appears to be in line with the findings by B. Kuschke, “International report on discrimination in insurance” for the AIDA XIVth World Congress of the International Association for Insurance Law, presented in Rome on 2 October 2014, pp. 1–56, that ‘one should not allow insurers the luxury of an absolute exclusion based solely on a general discriminatory factor’ (p. 33) and that ‘[f]rom the data extracted from case law, judgments and rulings in the national reports, it appears that the outright refusal of providing cover is often held to be unjustified, yet that premium adjustments or a differentiation in the selection of benefits and policy terms and conditions was more readily justified and acceptable’ (pp. 33–34). 82 Which, again, would be consistent with the finding by B. Kuschke, “International report on discrimination in insurance” for the AIDA XIVth World Congress of the International Association for Insurance Law, presented in Rome on 2 October 2014, pp. 1–56, that ‘[t]he mere absence of statistics is not enough to irrefutably prove that there is no alternative to the discriminatory practice. Difficulty alone in providing statistical or actuarial information has never been accepted as an excuse for discriminatory conduct that is contrary to human rights’ (p. 33). In this instance the report refers in particular to Zurich Insurance Co. v. Ontario (Human Rights Commission) [1992] 2 SCR 321.

Discrimination Bans and Insurance Law

23

7 The Impact of Big Data According to Gartner’s IT Glossary, ‘Big Data’ means ‘high-volume, high-velocity and/or high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation’.83 These are known as the three Vs. It refers to data sets that are too large and/or complex for traditional data-processing application software to process. The massive volumes of data that are currently available for analysis, and the new analytical tools that are available for use on such data, allow its users to find new correlations that were, until very recently, unimaginable.84 Big data take us several steps closer to having the kind of mechanical diagnosticians85 I alluded to towards the end of Sect. 5. This is both an advantage and a disadvantage from the point of view of discrimination bans in insurance. It is an advantage in that the use of sex or other suspect classifications as actuarial factors might be deemed more acceptable to the extent that they are one factor that we may resort to amidst a million others. Problem factors will no longer be given a disproportionately heavy weightage, thereby making their use more acceptable. However, big data also entail new forms of indirect discrimination that are extremely hard to tackle. In the words of Williams, Brooks, and Shmargad, ‘[w]hen traces of people’s lives are recorded as “data,” and pieced together into “big data,” the resulting mesh is densely packed with correlations—personal characteristics that tend to show up together’86 (. . .). ‘Databases about people are full of correlations, only some of which meaningfully reflect the individual’s actual capacity or needs or merit, and even fewer of which reflect relationships that are causal in nature.’87 When selflearning data-processing algorithms process such massive volumes of data, many correlations are found. Patterns are learnt and reproduced. To the extent that such data are a faithful reflection of our society, existing biases will also be dutifully—and shamelessly—absorbed by the machines that will make decisions on the basis of those algorithms. In October 2018, it came to light that Amazon.com Inc.’s new high-tech selflearning recruiting machine designed to automate its search for top talent had to be halted when it was found that, by analysing 10 years of past job applications and their fate as determined by human recruiters, it had taught itself to reject women applicants.88 Although Amazon altered the program to make it gender-neutral, it soon realised that there could be no guarantee that the program would not find other 83

https://www.gartner.com/en/information-technology/glossary/big-data (accessed.30 April 2021). See Boyd and Crawford (2011). 85 See above n. 61. 86 Williams et al. (2018), p. 82. 87 Id. p. 83. 88 See Reuters (2018), “Amazon scraps secret AI recruiting tool that showed bias against women” 11.10.2018, available at https://www.reuters.com/article/us-amazon-com-jobs-automation-insight/ 84

24

M. L. Rego

ways of discriminating. The project was eventually discontinued as the company’s leadership lost hope in the prospect of eliminating unwanted bias. This example paints a very clear picture of the new challenges faced by discrimination bans that focus on suspect classification: modern algorithms now find so many different correlations and patterns that even if we remove a suspect classification from the database, say sex or race, they will find ways of reaching the same conclusions via large quantities of surrogate data. Williams, Brooks, and Shmargad have concluded that computers still learn stereotypes when sensitive variables are omitted.89 They argue that when it comes to big data, traditional bans on specific sensitive variables can actually exacerbate discrimination by making biases more difficult to detect and argue that a more desirable outcome can be reached by proactively using such sensitive variables to illuminate and combat discriminatory practices. They conclude that ‘[a]cross cultures, contexts, geographic regions, and sociotechnical systems, algorithms must be created with fairness in mind. Then we need to check for unfair outcomes and act to rectify any algorithmic injustices. Ongoing review of how we use algorithmic decision-making and what our algorithms have learned to value over time is critical for a fair society, in any society.’90

References Aitken C, Roberts P, Jackson G (2010) Fundamentals of probability and statistical evidence in criminal proceedings. Royal Statistical Society, full text available at https://www.maths.ed.ac. uk/~cgga/Guide-1-WEB.pdf. Accessed 30 Apr 2021 Aristotle (3rd Century BC). Ethica Nicomachea Arrow KJ (1971). Some models of racial discrimination in the labor market, RAND Corporation research memorandum RM-6253-RC, Santa Monica, Available at https://www.rand.org/ content/dam/rand/pubs/research_memoranda/2009/RM6253.pdf. Accessed 30 Apr 2021 Baker T (2002–2003) Containing the promise of insurance: Adverse selection and risk classification. Conn Insur Law J 9:371–396 (Part I) Becker GS (1957) The economics of discrimination. University of Chicago Press Boyd D, Crawford K (2011) Six provocations for Big Data. Social Science Research Network: A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society. https://doi. org/10.2139/ssrn.1926431 Civic Consulting (2010) Study on the Use of Age, Disability, Sex, Religion or Belief, Race or Ethnic Origin and Sexual Orientation in Financial Services, in Particular in the Insurance and Banking Sectors. Commissioned by the European Commission, full text available at http:// www.civic-consulting.de/project_42.html. Accessed 30 Apr 2021 Ellis E, Watson P (2012) EU anti-discrimination law, 2nd edn. Oxford University Press

amazon-scraps-secret-ai-recruiting-tool-that-showed-bias-against-women-idUSKCN1MK08G (accessed 30 April 2021). 89 Williams et al. (2018), pp. 89–90. 90 Id., p. 110.

Discrimination Bans and Insurance Law

25

Gartner’s IT Glossary, available at https://www.gartner.com/en/information-technology/glossary/ big-data. Accessed 30 Apr 2021 Gaulding J (1995) Race sex and genetic discrimination in insurance: what’s fair. Cornell Law Rev 80:1646–1694 Grove WM et al (2000) Clinical versus mechanical prediction: a meta-analysis. Psychol Assess 12:19–30 Hellman D (1998) Two types of discrimination: the familiar and the forgotten. Calif Law Rev 86:315–361 Hellman DS (1997) Is actuarially fair insurance pricing actually fair? A case study in insuring battered women. Harv Civil Rights Civil Libert Law Rev 32:355–411 Katz MJ (1990) Insurance and the limits of rational discrimination. Yale Law Policy Rev 8:436–458 Koldinská K (2001) Case law of the European Court of Justice on sex discrimination. Common Mark Law Rev 48:1599–1638 Landes X (2014) How fair is actuarial fairness? J Bus Ethics. https://doi.org/10.1007/s10551-0142120-0. First published online: March 7, 2014 Lemmens T, Thiery Y (2007) Insurance and human rights: what can Europe learn from Canadian Anti-discrimination Law? In: Cousy H, Van Schoubroeck C (eds) Discriminatie in Verzekering. Maklu, Academia-Bruylant, Antwerpen/Louvain-La-Neuve, pp 253–294 Leurs K, Shepherd T (2017) Dataification & discrimination. In: Schäfer MT, van Es K (eds) The datafied society. Studying culture through data. Amsterdam University Press, pp 211–231 Maitzen S (1991) The ethics of statistical discrimination. Soc Theory Pract 17:23–45 Marano P (2012) Sex discrimination in private insurance contracts and the EU law. In: Slavnic J, Jovanovic S (eds) Challenges in harmonisation of the Serbian insurance law with the European (EU) insurance law. Association for Insurance Law of Serbia, Belgrade, pp 59–73 Milieu Ltd (2014) Implementing the principle of equal treatment between persons. Complementary Impact Assessment of the proposal for a Council Directive on implementing the principle of equal treatment between persons irrespective of religion or belief, disability, age or sexual orientation, as well as amendments 37 and 41 of the European Parliament. European Parliamentary Research Service, https://doi.org/10.2861/31561. Available at https://op.europa.eu/s/ o3pf. Accessed 30 Apr 2021 Nanopoulos E (2011) Insuring the Charter: who bears the cost? Camb Law J 70:506–508 Olshansky SJ et al (2012) Differences in life expectancy due to race and educational differences are widening, and many may not catch up. Health Aff 3:1803–1813. https://doi.org/10.1377/hlthaff. 2011.0746 Phelps ES (1972) The statistical theory of racism and sexism. Am Econ Rev 62:659–661 Rego ML (2015a) Statistics as a basis for discrimination in the insurance business. Law Probab Risk 14:119–134. https://doi.org/10.1093/lpr/mgu017. First published online: October 15, 2014 Rego ML (2015b) Insurance segmentation as unfair discrimination: what to expect next in the wake of Test-Achats. In: Proceedings of the 16th Annual Conference of the Insurance Law Association of Serbia. Insurance law, governance and transparency: basics of the legal certainty, AIDA Serbia/German Foundation for International Legal Co-Operation (IRZ), pp 377–392 Reich N (2013) The impact of the non-discrimination principle on private autonomy. In: Leczykiewicz D, Weatherill S (eds) The involvement of EU law in private law relationships. Hart, Oxford, pp 253–277 Reuters (2018) Amazon scraps secret AI recruiting tool that showed bias against women. 11.10.2018, available at https://www.reuters.com/article/us-amazon-com-jobs-automationinsight/amazon-scraps-secret-ai-recruiting-tool-that-showed-bias-against-womenidUSKCN1MK08G. Accessed 30 Apr 2021 Sackett DL (1997) Evidence-based medicine. Semin Perinatol 21:3–5 Sass J, Seifried FT (2014) Insurance markets and unisex tariffs: is the European Court of Justice improving or destroying welfare? Scand Actuarial J 3:228–254 Schiek D (2011) Age discrimination before the ECJ – conceptual and theoretical issues. Common Mark Law Rev 48:777–799

26

M. L. Rego

Seifarth JE, McGowan CL, Milne KL (2012) Sex and life expectancy. Gender Med 9:390–401 Strauss DA (1986) The myth of colorblindness. Supreme Court Rev 1986:99–134 Thiery Y, Van Schoubroeck C (2006) Fairness and equality in insurance classification. Geneva Pap 31:190–211 Williams BA, Brooks CF, Shmargad Y (2018) How algorithms discriminate based on data they lack: challenges, solutions, and policy implications. J Inf Policy 8:78–115 Winkler A (2006) Fatal in theory and strict in fact: an empirical analysis of strict scrutiny in the Federal Courts. Vanderbilt Law Rev 56:793–871

Discrimination in the Context of Parametric Insurance Birgit Kuschke

Abstract It is a common understanding that insurers should be able to differentiate for risk selection. The risk of adverse selection is generally accepted in society, yet problematic underwriting is usually about differentiation that could, in certain circumstances, exceed the limits of what is acceptable and in such circumstances be classified as unfair discrimination. As insurance is voluntary, the parties are free to agree on the type of cover to be provided. With the assistance of big data and advanced technologies, such as genetic, locational and activity-based information, insurers have ever-increasing access to unique personal information and an increase in the accuracy of their risk modelling. There has been a recent increase in the popularity of novel parametric insurance products. Parametric insurance aims to categorise, classify or group persons according to standard parameters and to provide for fixed amounts to be payable upon a risk event. Some insureds placed in a specific group do not necessarily share the average characteristics of that group. Information regarding the individual’s personal circumstances and unique characteristics that may affect the real risk is often ignored. Such a general grouping that results in a different premium or extent of coverage for the average risk posed by members of the group could be seen as discriminatory.

1 Introduction In the current ‘information age’, more unique personal information is being collected, stored, accessed and used than ever before. Previously, information pertaining to the prospective insured person and his or her family’s medical history, place of residence and activities have played an understandably critical role to determine the risk and the subsequent decision to provide insurance cover against these risks.

B. Kuschke (*) Faculty of Law, University of Pretoria, Pretoria, South Africa e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_2

27

28

B. Kuschke

National and international measures to ensure effective data protection are increasing rapidly. Due to advanced digital technology, big data1 and the revolution in biotechnology, there is an increasing flow of personal data across all frontiers for the purpose of data processing, automatic or otherwise, increasing the ability to disseminate information worldwide. The individual’s right to privacy can be severely compromised. As stated in South African courts, ‘[p]rivacy is acknowledged in the truly personal realm, but as a person moves into communal relations and activities such as business and social interaction, the scope of personal space shrinks accordingly’.2 On the one hand, the insurer can delve deeply into the refined details and determine the risks posed by the individual insured exactly and with clarity and certainty. This takes time and incurs costs. The extensive data must furthermore be protected in line with extensive onerous measures, as discussed below, although it might not even be accessed or applied by the insurer for risk selection. On the other hand, the availability of simple data can allow an insurer to make a fast objective risk determination by classifying the insured as one of a general group or class without considering all refined information that influences the risk. In the latter case, failing to differentiate between the individual members of the group based on more refined information pertaining to the risks of each individual, could lead to discriminatory conduct. This can only be avoided if it the insurer offers a highly customized product with uniquely tailored provisions, based on each policyholder’s specific needs. It may often be the case that there is no sufficient differentiation. The collection of and access to personal information remain paramount to the core business of insurers. Once the information is disseminated, the insurance cover provided or claims paid, the issue of differentiation, bias or discrimination against different insureds comes to the fore. Insurance requires in its very nature differentiation or even discrimination. The insurer may choose which information it wishes to base its risk selection on and which it wants to ignore. While scientists have spent the past decades researching why specific diseases strike certain families or specific groups of people, statisticians launched empirical research projects to determine the risks posed to persons with a commonality of factors, such as specific age, gender, activities, habits, hobbies, characteristics, socioeconomic factors3 and geographical area of residence. Intricate algorithms are being written to extract and mine data for purposes of statistical forecasting.

1 Described as ‘extremely large data sets that may be analysed computationally to reveal patterns, trends, and associations, especially relating to human behaviour and interactions’ in The Oxford English Dictionary https://oed.com (last accessed on 1 April 2021). 2 As quoted by the South African Constitutional Court in Bernstein and others v Bester NO and others 1996 (2) SA 751 (CC) par 67. 3 The socio-economic status of a person includes a social or economic condition or perceived condition of a person who is disadvantaged for example by poverty, a low employment status or a low-level or lack of educational qualifications.

Discrimination in the Context of Parametric Insurance

29

Insurers are increasingly electing to group insureds together for purposes of parametric or index insurance—insurance where the coverage is triggered by a metric4 or index5 that is easy to determine6—provided they fall within a specific risk classification, as determined by objective factors or parameters, rather than assess the real or actual individual risks. This results in automatic classification of the individual as part of a group, and the insured’s unique subjective characteristics are not considered to determine the real risks posed based on the specific circumstances, nature and condition of the insured’s person, interests, rights, obligations and patrimony. Where a particularly healthy 65-year-old person is simply grouped into the same classification or category for travel insurance benefits as an obese, unfit diabetic of the same age group, the question arises on whether this is in fact discriminatory conduct by the insurer. To discuss this issue, the contribution investigates the nature of parametric insurance and thereafter what discrimination in insurance entails and whether parametric insurance practices have the potential to discriminate against the insured. Where insurers may claim that all insureds are treated equally by a general classification according to fixed parameters, insureds may argue that as the intimate details and finer nuances of their being and personal circumstances are not considered, they are indeed being discriminated against by the grouping.

2 The Nature of Parametric Insurance 2.1

General

Parametric insurance cover, as described above, guarantees the payment of a predetermined amount of an insurance claim upon the occurrence of a specific stipulated trigger event, which needs to be a certain predefined parameter or metric, specifically related to the insured’s particular risk exposure.7 This can be said to change the nature of the insurance from traditional indemnity insurance to a form of capital or non-indemnity insurance.8

Described as ‘a system or standard of measurement’ in Oxford Languages https://languages@oup. com (last accessed on 1 April 2021). 5 Described as ‘a numerical scale used to compare variables with one another or with some reference number’ in Oxford Languages https://[email protected] (last accessed 1 April 2021). 6 The Oxford English Dictionary https://oed.com (last accessed on 1 April 2021). 7 Sengupta and Kousky (2020). 8 In countries where this forms the basis for a distinction is regulation and governance, as was the position in South African law prior to 2018, this could create a supervisory challenge. See the distinction between long-term and short-term insurance in Millard (2019) chaps 2,6, and 7. 4

30

B. Kuschke

A parameter is, for example, set by an established and authoritative index for a specific type of event or its intensity, such as the universal Richter scale for earthquake intensity or the Saffir-Simpson scale for the categorisation of hurricanes.9 This index-based insurance has been used to provide catastrophe insurance in the event of natural occurrences such as weather-related climactic events. Insurance companies have also used parametric triggers for pandemic and epidemic policies written during the initial Ebola, SARS, MERS and Zika outbreaks. Some policies written for a general outbreak of infectious diseases also provided cover for losses suffered during the recent Covid outbreaks and worldwide lockdowns. In some of these policies, only fixed amounts are payable, irrespective of the real losses suffered over the unexpected long periods of lockdown. Traditional indemnity insurance requires the time-consuming valuation and quantification of the individual victim’s loss and thereafter proceeds to an even longer claim management procedure, the administration of deductibles, excess fees, and the application of other contractual limitations, before the eventual payout is received. Whereas parametric insurance offers the benefit of a quick determination of quantum, the payment of which is simply triggered by the parameter or index as agreed upon between the parties. As policyholders spend less time attempting to determine the extent to which their policies in fact cover their losses and the insurer also operates within specific forecasts and follows the fixed objective indices and time limits, the immediate right vesting in the insured to claim a fast and fixed payout may keep a business afloat in times of crisis. It also offers the insured peace of mind in the knowledge that fixed amounts are due once the risk materialises. Where parametric insurance is combined with traditional indemnity insurance in the form of a hybrid policy, the insured can rely on a basic parametric index-based payout and then a potential top-up amount at a later stage to indemnify him or her against the actual loss suffered.

2.2

Nature of the Parameters

Parameters must be objective, transparent, independently confirmed, accurately verifiable and absent of outside influence.10 It is also important, for purposes of

9 ‘Parametric insurance’ as described in The Insurance Glossary of the International Risk Management Institute Inc https://www.irmi.com/term/insurance-definitions/insurance (last accessed on 2 March 2021). For weather-based parameters, this metric involves certain measurements, for example from trusted third-party weather services or collecting sensor and satellite data to verify the magnitude of, for example, a weather event. 10 Swiss Re Corporate Solutions https://corporatesolutions.swissre.com: 1 August 2018 (last accessed 20 April 2021) explain that: “Important is that neither the risk taker nor the insured are able to influence the event or its reporting to avoid moral hazard, and why indices around weather and ‘Acts of God’ are so popular in parametric insurance.”

Discrimination in the Context of Parametric Insurance

31

equality, that these must be consistently applied.11 Parameters are set by agreement between the parties as part of the policy. The parameters are often linked to thresholds or limits that are set according to the insured’s risk tolerance. Two broad types of parameters can be identified, namely statistical and civil authority parameters.12 Objective factors include, for example, the nature of damage caused and may typically be customised to also refer to specific geographic areas, specific time periods and specific activities. Factors may include natural events such as weather events or human-driven factors, alone or in combination. Insurers may base their cover for businesses on a risk parameter such as foot traffic in a shopping mall.13 A storm destroying the entrance, flood damage preventing access to a store and a person or groups of persons creating an obstruction to the flow of traffic serve as examples of these factors. Parametric business interruption claims could be triggered in such an event.14 Travel insurance serves as one of the best examples of parametric insurance, where a fixed amount is payable when the luggage of a passenger is lost in transit never to be seen again, irrespective of its actual value. The amount payable under the policy is clear and immediately payable yet might not cover, most probably due to low limits, the actual damage suffered by the traveller. According to Swiss Re, such an insurable trigger needs to be fortuitous, and insurers need to be able to model it. The insurer also confirms that ‘any parametric or index used for the basis of a parametric insurance solution must be objective (i.e., independently verifiable), transparent, and consistent’.15 Parametric insurance is not necessarily designed to be a stand-alone insurance policy as the product often aims to fill the gaps in cover that exist due to insufficient traditional indemnity insurance policies.16 The index-based insurance is most often triggered where the insured has exhausted its traditional indemnity policy limits or where the loss exceeds the threshold for which the insured had to cover its own risks. Most parametric insurance policies stipulate various thresholds upon which cover is triggered. These may be customised to accommodate individual needs.

11

Cf Sengupta and Kousky, who advocate that the only criteria are that the parameter must be independent, objectively measurable immediately after the loss event, and correlate with the actual losses. 12 Unnava (2020): June 17. https://som.yale.edu/blog. An example of the first is where a natural catastrophe of a certain intensity would create a statistical loss, such as hurricane damage. An example for the second is where a public authority or government orders a lockdown or forbids access to persons for a specific time and to a specific area. 13 Also known as the ‘footfall metric’. 14 See also Unnava above. 15 See Swiss Re https://corporatesolutions.swissre.com 1 August 2018 (last accessed 20 April 2021). 16 Clyde and Co Report (2021) Building a resilient world: How parametric insurance can help close the protection gap. https://resilience.clydeco.com (last accessed on 12 April 2021).

32

2.3

B. Kuschke

Advantages of Parametric Insurance

As mentioned, parametric insurance cover offers to the insured the benefit of a guarantee for a speedy and direct payout after a triggering event to provide protection against unpredictable but potentially devastating risks in ways traditional insurance products cannot.17 The parametric insurance product is mostly designed to provide cover for hard-tomodel, low-frequency but high-intensity losses, such as black-swan events, for example the sudden and unexpected catastrophic risks caused by natural events, like flooding due to climate change and the ongoing Covid disaster. The product aims to cover risks where there is an insufficient history of losses that are captured as reliable data for risk profiling. Theoretically, in the absence of direct information about a certain fact, characteristic or ability, an insurer would be inclined to substitute group averages for individual data. This has the potential to cause unfair discrimination against atypical individuals from the disadvantaged group. The mere absence of statistics on a specific new risk is not sufficient to irrefutably prove that no alternative to the discriminatory practice of applying a group average exists. The parametric product can be customised according to the actual risks, although it might still lack individual refinements for individual traits but rather provides cover for a more ‘standard’18 type of risk event exposure. In contrast, traditional non-life or indemnity insurance cover is structured to pay for an insured event that leads to a quantified loss. The insurer reimburses the insured under the policy for the value of the loss, taking into consideration any policy limits and claim deductibles. To quantify loss, a representative from the insurance company is required to assess the damage, which could be time-consuming and does not by itself provide a clear outcome of the amount that will eventually be paid out, if any. With parametric insurance, the insurer only needs to verify that the loss event occurred and that it was covered under the metric. Once objective proof of loss is obtained, the insurer becomes liable to pay, provided of course that the loss exceeds the stipulated policy threshold. The short claim process is attractive to both parties, and faster payouts are obviously beneficial for the liquidity and solvency of the insured. This also provides the benefit of certainty to both parties. The insured is informed of exactly what it can expect to receive from the insurer once the risk materialises, whereas the insurer has more clarity and certainty on the projection of its liabilities. This aspect also facilitates reinsurance cover procured by the direct insurers. In the second instance, the fact that the same criteria are applied to all the insureds with similar profiles leads to equal treatment of policyholders and respect of the individual insured’s right to equality. It is this right to so-called equal treatment that 17 Brettler and Gosnear (2020). https://insurancejournal.com (last accessed 12 April 2021). See also for the key elements of parametric insurance. 18 Authors own amplification.

Discrimination in the Context of Parametric Insurance

33

may backfire as it may be due to the particularity of the facts and personal circumstances pertaining to the individual insured and may be discriminatory where only some yet not all facts disclosed are considered to determine the risk. Most information in a database can be disseminated to indicate a pattern or prevalence of risks. This allows for a more equal and consistent application across the board of solutions provided via risk mapping by the use of specialised algorithms. In view of the onerous duties of data protection when dealing with extensive confidential or privileged personal data, it is understandable that insurers would rather follow a clearer basic or general and simple statistical route than embroil themselves into disputes with individuals on the application of their personal information to pursue unique risk classifications in each instance. Furthermore, the insured benefits by paying lower administration and transaction costs due to the simplification of the method for determining payout, which does not require extensive loss assessments. As premiums are mostly standardised, the insurer does not have to expend time and resources to determine the actual risk and liabilities for purposes of bespoke premium determination when underwriting. Regarding the benefit of certainty, it is interesting to note, for example, that mandatory genetic testing, which could easily provide some form of data specificity for individual risk determination, is not being actively pursued by insurers. This is most probably due to the prohibitive costs involved and the obvious issue of privacy and onerous data protection duties, as discussed below. Insurers avoid these by increasing their product offering in the form of parametric or index-based insurance that is based on more general parameters.19 This could be a source of discrimination, as analysed below, as the real risk profile is not determined by the insurer and the premiums and cover are generalised to the detriment of the insured.

2.4

Disadvantages of Parametric Insurance

The main disadvantage that is clearly apparent is that the insurance may not cover the real actual damage or loss suffered by the individual insured as the policy does not cover the full basis risk. Instead of indemnifying the insured for the actual loss incurred, parametric insurance covers the probability of a predefined event happening and subsequently pays out according to a predefined index or parameters.20 Furthermore, a disadvantage often ignored is that where the policy pays more than the actual loss suffered, this windfall may be taxable, depending on the legislative and regulatory position of the specific jurisdiction.21

19

The issue of genetic testing by insurers has been addressed for many decades. See for example Thomas G “Genetics and insurance: an actuarial perspective with a difference” (accessed on 12 April 2021); Lowden (1992), p. 901, Low et al. (1998), p. 1632; Kuschke (2007), p. 305; Nienaber and Van der Nest (2003), p. 446. 20 See also Brettler and Gosnear for a summary of these advantages. 21 As also elaborated upon by Sengupta and Kousky.

34

B. Kuschke

Another clear disadvantage—and the one that this chapter aims to highlight—is that in parametric insurance, discrimination would be based on universal generalisations, such as the physical and physiological health status of the individual, but not on each insured’s individualistic characteristics or traits. Discrimination will manifest in the form of price discrimination where higher rates are charged for minorities, or discrimination exists where some minorities do not qualify for the same cover that the majority does. This raises the question of whether parametric insurance is not, in its very nature, discriminatory. Even where the insured agrees to a specific parametric policy, the insured often still expects to be treated as an individual or a species within a larger genus or class.

3 The Nature of Discrimination 3.1

General

Discrimination is more than a mere distinction or differentiation. It is an action based on prejudice leading to the unfair treatment of a person or persons. Differentiation may mean any grouping of persons or objects and includes a case where, for example, a specific product or service, including insurance cover, is provided. The United Nations Human Rights Committee states that ‘The term discrimination should be understood to imply any distinction, exclusion, restriction or preference which is based on any ground[s] and which has the purpose of nullifying or impairing the recognition, enjoyment or exercise by all persons, on an equal footing, of all rights and freedoms’.22 As insurance is mostly voluntary and the risk of adverse selection is generally accepted in society, problematic underwriting is usually about differentiation that could, in certain circumstances, exceed the limits of what is deemed to be acceptable and in such circumstances be classified as unfair discrimination. Discrimination in insurance is usually in the form of statistical discrimination based on the theory of stereotyping. Inequality and the preferential treatment of some persons can be classified as statistical discrimination because stereotyping may be based on the average behaviour of a specific risk group.23 Discrimination in insurance tends to be acceptable, for example, where older people are charged more for car insurance or when people with a complicated medical history are charged more for health insurance. Parametric insurance aims to categorise, classify or group persons according to standard parameters. Some insureds placed in a group do not necessarily share the average characteristics of that group. This results in a different premium or extent of coverage that can be seen as discriminatory. It is a common understanding that

22 23

UN Human Rights Committee (1989) General Comment 18: Non-discrimination. This theory was pioneered by Arrow (1973), Phelps (1972), p. 659.

Discrimination in the Context of Parametric Insurance

35

insurers should be able to differentiate, but not that all types of discrimination by insurers should be tolerated. The problem that confronts us is how to identify acceptable grounds for differentiation and to determine what the limits for legitimate economic discrimination are.24 Economic discrimination has not enjoyed as much attention as race, gender, age and disability discrimination as discrimination is traditionally mostly regulated within the health, welfare and employment frameworks. The one industry in which persons are, however, discriminated against literally on a daily basis, and as mentioned above is mostly tolerated by the victims thereof, is insurance.25 In one of the first cases to be heard on insurance discrimination, the Supreme Court of Canada held in Zurich Insurance Company v Ontario, Zurich Insurance Co v Ontario Human Rights Commission26 that ‘[a] fundamental tension between human rights law and insurance practice exists’. Fair discrimination is inevitably a necessary part of private insurance. The insurer must, due to the nature of the business, be entitled to differentiate and classify insureds into various risk categories based on all relevant information to assist with risk selection and risk classification. To maintain equity among insured persons, clearly each policyholder should be charged a premium rate proportional to the actual risk he or she transfers to the insurance fund.27 Parameters or factors to differentiate must be applied equally and consistently to all insureds. Discrimination may arise where an insured can prove that he or she was treated differently from another who is in a similar or analogous position. Internationally, the drive to introduce more specific insurance legislation to address the problem of existing legal uncertainty regarding the extent of acceptable differentiation can be seen from the introduction of the International Convention of the Rights of Persons with Disabilities.28 Industry-specific laws will comply with Article 4 of the Convention in promoting the enactment of non-discriminatory legislation in the acceding jurisdictions. To this end, States Parties undertake by acceding to the Convention to (a) adopt all appropriate legislative, administrative and other measures for the implementation of the rights recognised in the present Convention; (b) take all appropriate measures, including legislation, to modify or abolish existing laws, regulations, customs and practices that constitute discrimination against persons with disabilities; and (e) take all appropriate measures to eliminate discrimination on the basis of disability by any person, organisation or private enterprise. This includes, of course, insurance.

24

See for example Hoffmann v South African Airways 2000 (11) BCLR 1211 (CC) the court declined to comment on whether an HIV infection can be regarded as a “disability” and protected as such under the Constitution sec 9(3). 25 Information presented in this publication was gleaned from Kuschke (2014): 4 October 2014 based on the position in 28 participating countries. 26 1992 (2) S.C.R. 321. 27 See Nienaber and Van der Nest (2005), p. 546. 28 In force from May 2006.

36

B. Kuschke

Equity, as a fundamental principle of insurance, requires policyholders who fall within a higher risk category to be charged higher premiums, and consequently the lower the risk, the lower the premium. The costs must be shared fairly between all the policyholders. In parametric insurance, a broader set of parameters is used. The balance between the legitimate interests of the various categories of policyholders, for example those whose detailed personal information was considered and those whose information was not, lies at the heart of the issue of infringement on the right to equality and the resulting discrimination.29 Where the insurer, however, ignores specific personal information and uses only objective parameters, this could be recognised as a form of economic discrimination. Even though the insured may agree with the parametric insurance cover procured, it is often the case that the insured is ignorant of how his or her individual traits and circumstances could affect various aspects relating to insurance. This affects, for example, the cover versus the actual loss suffered ratio, the premiums payable and the exclusions and limitations that might apply. Such conduct will, in South Africa at least and most probably in other jurisdictions, be in line with the right to equality. In South Africa, the Constitution section 9 (2) provides for the achievement of full and equal enjoyment of all rights and freedoms and authorises legislative and other measures designed to protect or advance persons or categories of persons disadvantaged by unfair discrimination to be implemented. Irrespective of the valuable social service insurance provides, the solvency and profitability of insurance companies should be protected. Insurance companies should in most jurisdictions, by statute or by implication due to the nature of insurance business, keep their policies actuarially sound.

3.2

Differentiation and Discrimination

Care must be taken to distinguish simple distinction and differentiation from outright discrimination.30 Discrimination is prohibited in some form or another in most countries.31 International conventions also aim to protect the rights of persons and to prevent discrimination.32

29

See also Kuschke (2018), p. 242. See in general Wooman and Bishop (2013) on the right to privacy, equality, and dignity. 31 See The Constitution of the Republic of South Africa, 1996 sec 9 and the Promotion of Equality and the Prevention of Discrimination Act 4 of 2000, and regarding constitutions of other countries, Kuschke (2014). 32 Among these are the UN Convention on the Elimination of All Forms of Discrimination Against Women (18 December 1979), and the UN Convention on the Elimination of All Forms of Racial Discrimination (21 December 1965). See also relevant documents on https://ohchr.org (last accessed 23 April 2021). 30

Discrimination in the Context of Parametric Insurance

37

Primarily, the fundamental human rights to privacy,33 dignity34 and equality35 are at issue in this theme. The right to equality and the right to dignity relate directly to each other. Dignity informs the equality analysis at two stages. In the first instance, differentiation amounts to discrimination where the distinction is an affront to dignity, and second, the extent to which it impairs the dignity is an indication of the fairness of the discrimination. Compared to the constitutions of some other nations, the South African Constitution can be classified as a modern constitutional instrument due to its implementation as late as 1996.36 It is the supreme law of the country, and preventing all forms of discrimination, even in a social or socio-economic context, has become part of the daily narrative. In the Constitution of the Republic of South Africa 1996, the fundamental rights of the people in South Africa, as enshrined in the Bill of Rights, affirm the democratic values of human dignity, equality and freedom.37 In terms of the equality clause, no person may unfairly discriminate directly or indirectly against anyone on one or more of the following grounds: race, gender, sex, pregnancy, marital status, ethnic or social origin, colour, sexual orientation, age, disability, religion, conscience, belief, culture, language and birth. Any discrimination is deemed to be unfair unless it is established to be fair.38 The Promotion of Equality and the Prevention of Discrimination Act (PEPUDA)39 was enacted to give effect to the rights enshrined in sections 8 (2) and 9 of the Constitution. In PEPUDA, ‘discrimination’ is defined as ‘any act or omission, including a policy, law, rule, practice, condition or situation which directly or indirectly: (a) imposes burdens, obligations, or disadvantage on; or (b) withholds benefits, opportunities, or advantages from,any person on one or more of the prohibited grounds’. ‘Prohibited grounds’ are identified in the Constitution as (a) race, gender, sex, pregnancy, marital status, ethnic or social origin, colour, sexual orientation, age, disability, religion, conscience, belief, culture, language, birth, and HIV/AIDS status; or (b) any other ground where discrimination based on that other ground: (i) causes or perpetuates systemic disadvantage; (ii) undermines human dignity; or

33

The Constitution sec 14. The Constitution sec 10. 35 The Constitution sec 9. 36 Even though an interim Constitution, Act 200 of 1993 was in force between 1993 and 1996. 37 Sec 7(1). 38 Secs 9(2), 9(3); See also Havenga (1997), p. 75. 39 Act 4 of 2000 (hereinafter referred to as ‘PEPUDA’). 34

38

B. Kuschke

(iii) adversely affects the equal enjoyment of a person’s rights and freedoms in a serious manner that is comparable to discrimination on a ground in paragraph (a).

3.3

The Right to Equality

‘Equality’ includes the full and equal enjoyment of rights and freedoms as contemplated in the Constitution and includes de jure and de facto equality. PEPUDA gives effect to this protection. The right to equality, as set out in section 9 of the Constitution, renders discrimination on one or more of the listed grounds unfair unless its fairness is established. The burden of proof is thus on the person allegedly discriminating to prove that the discrimination is justifiable. To prove that the discrimination is fair, one must consider whether the discrimination reasonably and justifiably differentiates between persons according to objectively determinable criteria that are intrinsic to the activity concerned.40 This is where parametric insurance may run into difficulties where the risk profile of individuals is different from the general profile of the entire group. According to PEPUDA, the following aspects need to be taken into consideration to determine whether discrimination is fair or unfair:41 (a) whether the discrimination impairs or is likely to impair human dignity; (b) the impact or likely impact of the discrimination on the complainant; (c) the position of the complainant in society and whether he or she suffers from patterns of disadvantage or belongs to a group that suffers from such patterns of disadvantage; (d) the nature and extent of the discrimination; (e) whether the discrimination is systemic in nature; (f) whether the discrimination has a legitimate purpose; (g) whether and to what extent the discrimination achieves its purpose; (h) whether there are less restrictive and less disadvantageous means to achieve the purpose; (i) whether and to what extent the respondent has taken such steps as being reasonable in the circumstances to address the disadvantage which arises from or is related to one or more of the prohibited grounds; or (ii) to accommodate diversity.

40 41

Sec 14. Sec 14(2)(b).

Discrimination in the Context of Parametric Insurance

39

Discriminating factors that apply specifically to insurance products and services are identified in the Schedule of PEPUDA42 as follows: (a) unfairly refusing on one or more of the prohibited grounds to provide or to make available an insurance policy to any person; (b) unfair discrimination in the provision of benefits, facilities and services related to insurance; and (c) unfairly disadvantaging a person or persons.43 These are generalised provisions that provide no clear guidelines to the insurance industry and insurance applicants to attain legal certainty as to the extent to which categorisation is found acceptable or unacceptable. No specific legislation applies in South Africa to insurance that restricts or prohibits insurance cover or tariff discrimination on account of a policyholder’s characteristics, the environment within which a person functions, ethnic background, demography and so forth. This type of discrimination already occurs in practice during normal risk assessments by insurers. Due to the lack of statutory control in the absence of a general insurance contract law statute in South Africa, the matter must be dealt with primarily in terms of the Constitution44 and then also by other accessory statutes and relevant common law principles, where applicable. Commercial insurance does not entitle everyone to equally enjoy the benefit and privilege of insurance cover. Private insurers must have the right to underwrite to participate in the economic sphere. The problem is that there are no general rules or guidelines that force insurers to apply consistent practices and adhere to extensive evidence-based underwriting. The evidence that is applied is usually of a commercial and general factual nature, such as the value and nature of the property insured and where it is situated. What is required, however, is equitable treatment in applying this information so as not to discriminate between insured persons. The question is basically whether the individual rights of the policyholder prevail over the rights of others, which in effect causes discrimination against the latter. The commitment to respect the rights to equality, dignity and privacy of the insured would of course have to yield when the greater good requires it.45 In general, the main counter-values against the control and privacy of personal information are commerce (in terms of the principle that better information leads to better markets) and truthfulness (that privacy can also be used to deceive and defraud), yet these are not fundamental rights in themselves that compete with other constitutionally entrenched rights such as privacy, dignity and equality.

42

Sec 29 par 5. Part 5 to the Schedule of PEPUDA. 44 See Brink v Kitshoff 1996 4 SA 197 (CC) on the impact of the Constitution on statutory insurance law. 45 See The Constitution sec 36, and the requirement of public policy or public interest in terms of the common law of obligations. 43

40

3.4

B. Kuschke

Restrictions on Fundamental Rights

In terms of the European Convention on Human Rights, any restriction of a right must be ‘in accordance with law’ and ‘necessary in a democratic society’ to effectively limit or restrict the right to privacy.46 These principles are in line with the general limitations clause as found in section 36(1) of the South African Constitution. As parametric insurance deals with the probability of a risk occurrence, so genetic test results, for example, also provide indications of the probability or potential illnesses that a person might suffer from during his or her lifetime. It must be amplified that access to genetic information does not increase the risk, yet that is just another tool to assist the insurer to make a more accurate risk assessment.47 Genetic mapping introduced a whole new source of information that could be applied to determine the risks posed by a prospective insured where his or her personal health is concerned. It provides a scientific and factual basis upon which an insured’s inherited predisposition to a particular disease or group of diseases can be determined. Genetic mapping reveals the so-called ‘red flags’ of potential disorders and diseases. It remains important to note that the results indicate the uncertain probability, and not the absolute certainty or correct prediction, that the tested individual will develop the disorder or disease in his or her lifetime. Parametric insurance parameters may be informed by genetic test results and genetic testing statistics, for example where personal injury claim and travel insurance claim limits are at issue. The parameters of index-based insurance are also based on the same principles, namely the probability of the occurrence and loss caused by it. As far as genetic testing is concerned, it must be noted that some testing requires the genetic testing not only of the insured but also of various members of the family for so-called genetic linkage tests. The interests of these persons are also affected. It goes without saying that the right of privacy of the test results as well as the duty to disclose and to protect this information remain important issues.48 And as stated above, it is for this reason that non-indemnity insurance, specifically parametric insurance, remains attractive to insurers. Gene tests have become freely available commercially,49 yet the different test results might not prove adequate for purposes of accurate insurance risk selection 46

ECHR Art 8. See Kuschke (2007), p. 331. 48 It was agreed by stakeholders in the project that as this project was a communal effort, the primary genomic sequence should be in the public domain and is therefore a public document and freely available, yet a specific individual’s genetic test results remain in the private domain. See also Nienaber and Van der Nest (2003), p. 451. 49 Above. For example, carrier screening to determine whether a spouse carries one copy of a gene, that in combination with the other spouse’s gene would cause a hereditary disease in their offspring; prenatal diagnostic testing for Down’s syndrome, and pre-symptomatic testing to predict or estimate the risk of adult-onset cancers and disorders. Mutations in two specific genes, namely BRCA1 and BRCA2 (named for BReast CAncer) have been found to cause a high risk of developing familial 47

Discrimination in the Context of Parametric Insurance

41

and risk classification. One could, for example, challenge whether a predisposition to colon cancer is a legally justified reason to bar a person from obtaining mortgage insurance50 and whether it is necessary to allow an insurer that provides property insurance access to the records of the potential insured’s entire medical predispositions. In this instance index-based insurance, where the parameters are set based on the value of the property, its location and general risk factors in that area pertaining to the weather or crime statistics, would be seen as acceptable. However, where the parameters applied lack information, for example, on additional reinforcements made by the insured to the property against inclement weather or on additional security measures taken to combat theft or property damage caused by third parties, an insured may feel cheated out of a fair deal if he or she pays a premium equal to that payable by others lacking these often costly improvements. In this instance, claims of discriminatory conduct may become feasible.

3.5

The Right to Privacy

Defining privacy has always been notoriously problematic as it means different things to different people.51 It has been said that ‘privacy, like an elephant, is more readily recognised than described’.52 As early as 1890, Warren and Brandeis commented on the effects of an invasion of privacy as follows: The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.53

Neethling, Potgieter and Visser define privacy as ‘an individual condition of life characterised by seclusion from the public and publicity. This condition embraces all those personal facts which the person concerned has himself determined to be excluded from the knowledge of outsiders and in respect of which he has the will that they be kept private.’54 Where, however, the data subject decides to disclose

breast or ovarian cancer; http://www.dukemednews.duke.edu/news/controversy.php?id¼1733 “Genetic Testing for Breast and Ovarian Cancer Susceptibility”. 50 Newman (1997), p. 1. 51 Bernstein and others v Bester NO and others 1996 (2) SA 751 (CC) para 73; Roos (2003), p. 15; See in general also Scott (2020). 52 Young (1978) Privacy: 2. 53 Warren and Brandeis (1890), pp. 193–220. 54 Neethling et al 32; National Media Ltd v Jooste 1996 3 SA 262 (A) 271.

42

B. Kuschke

such information, he gives up his right to privacy to some (recipients thereof) but not all. This issue is addressed in this contribution to illustrate the onerous duties of the insurer, which could prove to be a justification to deviate from dealing with vast disclosures of personal information and to rather apply simpler parameters or metrics for purposes of risk selection. Most countries have laws that regulate the unsanctioned use of private or personal information. Mandatory data protection measures have increased to the extent that onerous duties rest upon the insurer to protect and manage the data gleaned from its policyholders. Data privacy has, in the current environment, become a core element of the individual’s right to privacy. In South Africa, the Electronic Communication and Transactions Act55 deals specifically with ‘data’ and its protection in general and what ‘private or personal data’ means. ‘Data’ is simply defined as ‘electronic representations of information in any form’,56 whereas ‘personal data’ can be said to be data that can be linked to a specific individual, called the ‘data subject’.57 In terms of the Act, ‘personal data’ means personal information about an identifiable individual, including information on his or her physical or mental health, well-being and disability;58 information relating to his or her medical history;59 any identifying number, symbol or other particular (the question is whether this includes the absolutely unique DNA of an individual) assigned to him or her;60 and his or her fingerprints or blood type.61 The Act does not refer specifically to genetic information. In terms of the South African Promotion of Access to Information Act62 and the Protection of Personal Information Act (POPIA),63 ‘personal information’ enjoys the same meaning as provided for under the Electronic Communications and Transactions Act (ECTA).64 The POPIA also refers specifically to a broader concept of ‘information privacy’.65

Act 25 of 2002 (hereinafter referred to as ‘ECTA’). Sec1 item 20. The Act covers most aspects relating to electronic data transfer. 57 ECTA s1 item 23 defines a ‘data subject’ as ‘any natural person from or in respect of whom personal information has been requested, collected, collated, processed, and stored after the commencement of this Act.’ 58 Sec 1 item 44(a). 59 Sec 1 item 44(b). 60 Sec 1 item 44(c). 61 Sec 1 item 44(d). 62 Act 2 of 2000 (hereinafter referred to as ‘PAIA’). The Act aims to actively promote a society in which persons have effective access to information to enable them to exercise and protect all their rights more fully. 63 Act 4 of 2013, which only fully came into operation on 1 July 2020 (hereinafter referred to as ‘POPIA’). 64 PAIA ecs1 item 18(a) – (d). 65 Sec 1. 55 56

Discrimination in the Context of Parametric Insurance

43

Information privacy is dealt with in the EU under the General Data Protection Regulation (GDPR).66 The right to privacy is a highly developed area of law in most jurisdictions. In the EU, it can primarily be found in Article 8 of the European Convention on Human Rights,67 which covers the right to respect private life, including another person’s private and family life, his home and his correspondence. In South Africa, the right to privacy is embodied in common law68 and in section 14 of the Constitution.69 In the insurance industry, problems arise when insurers do not respect the confidentiality of the personal information of the insured or where third parties obtain unauthorised access to insurance databases and the information is abused to the insured’s detriment. The Constitutional Court has emphasised the interdependency between the constitutional and common law right to privacy.70 The common law right to privacy is part of a person’s dignitas and as such is recognised as a valuable aspect of a person’s personality. The Constitution does not distinguish between the famed trilogy of fama, corpus and dignitas as far as reference to the right to dignity is concerned.71 The courts have adopted a sensible approach in recognising that the scope of a person’s privacy extends a fortiori only to those aspects regarding which a legitimate expectation of privacy can be harboured.72 The test to determine the scope and content of the right to privacy is the ‘reasonable expectation of privacy’ test,73 which requires a subjective expectation of privacy, as well as an expectation that is recognised by society as reasonable. Also, the right to privacy relates only to the most personal aspects of a person’s existence and not to every aspect within his or her personal knowledge and experience.74 A violation of such a right to privacy constitutes an infringement or iniuria. The compilation and distribution of data during the ‘processing’ thereof might threaten the privacy of an individual where information is processed contrary to that person’s will or intention. It is this liability that insurers may aim to avoid when collecting sensitive data from their prospective insureds. A simple index, as applied for parametric insurance, that is based on general factual data offers the insurer an escape from the duty to In the EU the General Data Protection Regulation, 2016 (hereinafter the ‘GDPR’). The Convention for the Protection of Human Rights and Fundamental Freedoms, adopted in 1950., and known as the ‘ECHR’. 68 O’Keeffe v Argus Printing and Publishing Co Ltd 1954 3 SA 244(C) is seen as the locus classicus for the recognition of a common law right to privacy in South Africa. 69 The Constitution of the Republic of South Africa 1996 s14: ‘Everyone has the right to privacy, which includes the right not to have (a) their person or home searched; (b) their property searched; (c) their possessions seized; or (d) the privacy of their communications infringed’. 70 The Bernstein case par 72. 71 Sec 9; Wooman and others Constitutional Law of South Africa: chap 36.; Dendy v University of Witwatersrand, Johannesburg and others 2005 2 All SA 490 (W) 497. 72 The Bernstein case par 75. 73 The Bernstein case pars 74 to 79 on the position in the USA, Canada, and Germany. 74 The Bernstein case par 79. 66 67

44

B. Kuschke

protect data that it is in any event not applying for its risk assessments throughout the processing lifespan of the data. The question begs whether the right of privacy to genetic information should be different from the right of privacy to other information.75 Genetic information is neither unique nor distinctive in its ability to offer a peek into what the future of our health might be.76 A simple cholesterol test can in some cases be a better predictor of health-related complications than an extensive genetic DNA test could offer. Genetic testing also does not increase the risk. It only increases knowledge about a factually existing probability of risk. The issue at hand is not about a new disease such as Covid or SARS but about new and more accurate information about an uncontrollable factor or state of an individual’s health. Some medical information relates to a matter of choice, for example lifestyle issues such as smoking, sexual preferences and activities, yet with genetic information there is no choice nor control. There is no consensus on why genetic information, as a sub-class of medical information, should be classified as more sensitive in nature than any other information based, for example, on previous illnesses or allergies.77 Two schools of thought exist on whether the information obtained by human genome testing should in principle be treated as more confidential than information gleaned from the medical history of the family or the insured’s own previous medical profile. Some argue that the information is so sensitive and unique that it deserves special privacy protection, while others believe that there should be no distinction as there is no clear demarcation that separates genetic data from other health data.78 It does, though, disclose more of our personal information, as well as information regarding our relatives, the whole family, and even unborn children, than any other source of information to date.79 It follows that any personal information relevant to insurance, whether medical, genetic or otherwise, is deemed to be of a confidential nature and deserves to be protected as private or confidential information. Because there is general uncertainty and uneasiness on whether current data protection systems are efficient enough to cover the new realities and eventualities posed by the advent of comprehensive and accurate genetic testing, the introduction of a simpler index-based system is therefore an option that insurers increasingly consider. The insurer may of course always freely choose not to have access to any of this information and to assess the risks on these or based on other factors. If the insurer wants a comprehensive data set from the insured on which the risk assessment may be made, the insurer must respect the right to privacy and comply with the extensive duties, statutory or otherwise, of data protection. Restrictions of the right to privacy

75 Human Genetics Committee (2001) Whose hands on your genes?. Report HGC01/P4, (accessed on 11 February 2007); Bregman-Eschet (2006), p. 1. 76 Bregman-Eschet 3. 77 Poste (1999), pp. 25, 28; Everett (2004), p. 273. 78 For a discussion on the effect of testing on family members, see also Slabbert (2003). 79 Laurie (1996), pp. 82–83.

Discrimination in the Context of Parametric Insurance

45

are acknowledged. In South Africa, an infringement is not wrongful if a ground of justification exists, for example consent,80 the legitimate or lawful interests of another or where the infringement is in the public interest.81 In the case of parametric insurance, it appears to be the consent of the insured that enables the insurer to classify the insured’s risks based not on its specific individual data but on broader general parameters. In terms of section 36(1) of the Constitution, a fundamental right may be limited only in the case of a law of general application to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom. All relevant factors must be considered, including the nature of the right, the importance of the purpose of the limitation, the nature and extent of the limitation, the relation between the limitation and its purpose, and less restrictive means to achieve this purpose. In the new legislation, the POPIA, an important exemption is made to the prohibition on the processing by an insurer of any personal information concerning a person’s health.82 Insurers are not prohibited from the processing of data where it is necessary (i) for assessing the risk to be insured by the insurance company and the data subject has not objected thereto, (ii) for the performance of the insurance agreement, or (iii) for the enforcement of any contractual rights and obligations. The insurer has to treat the information as confidential at all times. This is further qualified as follows: ‘Personal information concerning inherited characteristics may only be processed, where this processing takes place with respect to the data subject from whom the information concerned have [sic!] been obtained, unless (a) a serious medical illness prevails, or (b) the processing is necessary for the purpose of scientific research or statistics.’ In common law, a potential insured has the duty to disclose all information material to the risk before the conclusion of an insurance contract; in some instances, this is required after the conclusion of an insurance contract during the existence of the contractual obligation. Where the insured does not do so, it will be seen as a misrepresentation. Where the insurer chooses not to receive or apply all material information but only some of it for the parameters it chooses to do so, the insured is excused from informing the insurer of additional information, whether it is material to the risk or not.83 It remains a fact that an omission to disclose available genetic information would be to the insurer’s detriment as it makes accurate risk assessment impossible. On the other hand, the disclosure may constitute an unwanted exposure of personal information that may lead to discrimination, loss of benefits, loss of 80

For example, in terms of ECTA sec 51(1). Financial Mail v Sage Holdings 1993 2 SA 451 (A). 82 Sec 29(1). 83 Mutual and Federal Insurance Co Ltd v Oudtshoorn Municipality 1985 1 SA 419 (A); Anderson Shipping v Guardian National Insurance 1987 3 SA 506 (A); Qilingile v SA Mutual Life Assurance Society 1993 1 SA 69 (A); De Waal NO v Metropolitan Lewens Bpk 1994 1 SA 818 (O); SA Eagle v Norman Welthagen Investments 1994 2 SA 122 (A); Commercial Union Insurance Co of SA Ltd v Lotter 1999 2 SA 147 (SCA). 81

46

B. Kuschke

intimacy, stigma and embarrassment.84 In parametric insurance, it is the insurer that chooses to limit the basis on which it assesses the risk. Where there is no unfair discrimination when taking, for example, the personal and private genetic information into account for risk assessment, the determination of insurance tariffs must be based on the fundamental principle of equity and depends upon the agreement between the potential insured and the insurer. This allows an insured to freely choose parametric insurance products and waive rights to equality by agreement. One should keep in mind that this type of contractual autonomy does not always limit, but also actually enhances, self-respect and dignity.85 According to McQueen, ‘[t]he law [i.e. contract law] is founded on ideas of transactional equality, private autonomy, and voluntary interaction, in which, within very broad limits, individuals strike their own balance of interests, rather than have it set for them by external, social or public standards’.86 The processing of personal or confidential information for purposes of insurance risk selection and classification could, in view of the onerous duties relating to data protection and the effect of processing sensitive data on the insured’s right to privacy, become too onerous.87 This has the potential to drive insurers to discontinue reliance on genetic information for the purposes of risk assessment and classification and base the latter on a simpler set of parameters.

4 Conclusion Parametric insurance is gaining its foothold in many countries and in various types of insurance cover. The availability of more sensitive data, such as the genetic test results of an individual, will clearly affect actuarial estimates.88 Where genetic testing or the disclosure of other confidential information is made mandatory, an overly cautious insured with privacy concerns may find traditional insurance products less attractive and rather opt for a less privacy-invasive parametric insurance product. In view of the ongoing developments in the field of information gathering, such as satellite observations, mobile phone tracking and genetic testing, the insurance consumer becomes less sensitive to having Big Brother watching them and gathering 84

Goldman 8; SALRC (2017) Project 140: The right to know one’s own biological origins. Issue Paper 32 n 101. 85 Brisley v Drotsky 2002 4 SA 1 (A) par 94. 86 MacQueen (2004), pp. 359, 376. 87 Insurers are not necessarily at risk without access to risk transfer instruments. Data protection insurance is available in the market for insurers to cover losses and liabilities caused, for example, by viruses or unauthorised access or by third parties through hacking resulting in the contamination, loss or unauthorised access and subsequent use or abuse of data. General liability insurance cover is also available to the insurer. 88 See Thomas 2.

Discrimination in the Context of Parametric Insurance

47

big data. Access to their own locational or genetic information, for example, may assist in creating a more specific general set of parameters that could be applied by insurers in risk profiling for purposes of writing parametric insurance policies. Currently, the results pertaining to the consequences of specific gene-gene and gene-environment combinations, however, remain too inconsistent to provide absolute clarity on the risks involved.89 Where the surveillance and testing of the individual are executed with the insured’s informed consent and in accordance with any regulatory provisions,90 and the results are material to the assessment of the risk, it may be applied to assess the true risk that factually exists. All information should be disclosed and applied in risk differentiation, including information such as dangerous occupations and personal lifestyle and activities. One must keep in mind that where information resulting from human genome testing is used to the detriment of a potential insured, by placing him or her in a higher risk classification group, one could argue that he or she is being discriminated against, obviously where testing is not done on the other potential insureds in a group or where the test results are not conclusive and should not be seen to be material for purposes of the assessment of the risk. On the other hand, where specific information such as genetic information is available and indicates that the insured should in fact fall within a higher risk class, yet this is not done due to the limited parameters that place this individual in another lower category or class, this practice could be identified as discriminating conduct. The insurer is in fact discriminating against all the other insureds who fall under a lower risk category because prejudicial information about their genetic information is not known or applied or those who do not pose a greater risk because of their more positive risk profiling. One could thus argue that by not using material information and information regarding the finer nuances of the insured’s position, traits and circumstances that may be available, the insurer in fact discriminates against all the other insureds. Is parametric insurance the easy way out? Popular as it may be due to the speed of claim handling, payouts, risk profiling, and simpler contract and data management, aspects regarding the true risk posed by an individual insured and deviation from the principle to indemnify for the real and actual losses suffered fall by the wayside. One may argue that the index-based paint-by-numbers approach allows insurers to avoid

89

See Kuschke 319, 331. In South African law, see The Constitution sec 14 and The Protection of Personal Information Act 4 of 2013. On the regulation of the use of results, see for example the Core Ethical Values of EuropaBio, the European Association for Bio Industries that represents companies operating worldwide and national associations involved in the research, development, testing, manufacturing, marketing, sales and distribution of biotechnology products and services in the fields of healthcare, agriculture, food, and the environment. This Association confirms that only where the real effect of a specific genetic test result on the risks have been scientifically proven with absolute accuracy and certainty, should be considered for risk assessment for the purposes of insurance. EuropaBio (2002), p. 63.

90

48

B. Kuschke

the pitfalls posed by intricate risk assessments and data administration and privacy issues. The concept of parametric insurance is not new, yet as risks evolve, the benefits of parametric insurance to provide cover either on its own or as risk gap protection, together with traditional insurance, should not be ignored. Even hybrid models written on an initial parametric insurance basis, combined with an amount payable where the actual loss exceeds the fixed amount to indemnify the insured to a specific limit, provide more extensive risk coverage. Increased attention is focussed on parametric insurance mainly because it provides faster and more flexible availability of funds to victims of disasters and as a handy tool to provide post-disaster funds for emerging and otherwise difficult-to-insure risks. There is also hope that parametric policies can broaden disaster insurance coverage for so-called black swan events and improve financial resiliency to predicted future risks of great magnitudes, such as catastrophic climate change events. However, to ascertain that parametric insurance is not discriminatory, insurers will have to ensure that the parameters remain objective to the extent that they cover most aspects relevant to the risk and that the insured is made fully aware that other information that might affect this risk determination and the premiums payable will not be considered and that its right to differentiation based thereupon is waived by procuring the index-based insurance product. Any information disclosed must be protected to prevent the infringement of data privacy. Set parameters must also be applied consistently to ensure equality. If one insured pays a lower premium that is less than his or her proportional share to prevent discriminating against him or her, it will by necessity lead to an overcharge against other insureds in the group, creating inequality and ensuing economic discrimination.

References Books Arrow KJ (1973) The theory of discrimination. In: Ashenfelter O, Rees A (eds) Discrimination in labor markets. Princeton University Press, Princeton Millard D (2019) Modern insurance law. Juta, Cape Town Scott J (ed) (2020) Neethling Potgieter and Visser law of personality. Lexis Nexis, Durban Wooman S, Bishop M (2013) Constitutional law of South Africa. Juta, Cape Town Young JB (ed) (1978) Privacy. John Wiley, Chichester

Discrimination in the Context of Parametric Insurance

49

Journal Articles Bregman-Eschet Y (November 2006) Genetic databases and biobanks: who controls our genetic privacy?. Santa Clara Comp High Technol Law J 1 Everett M (2004) Can you keep a (genetic) secret? The genetic privacy movement. J Genet Counsell 13:273 Havenga PH (1997) Equality in insurance law – the impact of the bill of rights. SA Merc Law J 275 Kuschke B (2007) Access to genetic information and the insurer’s duty of genetic data protection. De Jure 40:305 Laurie GT (1996) The most personal information of all: an appraisal of genetic privacy in the shadow of the human genome project. Int J Law Policy Family 82 Low L, King S, Wilkie T (1998) Genetic discrimination in life insurance: empirical evidence from a cross-sectional survey of genetic support groups in the United Kingdom. Br Med Law J 1632 Lowden JA (1992) Genetic discrimination and insurance underwriting. Am J Human Genet 901 MacQueen HL (2004) Delict, contracts and the bill of rights: a perspective from the United Kingdom. SALJ 359 Newman P (1997) Genetics in the courtroom: an introduction. Judges’ J 1 Nienaber A, Van der Nest D (2003) Genetic testing for the purpose of insurance risk assessment and the constitutional right to privacy THRHR:446 Nienaber A, Van der Nest D (2005) Actuarial science versus equity: contingency deductions for future loss of earnings and the HIV/AIDS pandemic. THRHR 546 Phelps ES (1972) The statistical theory of racism and sexism. Am Econ Rev 62:659 Poste G (1999) Privacy and confidentiality in the age of genetic engineering. Tex Law Rev Polit 4:25 Warren SD, Brandeis LD (1890) The right to privacy. Harv Law Rev 4:5193

Online Documents Brettler D, Gosnear T (2020) Insurance Journal (January 2020) https://insurancejournal.com Clyde and Co Report Building a resilient world: How parametric insurance can help close the protection gap, https://resilience.clydeco.com EuropaBio (2002) Working Group on Gene Therapy. J Biolaw Bus 5(2):63 Human Genetics Committee (2001) Whose hands on your genes? Report HGC01/P4 http://www. hgc.gov.uk Oxford Languages. https://[email protected] Sengupta R, Kousky C (2020) Parametric Insurance for Disasters. Wharton Risk Centre Primer https://riskcenter.wharton.upenn.edu/wp-content (September 2020) Swiss Re Corporate Solutions (2018). https://corporatesolutions.swissre.com 1 August 2018 The Insurance Glossary of the International Risk Management Institute Inc. https://www.irmi.com/ term/insurance-definitions/insurance. The Oxford English Dictionary. https://oed.com Thomas G (2020) Genetics and insurance: an actuarial perspective with a difference. www. guythomas.org.uk Unnava V (2020) Understanding parametric triggers in catastrophe insurance. Yale School of Management Program on Financial Stability Systemic Risk Blog (June 17, 2020) https://som. yale.edu/blog

50

B. Kuschke

Legislation Convention for the Protection of Human Rights and Fundamental Freedoms, adopted in 1950 Electronic Communications and Transactions Act 25 of 2002 General Data Protection Regulation (EU 2016/679) Promotion of Access to Information Act 2 of 2000 Promotion of Equality and the Prevention of Discrimination Act 4 of 2000 Protection of Personal Information Act 4 of 2013 The Constitution of the Republic of South Africa, 1996 UN Convention on the Elimination of All Forms of Discrimination Against Women (18 December 1979) UN Convention on the Elimination of All Forms of Racial Discrimination (21 December 1965)

Case Law Anderson Shipping v Guardian National Insurance 1987 3 SA 506 (A) Bernstein and others v Bester NO and others 1996 (2) SA 751 (CC) Brink v Kitshoff 1996 4 SA 197 (CC) Brisley v Drotsky 2002 4 SA 1(A) Commercial Union Insurance Co of SA Ltd v Lotter 1999 2 SA 147 (SCA) Dendy v University of Witwatersrand, Johannesburg and others 2005 2 All SA 490 (W) De Waal NO v Metropolitan Lewens Bpk 1994 1 SA 818 (O) Financial Mail v Sage Holdings 1993 2 SA 451 (A) Hoffmann v South African Airways 2000 (11) BCLR 1211 (CC) Mutual and Federal Insurance Co Ltd v Oudtshoorn Municipality 1985 1 SA 419 (A) National Media Ltd v Jooste 1996 3 SA 262 (A) 271 O’Keeffe v Argus Printing and Publishing Co Ltd 1954 3 SA 244(C) Qilingile v SA Mutual Life Assurance Society 1993 1 SA 69 (A) SA Eagle v Norman Welthagen Investments 1994 2 SA 122 (A) Zurich Insurance Company v Ontario, Zurich Insurance Co v Ontario Human Rights Commission 1992 (2) S.C.R. 321

Reports Kuschke B (2014) International Report on Discrimination in Insurance presented at the AIDA XIVth World Congress: International Association for Insurance Law World Congress. Italy Kuschke B (2018) Report on Disability Discrimination in Insurance. South African Disability Legislation and Policy Gap Analysis. UP Centre for Human Rights, Pretoria 242 South African Law Review Commission (2017) Project 140: The right to know one’s own biological origins. Issue Paper 32

Discrimination in the Context of Parametric Insurance

51

Other Roos A (2003) The law of data privacy protection: a comparative and theoretical study. LLD (UNISA) Slabbert M (2003) The (genetic) ties that bind us and the duty to disclose genetic risks to blood relatives. LLD (UFS) unpublished

Insurance and Discrimination in Canadian Law Barbara Billingsley

Abstract In Canada, and elsewhere, insurance underwriting practices necessarily involve categorizing insureds according to risk factors. Traditionally, these risk factors have included personal characteristics that are statistically correlated with the possibility of loss. For example, because young male drivers are statistically more likely to have a motor vehicle accident, they have historically been charged higher automobile insurance premiums than young female drivers. This article examines the ways in which Canadian law has balanced the insurance industry practice of assigning insurance benefits on the basis of personal characteristics with social and legislative antidiscrimination policies. In particular, this article reviews the rationale for the insurance industry’s practice of relying on personal characteristics as underwriting factors, summarizes the existing state of Canada’s antidiscrimination laws in relation to that practice and discusses possible future directions for Canadian law to redraw the balance between insurance industry needs and antidiscrimination protection.

1 Introduction In the summer of 2018, North American news agencies widely reported a story about a cisgender Canadian man who changed the gender identification on his driver’s license from male to female for the sole purpose of benefiting from lower motor vehicle liability insurance premiums available to female drivers.1 The story revived a long-standing debate about whether, and to what extent, Canadian insurance 1

See, for example, Mikelionis (2018), O’Neill (2018), Ashley (2018) and Hopper (2018). To make the gender identity change on his driver’s license, the individual in question relied on legislation enacted to benefit transgender individuals by permitting an adult to easily change their gender identity on government-issued identification, including a birth certificate and a driver’s B. Billingsley (*) Faculty of Law, University of Alberta, Edmonton, AB, Canada e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_3

53

54

B. Billingsley

companies should be permitted to discriminate between insureds on the basis of personal characteristics. This debate is grounded in the fundamentally divergent perspectives of the insurance industry and human rights advocates regarding the appropriateness of insurers classifying individuals according to common personal characteristics for underwriting purposes (that is, for the purposes of determining whether to provide insurance coverage and at what cost). The insurance industry’s view focuses on the fact that a viable insurance system depends on the ability of insurers to accurately assess, ex ante, the likelihood of a loss occurring. Because insurance operates by spreading financial risks among similarly situated individuals, this assessment requires grouping individuals into common risk categories for the purpose of assigning coverage and setting premiums. These risk categories pertain to common personal characteristics of individual insureds.2 From a human rights standpoint, however, the categorization of individuals based on common personal characteristics directly conflicts with a fundamental principle of equality: namely, that individuals are entitled to be dealt with on the basis of their “own merits” and “not on the basis of group characteristics,”3 particularly immutable personal characteristics such as age and gender. Thus, a tension exists between insurance doctrine, which has traditionally supported the practice of classifying insureds on the basis of common personal characteristics, and human rights philosophy, which abhors such categorization. The purpose of this chapter is to engage with this debate by comprehensively and critically examining how Canadian law has addressed the problem to date and considering how and why this approach might change in future. To this end, the chapter is divided into three main sections. The first section sets out the theoretical and legal context of the debate. This includes a review of the rationale for the insurance industry’s traditional reliance on personal characteristics as a means of risk assessment in insurance underwriting and an overview of the equality rights protection currently available under Canadian law. The second section describes the current state of Canadian law, summarizing both legislative and common law responses to equality concerns in the insurance context. This segment discusses the law in relation to two distinct, but related, topics: (1) an insurer’s ability to rely on the personal characteristics of an insured for underwriting purposes, including an insurer’s ability to access and rely on the insured’s genetic information for underwriting purposes, and (2) an insurer’s ability to restrict insurance benefits based on the personal characteristics of the insured or a policy beneficiary. Finally, drawing on Sects. 2 and 3, the last section of the chapter considers future directions for Canadian law in managing the tension between insurance risk classification and equality rights.

license. See Vital Statistics Information Regulation, Alta. Reg. 108/2018, s. 17(1); and the Operator Licensing and Vehicle Control Regulation, Alta. Reg. 320/2002, s. 20.1. 2 For further discussion of this point, see Sect. 2.1. 3 Zurich v. Ontario Human Rights Commission, [1992] S.C.J. No. 63 (SCC), para. 17 [“Zurich”].

Insurance and Discrimination in Canadian Law

55

2 Context of the Debate 2.1

The Rationale Behind the Insurance Industry’s Reliance on Personal Characteristics as Underwriting Criteria

Fundamentally, insurance is about “spreading the risk of financial loss.”4 Instead of an individual bearing the full cost of a materialized loss, insurance distributes this cost among many individuals who, ex ante, share a similar risk of loss. Despite this underlying purpose of societal responsibility, however, “[f]rom the insurers’ perspective, insurance is a commercial enterprise.”5 Private insurers are primarily focused on the financial success of the insurance enterprise. The commercial success of an insurance company depends on the insurer’s ability to accurately assess the likelihood of an insured loss occurring. From a business perspective, an insurer must be able to accurately assess the likelihood of an insured suffering a loss in order to decide whether to provide insurance coverage for that loss, how much insurance coverage to provide, and, critically, what price (premium) to charge for the insurance coverage. These decisions are critical to the insurer’s ongoing financial viability; if an insurer consistently pays more in losses than it collects in premiums, the insurer will be bankrupted. Functional risk assessment, in turn, requires an insurer to confront the problems posed by adverse selection and moral hazards. Adverse selection describes “the tendency for low-risk individuals to avoid insurance and for high-risk individuals to seek it.”6 If insurance rates are not tailored to the likelihood of risk—that is, if all insureds are charged the same premium rates—individuals with a higher likelihood of loss will be attracted to insurance while individuals with a lower risk of loss will be incentivized to avoid purchasing insurance. An insurance company cannot sustain a business consisting of only highrisk clients; over time, the insurer would be bankrupted from having to pay out all of the materialized, high-risk, claims.7 Moral hazard, on the other hand, refers to the fact that the incentive for individuals to avoid loss is reduced after they obtain insurance coverage. Once insured, a person “ceases to bear the same degree of risk because, if a loss occurs, it will be paid by the insurance company.”8 In other words, the existence of insurance coverage increases the risk of loss because the insured is less motivated to avoid a loss. A typical solution to the potential problems of adverse selection and moral hazard is for an insurer to classify insureds according to their likelihood of risk so that each insured is “grouped with others of the same perceived risk level and charged

4

Billingsley (2014), p. 1. Adjin-Tettey (2013), para 15. 6 West (2013), p. 681. 7 Ibid. See also Flanagan (1985), p. 726; and Rego (2015), p. 124. 8 West (2013), p. 681. See also Brown et al. (2007), p. 111. 5

56

B. Billingsley

premiums accordingly.”9 This categorization reduces adverse selection by removing the incentive for low-risk individuals to opt out of obtaining insurance coverage. It reduces moral hazard by providing an incentive for high-risk individuals to take steps to avoid an insured loss in the hopes of being able to move to a low-risk category in future.10 Thus, in short, “[t]he economic stability of many insurance programs depends on the ability of insurers to differentiate risks according to a predetermined set of criteria.”11 Although a wide range of diverse criteria can be utilized for this risk differentiation, insurers have traditionally relied heavily upon the personal characteristics of an insured, including factors such as age, gender, and marital status. These personal characteristics are used as grounds for assessing risk because they are convenient: they are accessible, cheap, verifiable, and stable.12 Moreover, these factors can be “reliably correlated with many aspects of behaviour important in insurance, such as mortality, sickness and propensity for accidents.”13 Of course, correlation is not causation. The personal qualities of an insured do not cause losses to occur, and therefore they are not directly relevant to an insurer’s ability to assess risk. However, these personal characteristics stand as proxies for behaviors that are causally relevant to the risk of loss. For example, gender and age are not causally related to motor vehicle accident rates: being of a particular gender or age does not cause accidents to happen. However, these factors are both strongly correlated to motor vehicle accident occurrence rates because these demographic markers are associated with driving behaviors that do cause accidents. For example, motor vehicle accident rates are statistically higher for very young drivers and for elderly drivers. This is because young drivers are more likely to have less driving experience and have a higher propensity to engage in high-risk driving conduct. Elderly drivers, on the other hand, are likely to suffer from sensory or cognitive impairments, which negatively impact their driving abilities.14 Viewed strictly from a utilitarian or business perspective, the classification of risk on the basis of personal characteristics is both rational and fair. It is rational because it is a logical method of addressing the problems of adverse selection and moral hazard described above. It is fair, in an actuarial sense, because the statistical correlation between certain personal characteristics and the likelihood of loss makes those personal characteristics mathematically relevant to risk assessment.15 In this context, fairness “is not solely about equality, but equity, since what

9

West (2013), p. 682. Ibid. 11 Ibid., p. 679. 12 Flanagan (1985), p. 727. See also Kelly and Neilson (2006), p. 221; and West (2013), p. 683; and Rego (2015), p. 125. 13 Flanagan (1985). 14 Kelly and Neilson (2006), pp. 214–218. See also Brown et al. (2007), p. 111; and West (2013), p. 683. 15 Prince (2018), pp. 630–631; Brown et al. (2007), p. 107; and Kelly and Neilson (2006), p. 219. 10

Insurance and Discrimination in Canadian Law

57

[an insured] pays is considered fair to pay by virtue of being a member of a particular group and the market circumstances related to being a member of that group.”16 However, the real question (addressed in Sects. 3 and 4) is whether, and to what extent, actuarial fairness can be accommodated by the human rights concept of equality. Finally, an insurer’s ability to correctly appraise an insured’s likelihood of loss is dependent upon the insurer’s ability to access accurate information about the insured’s risk factors. The insurer typically relies heavily on the insured to provide this information because the insured has the best and most complete knowledge about their own circumstances vis-a-vis the subject matter of insurance.17 Especially where the insurer employs personal characteristics as a basis for categorizing risk, the insurer usually obtains the required information directly from the insured. For example, the insurer does not independently verify the insured’s age or gender, relying instead on the insured to accurately supply these details. Accordingly, if the law permits an insurer to rely on an insured’s personal characteristics in order to assess the risk of loss, the law must also provide the insurer with an enforceable right to demand that the insured provide this information honestly and in good faith.18

2.2

Equality Protection Under Canadian Law

In Canada, an individual’s right to equality is protected by two main sources: the Canadian Charter of Rights and Freedoms19 and provincial human rights legislation.20 The Charter restricts legislative and government actions,21 while human rights legislation governs the actions of private actors. This means that the Charter applies to legislation regulating insurance and to the actions of public insurance providers,22 while human rights legislation applies to private insurance company operations.

16

Brown et al. (2007), p. 108. See also Rego (2015), p. 123. Billingsley (2014), p. 86. 18 For a discussion of Canadian insurance law in respect of this obligation, see Billingsley (2014), pp. 85–134. 19 Part 1 of the Constitution Act, 1982, being Schedule B to the Canada Act 1982 (UK), 1982, c. 11, s. 15 [the Charter]. 20 See Sect. 2.2.1. 21 The Charter, supra n. 19, s. 32. Notably, the Charter only operates to restrict government conduct: it “does not impose positive duties to act on legislative bodies or governments” (Hogg 2017 at 37.2(b)). Where the government has taken some action, however, the Charter does apply to ensure that guaranteed rights are not infringed by legislated exclusions. See, for example, Vriend v. Alberta, [1998] S.C.J. No. 29. 22 The reference to both “provincial legislatures” and “government” in s. 32 of the Charter, supra n. 19, means that the Charter applies to legislative provisions as well as to the actions of government agents or entities: Hogg (2017) at 37.2(b) & 37.2(e). 17

58

B. Billingsley

Further, under Canada’s constitution, legislative authority is divided between the central (federal) government and 13 provincial/territorial governments.23 Authority over insurance contracts and the operation of the insurance industry rests primarily in the hands of the provinces.24 Pursuant to this authority and within their respective territorial boundaries, provinces can enact legislation to regulate the conduct of private insurance providers, including “[t]he identification of risk assessment factors, as well as the identification of types of information that an insurer may request for this purpose.”25 Provincial governments can also act as insurance providers.26 The broad scope of provincial authority over insurance means that, in the context of private insurance contracts, the Charter’s equality protection is most relevant to provincial, rather than federal, government action. The provinces have the power to pass laws regulating private insurance contracts, but this legislation, “including statutorily imposed contractual conditions or policy terms and regulations, must comply with the Charter.”27 Where government action is not in issue, it is provincial

23

This division of legislative authority is set out primarily in sections 91 and 92 of The Constitution Act, 1867 (UK), 30 & 31 Vict, c. 3, reprinted in RSC 1985, App II, No 5. Canada has ten provinces and three territories. Generally, the legislative authority of the territories mirrors that of the provinces. For example, the legislative authority over property and civil rights assigned to the provinces by s. 92(13) of the Constitution Act, 1867, is also assigned to each of the territorial governments, respectively, by the following federal statutes: the Northwest Territories Act, R.S.C. 1985, c. N-27, s. 16(h); the Yukon Act, S.C. 2002, c. 7, s. 18(1)(j) and the Nunavut Act, S.C. 1993, c. 28, s. 23(1)(l). Thus, for ease of reference, unless otherwise indicated, in this chapter I use the term “provinces” to refer to provinces and territories collectively. 24 Section 92(13) of the Constitution Act, 1867, expressly provides the provinces with exclusive authority to legislate in the area of property and civil rights. This provision has been judicially interpreted as authorizing the provinces to legislate in the area of insurance law, including insurance contracts and insurance industry operations within each province (see Citizens Insurance Co. v. Parsons (1881) 7 A.C. 96 (J.C.P.C) and Canada (Attorney General) v. Alberta (Attorney General), [1916] 1 A.C. 588). The federal Parliament, on the other hand, has express authority to legislate in regards to unemployment insurance (Constitution Act, 1867, s. 92A) and marine insurance (s. 91(1) of the Constitution Act, 1867 provides the federal Parliament with exclusive authority over navigation and shipping, which the Supreme Court of Canada has interpreted as including marine insurance: see Zavarovalna Skupnost Triglav v. Terrasses Jewellers Inc., [1983] S.C.J. No. 22). Additionally, Parliament’s authority to legislate for the “peace, order and good government” of Canada (preamble to s. 91 of the Constitution Act, 1867) has been judicially interpreted as including the power to incorporate national insurance companies (see Citizens Insurance Co. v. Parsons, ibid.). 25 Dans l’affaire du: Renvoi relatif à la Loi sur la non-discrimination génétique édictée par les articles 1 à 7 de la Loi visant à interdire et à prévenir la discrimination génétique, [“The GNDA Reference”] 2018 QCCA 2193, para. 17. Although the provinces legislate independently of one another, they “often voluntarily cooperate to develop uniform insurance law strategies and statutory wordings” through nationwide organizations such as the Canadian Council of Insurance Regulators (Billingsley 2014, p. 3). 26 For example, in the provinces of British Columbia, Saskatchewan, and Manitoba, basic motor vehicle liability insurance is provided exclusively by a government-run or public insurance company. See “Public Versus Private Auto Insurance” (n.d.). 27 Billingsley (2014), p. 10.

Insurance and Discrimination in Canadian Law

59

human rights legislation (rather than federal human rights legislation) that is most relevant to the actions of private insurers.

2.2.1

The Canadian Charter of Rights and Freedoms

Section 15(1) of the Charter states:28 Every individual is equal before and under the law and has the right to equal protection and benefit of the law without discrimination based on race, nationality, or ethnic origin, color, religion, sex, age, or mental or physical disability.

According to prevailing Supreme Court of Canada jurisprudence,29 in order to establish a violation of this right, a claimant must prove, on a balance of probabilities, that (1) a government action draws a distinction between two or more groups on the basis of one of the grounds listed in Section 15(1) or on an analogous ground30 and (2) the distinction creates a disadvantage by perpetuating prejudice or stereotyping against the affected group. Thus, not every distinction drawn on a prohibited ground violates the equality right, although the existence of such a distinction is a necessary condition for finding a Section 15(1) violation. A distinction based on protected grounds runs afoul of Section 15(1) if it imposes an “arbitrary—or discriminatory—disadvantage” either by “fail[ing] to respond to the actual capacities and needs of the members of the group and instead impos[ing] burdens” or by “deny[ing] a benefit in a manner that has the effect of reinforcing, perpetuating or exacerbating their disadvantage.”31 Factors that are relevant to determining whether the distinction perpetuates prejudice or stereotyping include any preexisting disadvantage of the group, the nature of the interest affected, possible ameliorative purposes or effects of the distinction on other disadvantaged groups, and the relationship between the grounds of discrimination and the claimant’s circumstances.32 However, it is “not necessary or desirable to apply a

28

Supra n. 19. R. v. Kapp, 2008 S.C.J. No. 42, para. 17; Withler v. Canada (Attorney General), 2011 S.C.J. No. 12, para. 30; Kahkewistahaw First Nation v. Taypotat (2015) 2 SCC 30, paras. 19–21; Fraser v. Canada (Attorney General) (2020) SCC 28, para. 27. 30 Analogous grounds are those which, like the qualities expressly identified in s. 15(1), are “personal characteristics that are unchangeable (or immutable), or at least unchangeable by the individual except with great difficulty or cost . . . They describe what a person is rather than what a person does.” (Hogg 2017 at 55.8(b)). Citizenship, marital status, and sexual orientation are among the qualities which Canadian courts have identified as analogous grounds to date. For further discussion, see Régimbald and Newman (2013), pp. 684–685. 31 Kahkewistahaw First Nation v. Taypotat, supra n. 29, para. 20. 32 These four factors are drawn from the Supreme Court’s earlier s. 15(1) jurisprudence. In Law v. Canada, (1999) 1 S.C.R. 497, the Supreme Court held that a legislative distinction does not violate the Charter’s equality guarantee unless it impairs human dignity. The court identified the impairment of human dignity with reference to these four contextual factors. The human dignity requirement was part of the s. 15(1) test from 1999 to 2008 but, in 2008, the Supreme Court restated the 29

60

B. Billingsley

step-by-step consideration of the factors” when applying the second component of the Section 15 test; “[t]he focus is not on ‘whether a discriminatory attitude exists’, or on whether a distinction ‘perpetuates negative attitudes’ about a disadvantaged group, but rather on the discriminatory impact of the distinction.”33 In other words, a law does not need to be intentionally or purposely discriminatory in order to run afoul of the Charter’s equality protection; a law will violate Section 15 of the Charter if it has the purpose or effect of discriminating on the basis of protected grounds. It should be noted, however, that the Charter’s equality guarantee is not absolute. Pursuant to Section 1 of the Charter, government action that violates a Charter right remains constitutionally valid if the violation constitutes a “reasonable limit, demonstrably justified in a free and democratic society.”34 To meet this standard, the government must satisfy the requirements of the Oakes Test.35 This test requires that the government prove, on a balance of probabilities, that (1) the impugned legislation is aimed at a pressing and substantial objective and (2) the violation of the Charter right is proportional to the legislative objective. Proportionality is established where the rights restriction is rationally connected to the objective, where the affected right is restricted only to the extent required to meet the objective, and where the salutary effects of the legislation outweigh the deleterious effects of the Charter violation. It is extremely rare, however, for a Section 15(1) violation to satisfy the Oakes Test. This is because the Supreme Court’s emphasis on discriminatory intent or effect as part of the Section 15(1) analysis leaves little practical scope for the government to demonstrate that the equality violation is a proportional limitation of the equality right.36 Simply stated, how can a denial of a benefit be proportional to a legislative objective if the denial has already been found to be discriminatory or, by definition, unfair?

2.2.2

Human Rights Legislation

Where government action is not in issue, the Charter does not apply. So, for example, the Charter’s equality protection does not restrict the actions of a private insurer where those actions are not prescribed by legislation. In such circumstances, however, protection against discrimination by private insurers is provided by provincial human rights legislation. This is because “each level of government has been

discrimination test in R. v. Kapp, supra n. 29, and dropped the human dignity requirement. However, the Court continues to reference the four factors as relevant considerations for determining whether a distinction is discriminatory. 33 Fraser v. Canada (Attorney General) (2020) SCC 28, para. 28, citing Quebec v. A, 2013 SCC 5. 34 Charter, supra n. 19, s.1. 35 This test was established by the Supreme Court of Canada in R. v. Oakes, [1986] 1 S.C.R. 103, paras. 69–71. 36 For further discussion on this point, see Hogg (2017) at 55.12.

Insurance and Discrimination in Canadian Law

61

entrusted with the authority to protect and to promote the right to equality in its sphere of jurisdiction.”37 Provincial human rights statutes are enacted by ordinary legislative procedures; they are not constitutional documents. Nonetheless, Canadian courts have consistently characterized these statutes as “quasi-constitutional”38 documents, which should be interpreted in a manner consistent with the interpretation of the Charter.39 This means that, although the Charter does not directly apply to private contracts, Charter jurisprudence informs the interpretation of statutory equality provisions that do apply to these contracts. It also means that, as with Charter rights, equality protection in provincial legislation must be “given expansive meaning” and “offered accessible application.”40 Thus, though not directly applicable to private insurance contracts, the Charter’s equality guarantee indirectly affects these contracts.41 Human rights legislation in all provinces expressly prohibits private parties from limiting or refusing to provide services or contracts to others because of personal characteristics, including sex or gender identification, age, and marital status.42 Insurance is ordinarily understood to be a service or a contract captured by this general provision.43 However, the prohibition is usually not absolute. In some jurisdictions, provincial legislation exempts insurance from the prohibition by expressly permitting discrimination on the basis of certain personal characteristics (such as age) for the purposes of underwriting particular types of insurance contracts

37

The GNDA Reference, supra n. 25, para. 15. Trachemontagne v. Ontario (Director, Disability Support Program), 2006 S.C.C. 14, para. 33; Battlefords and District Co-operative Ltd. v. Gibbs, [1996] 3 S.C.R. 566, para. 18; and Insurance Corporation of British Columbia v. Heerspink (1982) 2 S.C.R. 145, p. 158. 39 Quebec (Commission des droits de la personne et des droits de la jeunesse) v. Montréal (City); Quebec (Commission des droits de la personne et des droits de la jeunesse) v. Boisbriand (City), [2000] 1 S.C.R. 665 at para. 42. See also Lemmens and Thiery (2007), para 15. 40 Trachemontagne v. Ontario (Director, Disability Support Program), supra n. 37, para. 33. 41 Additionally, being government enactments, provincial human rights legislation must comply with the Charter. In other words, human rights statutes cannot themselves violate the Charter’s equality guarantee. See Vriend v. Alberta, supra n. 21, para. 66. 42 See Human Rights Code, RSBC 1996, c. 210, s. 8(1); Human Rights Act, RSA 2000, c. A-25.5, s. 4; Human Rights Code, SS 2018, c. S.24.2, ss 12 & 15; Human Rights Code, CSM, C. H-175, ss. 15(1) & s. 9; Human Rights Code, RSO 1990, c. H-19, ss. 1 & 3; Charter of Human Rights and Freedoms, CQLR, c. C-12, s. 10; Human Rights Act, RSNB 2011, c. 171, s. 2.1 & 6(1); Human Rights Act, RSNS 1989, c. 214, s. 5(1); Human Rights Act, RSPEI 1988, c. H-12, s. 1 & 2(1); Human Rights Act, RSNL 2010, c. H-14, ss. 9, 11 & 21; Human Rights Act, RSY 2002, c. 116, ss. 7 & 9; Human Rights Act, SNWT 2002, c. 18, ss. 5 & 11; Human Rights Act, S.Nu 2003, c. 12, ss. 7 & 12(1). 43 For example, provincial human rights legislation was applied to evaluate insurance practices in: Co-operators General Insurance Co. v. Alberta, [1993] A.J. No. 828 (ABCA), leave to appeal to S.C.C. ref’d [1994] S.C.C.A. No. 22 [“Co-operators”]; Nova Scotia (Human Rights Commission) v. Canada Life (1992) 88 D.L.R. (4th) 100 (NSCA), leave to appeal to S.C.C. ref’d (1992) 98 D.L.R. (4th) viii; Insurance Corporation of British Columbia v. Heerspink, supra n. 37. See also Lemmens and Thiery (2007), para 16. 38

62

B. Billingsley

(such as life and health insurance).44 Further, most provincial human rights statutes include a “saving provision,” which provides that discrimination, including discrimination by insurers, is permissible where it is bona fide and reasonable or justifiable.45 So, like the Charter, provincial human rights legislation commonly acknowledges that, in some instances, discrimination based on personal characteristics is tolerable. It is then left up to the courts and human rights tribunals to determine if an insurer’s discriminatory actions fall within the scope of the saving provision.

3 The Current State of Canadian Law 3.1

Discrimination in Policy Underwriting

As noted above,46 the rating of insurance premiums on the basis of personal characteristics is less likely to be considered offensive or discriminatory where a causal connection exists between the personal characteristic and the risk of loss. For example, taking factors such as age and gender into account for the purposes of health, disability, or life insurance is generally not considered to be discriminatory. This is because most people “recognize an intuitive relationship between age and

44

See, for example, Human Rights Code, RSBC 1996, c. 210, s. 8(2) & s. 13(3); Human Rights Code, SS 2018, c. S. 24.2, s. 15(3) and the Saskatchewan Human Rights Code Regulation, CS-24.1, Reg. 1, s. 27; Human Rights Code, CSM, C. H-175, s. 15(2)[note: this provision authorizes the Lieutenant Governor in Council to make regulations prescribing permitted distinctions in respect of life insurance, accident and sickness insurance, or life annuities, but no such regulations are currently in effect]; Human Rights Code, RSO 1990, c. H-19, s. 22; Charter of Human Rights and Freedoms, CQLR, c. C-12, s. 20.1; Human Rights Act, RSNL 2010, c. H-14, s. 21(3); Human Rights Act, S. Nu 2003, c. 12, s. 12(3). Further, some provincial statutes expressly permit discrimination based on personal characteristics in the specific context of group employment insurance plans, see Human Rights Code, RSBC 1996, c. 210, s. 13(3); Human Rights Act, RSA 2000, c. A-25.5, s. 7(2); Human Rights Code, SS, 2018, c. S. 24.2, s. 16(5); [note: this provision authorizes the Lieutenant Governor in Council to make regulations prescribing permitted distinctions in respect of life insurance, accident and sickness insurance or life annuities but no such regulations are currently in effect]; Human Rights Code, RSO 1990, c. H-19, s. 25(2) & (3); Charter of Human Rights and Freedoms, CQLR, c. C-12, s. 20.1; Human Rights Act, RSNB, 2011, s. 4(6) (c); Human Rights Act, RSNS 1989, C. 214, s. 6(g); Human Rights Act, RSPEI 1988, c. H-12, s. 11; Human Rights Act, SNWT 2002, c. 18, s.7(2). 45 See, for example, Human Rights Code, RSBC 1996, c. 210, s. 8(1); Human Rights Act, RSA 2000, c. A-25.5, s. 11; Human Rights Code, CSM, c. H-175, s. 15(1); Human Rights Code, R.S.O. 1990, c. H-19, s. 22; Human Rights Act, RSNB, 2011, s. 2.2; Human Rights Act, RSNS 1989, c. 214, s. 6(f)p; Human Rights Act, RSPEI 1988, c. H-12, s. 14(d) [this statute uses the term “genuine qualification”]; Human Rights Act, RSY 2002, c. 116, s. 10; Human Rights Act, SNWT 2002, c. 18, s. 11; Human Rights Act, S. Nu 2003, c. 12, s. 12(1) &12(2). 46 See Sect. 2.1.

Insurance and Discrimination in Canadian Law

63

claims costs for life and health insurance.”47 This relationship underlies many of the statutory provisions that sidestep discrimination protection by expressly permitting insurers to rely on personal characteristics as a basis for setting premiums for these types of insurance policies.48 The courts have likewise concluded that discrimination in underwriting does not occur where a statistically proven causal link exists between the personal characteristic of the insured and the risk of loss. For example, in Nova Scotia (Human Rights Commission) v. Canada Life Assurance Co.,49 the complainant argued that his equality rights under Nova Scotia’s Human Rights Act were violated by the insurer’s rejection of his application for a life and disability policy. The insurer had refused to provide the requested coverage because the complainant had preexisting conditions of diabetes and polymyositis, which greatly increased the probability of his death. The Nova Scotia Court of Appeal held that the insurer’s decision was not discriminatory. The court found that discrimination occurs where a decision is based on irrelevant personal characteristics. Here, the insured’s existing state of health had negative implications on his future health and mortality, so the insurer’s reliance on the applicant’s disabilities to refuse coverage did not violate the statutory protection against discrimination. A more difficult question arises, however, when insurers make underwriting decisions based on personal characteristics that are related to the risk of loss by statistical correlation rather than causation. In such cases, unless the legislation expressly provides otherwise, the existence of discrimination is clear; the question is whether the discrimination is justifiable under the Charter or the applicable human rights legislation. The resolution of this question is determined by common law.

3.1.1

Common Law

There are only a handful of Canadian cases that consider whether insurance companies are justified in relying on an insured’s personal characteristics as a basis of risk assessment for underwriting purposes. These decisions, discussed in turn below, indicate that, to date, Canadian courts have shown significant deference to the operational demands of the insurance industry. In particular, the courts have endorsed the insurance industry’s reliance on statistical correlations between personal characteristics and probable loss as an acceptable underwriting tool.

47

Kelly and Neilson (2006), p. 221. See n. 43 and accompanying text. 49 [1992] N.S.J. No. 5. 48

64

3.1.1.1

B. Billingsley

Zurich Insurance Company v. Ontario (Human Rights Commission)50

Although it was issued more than a quarter century ago, Zurich Insurance Company v. Ontario (Human Rights Commission) remains Canada’s leading court decision on whether discrimination in the context of insurance underwriting is justifiable. In this case, the complainant claimed that his automobile liability insurance company was unjustly discriminating against him on the basis of age, marital status, and gender. He argued that his insurer was charging him higher premiums than other drivers because he was a young, single, male driver. The insurer conceded that its premium rating system discriminated against the complainant as alleged (i.e., that the insured was being charged higher premiums as a result of the identified personal characteristics). The insurer, however, argued that the discrimination was lawful. Specifically, the insurer contended that the practice was justified under Section 21 of the Ontario Human Rights Code, which expressly states that discrimination by an automobile insurer on the basis of age, sex, or marital status did not violate the insured’s right to equality if the discrimination was based on “reasonable and bona fides grounds.”51 In a 7-2 ruling, a majority of the Supreme Court of Canada agreed with the insurer’s argument and dismissed the insured’s claim. The fundamental difference between the findings of the majority and minority justices lies in the degree to which they were respectively willing to rely on standard industry practices as evidence of reasonable conduct. Writing for the majority, Justice Sopinka “essentially deferred judgment”52 to the insurance industry; in separate dissenting reasons, Justice McLachlin (as she then was) and Justice L’Heureux-Dubé imposed a more rigorous evidentiary standard on the insurer. Justice Sopinka held that in order to establish that discrimination is justifiable under the legislation, an insurer must prove two factors on a balance of probabilities. (For ease of reference, these factors will be collectively referred to as the Zurich Justification Test). First, the insurer must prove that it imposed the distinction in good faith. Second, the insurer must prove that the distinction is reasonably necessary. This factor requires the insurer to prove, on an objective standard, that the distinction is based on sound and accepted insurance practice and that no other practical alternative is available for the purpose of assessing risk. Justice Sopinka concluded that this test was satisfied in the case at hand. There was no suggestion that the insurer acted in bad faith. Further, the insurer’s reliance on the age, marital status, and gender of the insured as a basis for assessing risk and setting premiums was reasonable because there was “credible actuarial evidence” showing a “correlation between insurance costs and criteria such as age, sex and

50

Zurich, supra n.3. Zurich, ibid., para. 13. The provision in question is now s. 22 of the Ontario Human Rights Code, RSO 1990, c. H-19. 52 Lemmens and Thiery (2007), para 28. 51

Insurance and Discrimination in Canadian Law

65

marital status.”53 Finally, there was no evidence pointing to a viable practical alternative to this rating system. On this point, Justice Sopinka relied heavily on the fact that, at the time, the insurance industry did not have any statistical evidence regarding the viability of any other rating criteria. He encouraged the industry to pursue such information for future reference, stating that “the insurance industry must strive to avoid setting premiums based on enumerated grounds.”54 However, he also held that “[t]he insurance industry must be allowed time to determine whether it can restructure its classification system in a manner that will eliminate discrimination based on enumerated group characteristics and still reflect the disparate risks of different classes of drivers.”55 Justice McLachlin and Justice L’Heureux-Dubé both took issue with Justice Sopinka’s conclusion that the insurer had established that the discrimination was reasonably necessary. In particular, the dissenting justices objected to the idea that an insurer could successfully rely on the absence of empirical evidence about alternative rating systems in order to satisfy its burden of proving that practical alternatives did not exist. As stated by Justice L’Heureux-Dubé, accepting the insurer’s argument that the setting of premiums “has always been done this way” means rewarding “complacency and a history of discrimination . . . at the cost of progress and the recognition of higher societal norms of behaviour.”56 Further, in response to the insurer’s argument that changing the classification system could adversely impact other demographic groups, Justice McLachlin held that the potential for negative outcomes on other groups cannot be relied upon by insurers to “evade their responsibilities” under existing human rights legislation.57 Justice L’Heureux-Dubé also held that in order to demonstrate that discrimination is reasonably necessary, an insurer must prove that the distinction in question is rationally connected to the insured risk. She concluded that evidence of a statistical correlation between the distinction and a potential loss is insufficient to meet this requirement. In her view, “a causal connection between the distinction and the insured risk must be established.”58 She held that the insurer’s reliance on statistical correlation alone to justify distinctions “accepts the very stereotyping that is deemed

53

Zurich, supra n. 3, para. 35. Ibid., para. 43. 55 Ibid., para. 43. 56 Ibid., para. 106. 57 Ibid., para. 131. 58 Ibid., para. 83. This view has been criticized on the basis that factual causation is a fallacy when considering the likelihood of a future loss. For example, as stated by Flanagan (1985), p. 731: “The notion of the ‘real cause’ of accidents . . . has no determinate meaning: it could be anything from faulty brakes to the genetic code, depending on the frame of reference adopted. Modern social science has largely abandoned the search for causation in the study of social aggregates, relying instead upon statistical correlation. To insist that insurance rating schemes employ only ‘real causes’ will plung them into a morass, for no factor will ever be able to withstand rigorous scrutiny.” 54

66

B. Billingsley

unacceptable by human rights legislation.”59 On this point, she noted further that it is “the blind application of the stereotype to the individual, and not the untruth of the stereotype, that makes such a generalization objectionable.”60

3.1.1.2

Co-operators General Insurance Co. v. Alberta61

Although Zurich was decided by the Supreme Court of Canada in 1992, the discrimination complained of in that case took place in the early 1980s. This means that the Supreme Court of Canada judged the reasonability of the insurer’s rating classification scheme according to the empirical evidence available to the insurance industry in the 1980s. So only a year after the Supreme Court issued its ruling were the findings in Zurich reconsidered by the Alberta Court of Appeal in Co-operators General Insurance Co. v. Alberta, this time in the context of evidence regarding insurance industry practices of the early 1990s. In this case, the complainant alleged that his right to equality under Alberta’s Human Rights Code was violated by his automobile liability insurer. In particular, he argued that his insurer was discriminating against him on the basis of sex by charging him higher premiums than female drivers of the same age. The existence of discriminatory treatment was clear, so the case focused on whether the discrimination was “reasonable and justifiable” under the statute’s saving provision.62 The court applied the Zurich Justification Test and concluded that the discrimination was permissible. The court was satisfied that the insurer’s decision to charge male drivers higher premiums than female drivers was made in good faith. To determine whether the distinction was reasonably necessary, the court started with the premise that the reasonability of the discrimination must be considered in the unique context of the insurance industry, where it is “impractical in the extreme to individually assess the risk that each person brings to the system.”63 Viewed in this context, the court held that the use of gender as rating criteria is reasonable because the statistical correlation between gender and likelihood of loss means that gender “assists in the prediction of loss.”64 Further, the court held that in order to qualify as a practical alternative, another rating option does not need to “replicate the results of the impugned practice,”65 but it must (1) lead to financially viable insurance industry, (2) result in the widespread availability of insurance, and (3) be fair. Empirical

59

Zurich, supra n. 3, para. 89. Ibid., para. 89. 61 Co-operators, supra, n. 42. 62 Ibid., para. 4. The provision in question is now found in the Alberta Human Rights Act, RSA 2000, c. A-25.5, s. 11. 63 Ibid., para. 52. 64 Ibid., para. 57. 65 Ibid., para. 70. 60

Insurance and Discrimination in Canadian Law

67

evidence established that a genderless rating system could achieve the first two of these three criteria. However, the evidence also indicated that genderless rating systems result in an increase in premiums for young female drivers. The court held that such a premium increase would be unfair to female drivers because, as a group, they do not have a statistically higher likelihood of being involved in a car accident. In contrast, charging male drivers higher premiums “attempt[s] to reflect the number and severity of accidents involving young males.”66 Accordingly, the court concluded that no reasonable practical alternative to gender-based discrimination existed and upheld the insurer’s practice as being reasonable and justifiable.

3.1.1.3

J. v. London Life Insurance Co.67

In this case, the insurer refused to issue a policy of life insurance to the complainant because the complainant’s spouse was HIV-positive. The complainant argued that the coverage refusal amounted to discrimination on the basis of marital status and disability, contrary to the Province of British Columbia’s Human Rights Code. The insurer argued that coverage was declined on the basis of the complainant’s riskincreasing activities—that is, having sexual relations with an HIV-positive individual—and not on the basis of the applicant’s personal characteristics. The British Columbia Human Rights Tribunal held that because the insurer made no attempt to ask the applicant whether he intended to abstain from sexual relations with his wife, the insurer did discriminate against the insured on the basis of marital status. The tribunal also found that the insurer had discriminated against the complainant on the basis of disability because the insurer had refused coverage on the basis of the insured’s potential to become disabled. Turning to the question of whether the discrimination by the insurer was bona fide and reasonably justified under the statute’s saving provision, the tribunal applied the Zurich Justification Test. The tribunal noted that the insurer had failed to produce any actuarial or statistical evidence establishing a link between being married to an HIV patient and contracting the illness. Instead, the insurance company had relied solely on anecdotal evidence as a basis for concluding that “it could not assess the risk.”68 Accordingly, the insurer failed to meet its burden of proving that the refusal to issue the policy was grounded in “sound and accepted insurance practice,”69 as required by the Zurich Justification Test. Another issue in the case was whether the insurer’s refusal to issue the policy was protected by Section 8(2) of the province’s Human Rights Code, which permits discrimination on the basis of physical disability for the purposes of determining life

66

Ibid., para. 89. [1999] B.C.H.R.T.D. No. 35. 68 Ibid., para. 55. 69 Ibid., para. 56. 67

68

B. Billingsley

or health insurance premiums or benefits. The tribunal held that this provision does not apply where an insurer refuses to provide any insurance coverage. In other words, the tribunal read this section as applying only to situations where a life or disability insurer relies on physical disability as a basis for setting premiums or restricting benefits under a health or life insurance policy that the insurer agrees to issue.

3.1.1.4

Olorenshaw v. Western Assurance Co.70

In this 2013 case, the Ontario Human Rights Commission held that an automobile liability insurer’s decision to charge higher premiums for drivers over 80 years of age was justifiable under the Ontario Human Rights Code. Applying the Zurich Justification Test, the tribunal found that the age criteria were reasonable because statistical evidence demonstrated that drivers over the age of 80 were more likely to be involved in motor vehicle accidents. Further, because “sensory, motor coordination and cognitive decline is highly variable and unpredictable in terms of onset and progression for this category of drivers,”71 the court concluded that individual assessment of each insured driver within this age category would be of limited predictive value, even if such assessment could be practically undertaken. While acknowledging that some Canadian provinces have legislatively prohibited the use of age as an automobile insurance rating factor,72 the tribunal concluded that this fact alone does not determine what is bona fide and reasonable, especially in the absence of evidence explaining why those provisions were enacted.

3.1.2

Statutory Prohibitions and Industry Practice

In some provinces, statutory provisions and industry standards override common law’s acceptance of the insurance industry’s use of personal characteristics as a risk assessment factor in the context of motor vehicle liability insurance. In particular, legislation in some provinces expressly prohibits the use of personal characteristics such as age, sex, and marital status for setting basic motor vehicle insurance premiums73 or as a basis for refusing to provide or renew such coverage.74 Moreover, in the three jurisdictions, where basic motor vehicle insurance is exclusively provided 70

[2013] O.H.R.T.D. No. 297. Ibid., para. 38. 72 See Sect. 3.1.2. 73 See, for example, Automobile Rating Classification Regulation, N.B. Reg. 2004-139, s.5; Prohibited Underwriting Practices Regulation, N.B. Reg. 2003-15, s.4; Matters Considered in Automobile Insurance Rates and Risk-Classification Systems Regulations, N.S. Reg 183/2003; and Automobile Insurance Prohibited Underwriting Regulations, O.C. 2004-297, s. 4(e.1). 74 See, for example, Insurance Act, RSA 2000, c. I-3, s. 555 in combination with the Adverse Contractual Action Regulation, Alta. Reg. 28/2015; Automobile Insurance Underwriting 71

Insurance and Discrimination in Canadian Law

69

by a public insurer, the insurers do not use age, gender, or marital status as rating factors.75 Overall, however, these statutory and industry restrictions apply in only half of the provinces. This means that motor vehicle liability insurers in the remaining provinces continue to rely on personal characteristics as rating factors, as permitted under common law. It should also be noted that, within the insurance industry, some personal qualities are considered “intolerable” as rating criteria, “regardless of statistical validity.”76 For example, Canadian insurers do not typically use race and religion as rating criteria. In some jurisdictions, insurance legislation expressly prohibits reliance on these factors.77

3.1.3

Insurers’ Reliance on Genetic Information for Policy Underwriting

Recent advances in genetic testing have prompted concerns that insurance companies may use genetic test results as a basis to discriminate against people applying for health, disability, or life insurance.78 The main fear is that insurance companies will refuse to provide coverage or will increase the cost of coverage for applicants who, according to genetic test results, have a higher risk of experiencing a serious health issue in the future.79 From the insured’s point of view, this would amount to discrimination on the basis of a specific personal quality: a genetic predisposition to disease or illness. It is also suggested by some that the use of genetic tests for

Regulation, N.S. Reg. 125/2003; Prohibiting Underwriting Practices Regulation, P.E.I. Reg. EC697/03; and Automobile Insurance Regulation, RRO, 1990, Reg. 664, s. 5, 75 ICBC, “Autoplan Insurance”, https://www.icbc.com/autoplan/costs/Pages/Default.aspx; J. Chant, “Understanding Why Basic Auto Insurance Rates in BC Are So High”, Fraser Institute, 2018, https://www.fraserinstitute.org/sites/default/files/understanding-why-auto-auto-insurancerates-in-bc-are-so-high.pdf; “SGI Rate Changes”, https://www.sgi.sk.ca/rates; “Guide to Autopac”, Manitoba Public Insurance, 2019, https://www.mpi.mb.ca/en/PDFs/PolicyGuide2019.pdf; “2015 Annual Report: Positioned for the Future”, Manitoba Public Insurance, https://www.mpi.mb.ca/en/ PDFs/PolicyGuide2019.pdf, p. 11. 76 West (2013), pp. 682 and 683. 77 See, for example, Insurance Act, RSO 1990, c. I-8, s. 140; Insurance Act, RSNWT 1988, c. I-4, s. 57; and Insurance Act, RSNWT (Nu) 1988, c. I-4, s. 57. 78 See, for example, Walker (2014), p. 1; Adjin-Tettey (2013), paras 16–31; and Lemmens (2000), paras 9–12. 79 Related worries are that insurers may require applicants to undergo genetic testing as a condition of providing coverage or require insureds to disclose the results of genetic testing which they have undertaken for other purposes. According to Canadian common law, insureds have a good faith obligation to disclose material facts to their insurers, and, in the context of health, disability, or life insurance, genetic test results may be captured by this obligation. A material fact is one that a reasonable insurer would consider as increasing the risk of loss; it is a fact that would cause a reasonable insurer to increase the premium or refuse to provide coverage. (Mutual Life Insurance Co, N.Y. v. Ontario Metal Products, [1925] D.L.R 583 at 588 (J.C.P.C.)) For further discussion of the insured’s duty of disclosure, see Billingsley (2014), pp. 85–134.

70

B. Billingsley

underwriting purposes could negatively impact society by causing insureds to avoid or delay testing which might be beneficial to their health care or by creating a “genetic underclass or hierarchy of human beings arising from conceptions of good and bad genes.”80 At present, these concerns have been addressed in Canada by the Genetic Non-Discrimination Act81 (GNDA) enacted by the federal Parliament in 2017. This statute expressly prohibits insurers from requiring applicants or existing insureds to undergo genetic testing or to disclose the results of genetic testing as a condition of entering into or continuing an insurance contract or as a condition of providing particular coverage.82 Where genetic test results are voluntarily disclosed to an insurer by an insured, the statute further prohibits insurers from collecting, using, or disclosing an insured’s genetic test results without the insured’s written consent.83 In sum, the statute clearly and completely prohibits insurance companies from using the genetic test results of an insured as an underwriting tool unless an insured voluntarily consents to such use. The Supreme Court of Canada recently confirmed the constitutional validity of the GNDA.84 The question before the court was whether the federal Parliament acted within the scope of its legislative authority when it passed this law. More specifically, the question was whether the law is properly characterized as addressing a criminal law matter (which falls within the exclusive jurisdiction of the federal Parliament) or as addressing contractual relations (which falls within the exclusive jurisdiction of the provincial legislatures).85 In Canada, the prevailing common law test (the Criminal Law Test) for determining whether a law properly falls within the federal Parliament’s authority over criminal law has three requirements.86 First, the law must contain a prohibition; second, the law must provide a penalty; and third, the law must be aimed at a valid criminal law purpose. A valid criminal law purpose is one that is directed at the suppression of evil or the safeguarding of a threatened interest.87 Past cases have upheld public peace, order, security, health, and morality as valid public purposes.88 Moreover, the Supreme Court has previously held that legislation aimed at 80

Adjin-Tettey (2013), para 26. S.C. 2017, c. 3. 82 Ibid., ss. 3 & 4. 83 Ibid., s. 5. 84 Reference re Genetic Non-Discrimination Act, 2020 SCC 17. 85 Pursuant to Canada’s constitution, the federal Parliament has legislative authority over criminal law matters (s. 91(27)), while the provincial legislatures have exclusive legislative authority over property and civil rights (s. 92(13)). It has been long established by Canadian courts that the provincial authority over property and civil rights includes the regulation of insurance contracts. See n. 23. 86 This test was originally set out by the Supreme Court of Canada in Reference Re Validity of Section 5(1) Dairy Industry Act, [1949] 1 S.C.R. 1, para. 72 [“The Margarine Reference”]. 87 Reference Re Assisted Human Reproduction Act, 2010 SCC 51, para. 232. 88 The Margarine Reference, supra n. 86, para. 50. 81

Insurance and Discrimination in Canadian Law

71

preventing potential harm to public health satisfies the requirement of a criminal law purpose.89 The GNDA clearly satisfies the first two criteria of the Criminal Law Test. So the third requirement was determinative in the Supreme Court’s analysis. A majority of five justices of the nine-member court held that the GNDA falls within the federal Parliament’s jurisdiction over criminal law. The majority reasoned that by protecting individuals from being forced to undergo genetic testing or to reveal genetic test results to their insurance companies or employers, the statute aims at preventing a genuine threat of harm to individual autonomy, privacy, equality, and public health. Protection of these harms is a criminal law matter. The majority’s conclusion means that the GNDA is valid and operational legislation. It is interesting to note, however, that four members of the Supreme Court rejected the majority’s finding that the statute targets the evil of genetic discrimination. The dissenting justices noted that the GNDA does not prohibit genetic discrimination per se because it does not address the use of voluntarily disclosed genetic information or genetic information obtained through other means, such as family history. The dissenting justices therefore concluded that the dominant purpose and effect of the GNDA is to regulate insurance and other types of contracts—a purpose that falls outside of the federal Parliament’s legislative authority. Given the 5-4 split in the Supreme Court’s evaluation of this legislation, it is fair to say that the validity of the GNDA was a close call for the court.

3.2

Discrimination in Providing Insurance Benefits

In addition to discriminating against insureds on the basis of personal characteristics for underwriting purposes, insurers can attempt to rely on these characteristics as a basis for restricting the payment of insurance benefits. This essentially means writing insurance contracts in a way that limits or denies the payment of insurance proceeds to insureds or policy beneficiaries on the basis of their personal qualities (such as age or marital status). In general, Canadian courts have been much less tolerant of discrimination occurring in the context of providing insurance benefits than in the context of insurance underwriting. This is true whether discrimination is considered under the Charter or under human rights legislation. As discussed below, in most of these cases, the courts have upheld the claim that an insurer unjustifiably violated an insured’s equality rights by relying on an insured’s personal characteristic as a basis for restricting the insured’s entitlement to benefits. A notable exception is the court’s treatment of provincial legislation restricting the compensation available to motor vehicle accident victims who suffer “minor injuries.” To date, Canadian courts have

89

RJR MacDonald Inc. v. Canada (Attorney General) [1995] 3 S.C.R. 199; R. v. Malmo Levine [2003] 3 S.C.R. 571; and Reference re Assisted Human Reproduction, supra n. 87.

72

B. Billingsley

consistently held that, despite discriminating against insureds on the basis of disability, such statutory minor injury caps do not violate equality rights.

3.2.1

Charter Cases

The three leading cases considering discrimination and insurance benefits in the context of the Charter’s equality guarantee are Miron v. Trudel,90 TetreaultGadoury v. Canada (Employment and Immigration Commission),91 and Nova Scotia (Workers’ Compensation Board) v. Martin.92 As explained below, in each of these cases, the Supreme Court of Canada held that legislation restricting insurance compensation to claimants on the basis of a personal characteristic unjustifiably discriminated against the complainant. Miron v. Trudel focused on the terms of a government-regulated standard automobile insurance policy that provided accident benefits to married, but not unmarried, spouses. A narrow majority of the court found that marital status was an analogous ground under Section 15 of the Charter and that the denial of benefits to unmarried couples was therefore discriminatory.93 Further, the majority held that the government did not meet its Oakes Test burden of proving that the discrimination was rationally connected to the legislative objective of sustaining families when a family member is injured in an automobile accident or that the equality right was impaired only to the extent reasonably necessary to achieve that goal. Similarly, in Tetreault-Gadoury v. Canada (Employment and Immigration Commission), the Supreme Court unanimously concluded that the Charter’s equality provision was unjustifiably violated by a federal employment scheme that failed to provide benefits to applicants over the age of 65 who lost their jobs. The court readily found that the legislative provision disadvantaged the complainant on the basis of the listed ground of age. Further, while acknowledging that the impugned provision was enacted to achieve the pressing and substantial objective of preventing abuse of the employment insurance system by those who are receiving a pension or planning to retire, the court found that the legislation did not minimally impair the equality right in its attempt to meet this objective. The court found that the impugned provision was too broad, “resulting in the curtailment of benefits to any individual who has

90

[1995] S.C.J. No. 44. [1991] 2 S.C.R. 22. 92 [2003] 2 S.C.R. 504. 93 The court split 5-4 on the question of whether the legislation violated s. 15(1) of the Charter. The majority’s finding that marital status was an analogous ground of discrimination overturned the Ontario Court of Appeal’s finding in an earlier case. (See Leroux v. Co-operators General Insurance Co., [1991] O.J. No. 1554 (ONCA). The dissenting Supreme Court justices refused to recognize marital status as an analogous ground of discrimination because they characterized marriage as a contractual choice giving rise to unique rights and obligations, rather than as a personal quality. 91

Insurance and Discrimination in Canadian Law

73

attained the age of 65, irrespective of economic need or continued membership in the ‘active’ working population.”94 In Nova Scotia (Workers’ Compensation Board) v. Martin, the court considered the constitutionality of a provincial workers’ compensation scheme that restricted compensation for injured workers suffering chronic pain. The Supreme Court unanimously held that the statutory system violated the Charter’s equality protection by discriminating against some injured workers based on the nature of their physical disability, perpetuating negative stereotypes against those suffering from chronic pain. Further, the court held that this discrimination could not be justified under the Oakes Test on the basis of any of the government’s stated legislative objectives. In particular, the court held that the goals of ensuring the financial viability and administrative efficiency of the insurance program were not, on their own, sufficiently pressing and substantial objectives to justify overriding a Charter right. The objectives of preventing insurance fraud and promoting early medical treatment for chronic pain were sufficiently pressing and substantial to satisfy the first component of the Oakes Test, but the statutory restriction of the equality right was not proportional to these purposes. In particular, because other forms of protection against fraud were available under the legislation, the restriction of chronic pain benefits did not minimally impair the equality right. Further, the restriction of benefits was not rationally connected to the promotion of prompt medical intervention and did not minimally impair the equality right.

3.2.2

Human Rights Legislation Cases

Under human rights legislation, Canadian courts have found that the right to equality was violated by a federal employment insurance program that provided extra benefits to parents with a new child if the child came into the home after 6 months of age,95 a disability insurance policy that provided coverage for mental and physical disability but terminated mental disability coverage after 2 years,96 a group disability policy that excluded coverage for pregnant employees for a specified period of time during the expected confinement,97 and a group disability policy that did not pay benefits to a pregnant employee who was not yet on maternity leave.98 In each of these cases, the courts found that the failure to extend benefits to the respective claimants constituted prohibited discrimination, which was not justified under the

94

Tetreault-Gadoury v. Canada (Employment and Immigration Commission), supra n. 93, para 50. Gonzalez v. Canada (Employment and Immigration Commission), [1997] F.C.J. No. 790 [FCTD] 96 Battlefords and District Co-operative Ltd. v. Gibbs, [1996] 3 S.C.R. 566 (SCC). 97 Brooks v. Canada Safeway Ltd., [1989] 1 S.C.R. 1219 (SCC). 98 London Life Insurance Co. and Ontario Human Rights Commission (1985) 50 O.R. (2d) 748 (ONHCJ). 95

74

B. Billingsley

relevant statutory provisions. Notably, because of the particular statutory provisions involved, the Zurich Justification Test was not applied in any of these cases.99

3.2.3

Minor Injury Caps

In recent years, it has become increasingly common for Canadian provinces to enact legislation that limits or “caps” the compensation that persons injured in a motor vehicle accident can claim as general damages from the driver responsible for the accident.100 This legislation does not directly restrict the payment of insurance benefits; however, by restricting an accident victim’s general damage claim against an at-fault driver, the effect of the legislation is to limit the liability of the tortfeasor’s motor vehicle liability insurer. In short, under the legislation, the motor vehicle liability insurer’s obligation to pay general damages to accident victims who suffer “minor injuries” is diminished. To date, two provincial appellate courts have dismissed arguments that minor injury cap provisions violate the Charter’s equality guarantee.101 These courts have 99

In Gonzalez v. Canada (Employment and Immigration Commission), supra n. 97, the challenge to the federal employment insurance program was brought under the Canadian Human Rights Act. The government insurer argued that the discrimination was justified because the legislative distinction was implemented for bona fide budget reasons. Without referencing the Zurich Justification Test, the Federal Trial Court held that, because Parliament has a wide range of options for addressing budgetary concerns, “the Attorney General cannot justify the discrimination on the ground of budget constraints” (para. 42). In Battlefords and District Co-operative Ltd. v. Gibbs, supra n. 98, the claimant argued that the disability insurance policy provided by her insurer violated s. 16(1) of the Saskatchewan Human Rights Code which prohibited an employer from discriminating on the basis of disability. Upon finding that the provision was violated, the Supreme Court of Canada refused to apply the Zurich Justification Test because “no evidence was led in an attempt to justify the discrimination” (para. 42) and because the statute did not provide “for a special defence relating to insurance such as exists in Ontario and which enabled Zurich to justify the discriminatory practice in that case” (para. 43). In Brooks v. Canada Safeway Ltd., supra n. 99, and in London Life Insurance Co. and Ontario Human Rights Commission, supra n. 100, the claimants argued that the disability insurance plans provided by their employers discriminated against them on the basis of sex by restricting coverage during pregnancy, contrary to the Human Rights Act of Manitoba and the Ontario Human Rights Code respectively. In both cases, the discrimination claims were upheld and the respective courts found that the discrimination did not fall within the narrowly defined statutory exceptions that applied to employee insurance plans. 100 Minor injury cap systems have been implemented in Alberta, British Columbia, New Brunswick, Nova Scotia, Ontario, and Prince Edward Island. See Minor Injury Regulation, Alta. Reg. 123/2004; Minor Injury Regulation, B.C. Reg. 60/2019; Injury Regulation – Insurance Act, N.B. Reg. 2003-20; Automobile Accident Minor Injury Regulations, N.S. Reg. 94/2010; Statutory Accident Benefits Schedule, ON Reg. 34/10 and Minor Injury Guideline, Financial Services Commission of Ontario, February 2014; Insurance Act, R.S.P.E.I. 1988, c.I-4, ss. 254.1-254.4. 101 Morrow v. Zhang, 2009 ABCA 215 and Hartling v. Nova Scotia (Attorney General), 2009 NSCA 130. See also Hernandez v. Palmer, 1992 OJ No. 2648. For a detailed analysis of the equality issues raised in Morrow v. Zhang, see Billingsley (2005), pp. 711–739; and Billingsley (2009), pp. 229–253.

Insurance and Discrimination in Canadian Law

75

held that by defining certain injuries as “minor injuries” and limiting compensation for those injuries, the legislation does draw a distinction based on the prohibited ground of physical disability. Nonetheless, the courts have concluded that this distinction is not discriminatory because it does not cause or perpetuate prejudice or stereotyping against those people whose injuries the law classifies as “minor.” These rulings, however, may not be the last word on this issue; the prevailing decisions are already a decade old, and the Supreme Court of Canada has never addressed the question. A newly implemented minor injury cap system in British Columbia is currently the subject of a Section 15(1) Charter challenge recently initiated in that province.102 This challenge, currently being brought before the British Columbia Supreme Court, raises the possibility of this question working its way through the Canadian court hierarchy and finally eliciting a ruling from the Supreme Court of Canada.

4 Future Developments As the overview provided in Sect. 3 indicates, at present, Canadian law strikes an uneasy balance when it comes to the application of human rights protection to insurance matters. On one hand, existing law clearly prioritizes equality concerns over insurance operations. For example, federal legislation currently prohibits insurers from discriminating against insureds on the basis of genetic test results, and legislation in many provinces expressly prohibits insurers from relying on personal qualities such as age and gender when underwriting automobile insurance. Canadian courts have also rigorously applied human rights protection to prevent insurers from relying on the personal characteristics of insureds as a basis for restricting the payment of insurance benefits. On the other hand, however, in certain circumstances, prevailing law tolerates discrimination by insurers. For instance, provincial legislation commonly authorizes insurance companies to rely on personal characteristics such as age and disability for the purposes of underwriting health and life insurance policies. Further, Canadian courts have thus far held that provincial automobile insurance legislation that caps recovery for individuals having certain types of injuries is not discriminatory. Additionally, under the Zurich Justification Test, prevailing jurisprudence holds that automobile liability insurers are justified in discriminating against insureds on the basis of personal characteristics for risk assessment purposes. Looking to the future, the question is whether the current balance is likely to be redrawn by Canadian legislatures or courts. In this regard, a particularly significant issue is an insurer’s ability to rely on the personal characteristics of an insured for

The Canadian Press (2019); “Trial lawyers to launch court challenge against ICBC changes” (2019); and DeRosa (2019).

102

76

B. Billingsley

underwriting purposes, particularly in the context of automobile insurance. As previously noted, approximately half of the provinces in Canada continue to assign automobile insurance premiums on this basis. In Zurich, the Supreme Court of Canada found this discriminatory practice to be justified because the court was satisfied that, at the time, no practical risk-assessment alternative existed. For the reasons explained below, it is not clear that the Supreme Court would make the same finding today. In human rights cases decided since Zurich in contexts other than insurance, the Supreme Court of Canada has stated that discrimination is justifiable under human rights legislation where the discrimination is proven, on a balance of probabilities, to be “rationally connected to the function being performed; . . . necessary for the fulfillment of the purpose or goal; and . . . “reasonably necessary to accomplish its purpose or goal.”103 Under this test, in order to establish that the discrimination is “reasonably necessary,” the party defending a discriminatory practice must prove that “accommodation short of undue hardship has been incorporated into the standard.”104 It has been suggested that if a human rights challenge to automobile insurance underwriting practices was brought before the court today, the Supreme Court would apply this more stringent standard in place of the Zurich Justification Test.105 To date, Canadian courts have not expressly commented on the application of this new test to insurance underwriting practices. It is notable, however, that, in 2013, the Ontario Human Rights tribunal employed the Zurich Justification Test rather than the new standard when deciding whether an insurer was justified in using age as an automobile insurance rating criteria.106 This approach suggests that future courts likewise may continue to treat discrimination in the context of insurance differently than discrimination in other contexts. Nevertheless, regardless of which justification test would be applied, it is clear that the evidence available on this issue would be very different today than it was at the time that the Zurich case was before the court. When Zurich was decided, there was no evidence of rating criteria that could serve as a practical alternative to gender and age. This is no longer the case. For example, the monitoring of mileage was then seen as “highly cost-prohibitive,” but “given modern advancements such as the increasing use of GPAS systems in vehicles and the ever-accelerating progression in computer technology, it is likely that monitoring costs may not be as unreasonable as they once were.”107 Further, the fact that automobile insurance providers in many Canadian provinces maintain viable operations without using gender as a rating

103

British Columbia (Superintendent of Motor Vehicles) v. British Columbia, [1999] 3 S.C.R. 868 at para. 20. See also British Columbia (Public Service Employee Relations Commission) v. British Columbia Government and Service Employees’ Union, [1999] 3 S.C.R. 3 at para. 62. 104 British Columbia (Superintendent of Motor Vehicles) v. British Columbia, ibid., para. 21. 105 Lemmens and Thiery (2007), para 85. 106 Olorenshaw v. Western Assurance Co, supra n. 69. See the discussion of this case in Sect. 3.1.1.4. 107 West (2013), p. 693.

Insurance and Discrimination in Canadian Law

77

system demonstrates that gender discrimination is not a necessary component of a workable automobile underwriting system and proves there are practical alternatives to discrimination in this context.108 Other countries have also dropped gender-rating systems. For example, the European Union has not used gender-rating systems since 2012.109 This is not to say, however, that evidence no longer exists to support the counterargument that underwriting on the basis of personal characteristics is a practical necessity in the context of automobile insurance. For instance, there are statistics that show that “both accident frequency and accident severity (on a per capita basis) are higher in systems that do not use age in pricing compared with those in which age is used.”110 Further, even if technology exists to monitor driving behavior as a replacement for rating insurance on the basis of personal criteria, the use of this technology raises questions of reliability, verifiability, cost, and privacy.111 Likewise, although options such as subjecting an insured to an annual driving test might be helpful in assessing risk, “this would be prohibitively expensive and impossible to implement on a large scale.”112 Additionally, alternative rating criteria (such as years of driving) may still be seen as discriminatory in their impact because of correlation with prohibited category (e.g., age).113 Given all of these conflicting factors, it is difficult to predict the conclusion that Canadian courts will come to in analyzing the justification issue in future. Justice Sopinka’s observation in Zurich that “[t]he determination of insurance rates and benefits does not fit easily within traditional human rights concepts”114 remains true today. Nevertheless, due to the developments in equality jurisprudence and in technology relevant to underwriting since Zurich, it seems timely for legislators and courts to reconsider the existing balance between human rights protection and insurance underwriting considerations. In the end, as other commentators have suggested, the determining factor behind any future decision on the matter may come down to social acceptability,115 rather than being based on the insurance industry’s ability to justify discrimination on financial grounds. In other words, the insurance industry’s reliance on personal characteristics as underwriting factors will end—whether by legislation, by the courts, or by the voluntary actions of insurers—when Canadian society decides 108

Ibid., pp. 688 and 693. As noted by Rego (2015), p. 119, “[t]he European Court of Justice (‘ECJ’) has held that as from 21 December 2012, insurers may no longer charge men and women differently on the basis of scientific evidence that is statistically linked to their sex, effectively prohibiting the use of sex as a factor in the calculation of premiums and benefits for the purposes of insurance and related financial services throughout the European Union.” 110 Brown et al. (2007), p. 111; and Kelly and Neilson (2006), p. 225. 111 Flanagan (1985), p. 727. 112 West (2013), p. 682. 113 Brown et al. (2007), p. 112; Kelly and Neilson (2006), p. 225; and Zurich, supra n. 3, para. 39. 114 Zurich v. Ontario Human Rights Commission, [1992] S.C.J. No. 63, para. 17. 115 West (2013), p. 689; Flanagan (1985), pp. 727–728; and Kelly and Neilson (2006), p. 221. 109

78

B. Billingsley

that differentiation on the basis of personal characteristics such as gender and age is wholly unacceptable even if that differentiation supports the financial or business operations of the insurance industry. The fact that Canadian law has prioritized equality considerations in other insurance contexts (as discussed in Sect. 3) suggests that Canadian society is certainly moving in this direction116 and that the balance may soon be tipped firmly in favor of equality over business efficacy.

References Articles Adjin-Tettey E (2013) Insurance law potential for genetic discrimination in access to insurance: is there a dark side to increased availability of genetic information? Alta Law Rev 50(3):577–614 Ashley F (2018) Man who changed legal gender to get cheaper insurance exposes the unreliability of gender markers. CBC. https://www.cbc.ca/news/canada/calgary/alberta-man-changes-gen der-insurance-transgender-rights-1.4764839. Accessed 18 May 2021 Billingsley B (2005) Legislative reform and equal access to the justice system: an examination of Alberta’s new minor injury cap in the context of section 15 of the Canadian Charter of Rights and Freedoms. Alta Law Rev 42(3):711–739 Billingsley B (2009) Taking measure of the Charter’s equality guarantee: a comment on the court of appeal’s ruling in Morrow v. Zhang. Alta Law Rev 47(1):229–252 Billingsley B (2014) General principles of Canadian insurance law, 2nd edn. LexisNexis Canada, Markham Brown RL et al (2007) Colliding interests—age as an automobile insurance rating variable: equitable rate-making or unfair discrimination? J Bus Ethics 72:103 DeRosa K (2019) B.C. taken to court over auto insurance changes. Vancouver News. https://www. vancouverisawesome.com/2019/04/02/icbc-changes-lawyers-court-bc/. Accessed 18 May 2021 Flanagan T (1985) Insurance, human rights, and equality rights in Canada: when is discrimination ‘reasonable?’. Can J Polit Sci 18(4):714 Hogg P (2017) Constitutional law of Canada. Thomson Reuters Canada Limited, Toronto Hopper T (2018) Alberta man legally changes sex for cheaper car insurance: ‘I didn’t feel like getting screwed over any more’. National Post. https://nationalpost.com/news/canada/albertaman-legally-changes-sex-for-cheaper-car-insurance-i-didnt-feel-like-getting-screwed-over-anymore. Accessed 18 May 2021 Kelly M, Neilson N (2006) Age as a variable in insurance pricing and risk classification. Geneva Papers 31:212 Lemmens T (2000) Selective justice, genetic discrimination and insurance: should we single out genes in our laws? McGill Law J 45:347–412 Lemmens T, Thiery Y (2007) Insurance and human rights: what can Europe learn from Canadian anti-discrimination law? In: Discrimination in insurance. Academia-Bruylant, Maklu Mikelionis J (2018) Canadian man legally lists gender as female to get cheaper car insurance: report. Fox News. https://www.foxnews.com/world/canadian-man-legally-lists-gender-asfemale-to-get-cheaper-car-insurance-report. Accessed 18 May 2021

116

For example, some automobile insurers are responding to the needs of insureds having a nonbinary gender identity by offering those insureds a choice of having premiums rated on the basis of female or male accident statistics. See Mitchell et al. (2017).

Insurance and Discrimination in Canadian Law

79

Mitchell et al (2017) The X-Factor: genderless auto insurance hits Ontario. Mitchell & Whale Insurance Brokers Ltd. https://mitchellwhale.com/the-x-factor-genderless-auto-insurance-hitsontario. Accessed 18 May 2021 O’Neill N (2018) Man legally changes gender to get cheaper car insurance: report. New York Times. https://nypost.com/2018/07/30/man-legally-changes-gender-to-get-cheaper-car-insur ance-report/. Accessed 18 May 2021 Prince A (2018) Insurance risk classification in an era of genomics: is a rational discrimination policy rational? Neb Law Rev 96:624 “Public versus private auto insurance” (n.d.) Insurance Bureau of Canada. http://www.ibc.ca/on/ insurance-101/public-versus-private-auto-insurance. Accessed 18 May 2021 Régimbald G, Newman D (2013) The law of the Canadian Constitution, 1st edn. LexisNexis, Markham Rego M (2015) Statistics as a basis for discrimination in the insurance business. Law Probab Risk 14:119–134 The Canadian Press (2019) Insurance corporation of British Columbia challenged over injury payouts, dispute resolution. The Star. https://www.thestar.com/vancouver/2019/04/01/insur ance-corporation-of-british-columbia-challenged-over-injury-payouts-disputes-resolution.html. Accessed 18 May 2021 “Trail lawyers to launch court challenge against ICBC changes” (2019) CBC News, https://www. cbc.ca/news/canada/british-columbia/trial-lawyers-icbc-constitutional-challenge-1.5079209. Accessed 18 May 2021 Walker J (2014) Genetic discrimination and Canadian law (background paper), Library of Parliament, Ottawa, Canada, Publication No. 2014-90-E, 16 West K (2013) Gender in automobile insurance underwriting: some insureds are more equal than others. Alberta Law Rev 50(3):679

Case Law Battlefords and District Co-operative Ltd. v. Gibbs, [1996] 3 S.C.R. 566 British Columbia (Public Service Employee Relations Commission) v. British Columbia Government and Service Employees’ Union, [1999] 3 S.C.R. 3 British Columbia (Superintendent of Motor Vehicles) v. British Columbia, [1999] 3 S.C.R. 868 Brooks v. Canada Safeway Ltd., [1989] 1 S.C.R. 1219 Canada (Attorney General) v. Alberta (Attorney General), [1916] 1 A.C. 588 Citizens Insurance Co. v. Parsons (1881) 7 A.C. 96 (J.C.P.C) Co-operators General Insurance Co. v. Alberta, [1993] A.J. No. 828 Dans l’affaire du: Renvoi relatif à la Loi sur la non-discrimination génétique édictée par les articles 1 à 7 de la Loi visant à interdire et à prévenir la discrimination génétique, [“The GNDA Reference”] 2018 QCCA 2193 Fraser v. Canada (Attorney General) (2020) SCC 28 Gonzalez v. Canada (Employment and Immigration Commission), [1997] F.C.J. No. 790 Hartling v. Nova Scotia (Attorney General), 2009 NSCA 130 Hernandez v. Palmer, 1992 OJ No. 2648 Insurance Corporation of British Columbia v. Heerspink (1982) 2 S.C.R. 145 Kahkewistahaw First Nation v. Taypotat (2015) 2 SCC 30 Law v. Canada, (1999) 1 S.C.R. 497 Leroux v. Co-operators General Insurance Co., [1991] O.J. No. 1554 London Life Insurance Co. and Ontario Human Rights Commission (1985) 50 O.R. (2d) 748 Morrow v. Zhang, 2009 ABCA 215 Mutual Life Insurance Co, N.Y. v. Ontario Metal Products, [1925] D.L.R 583

80

B. Billingsley

Nova Scotia (Human Rights Commission) v. Canada Life (1992) 88 D.L.R. (4th) 100 Olorenshaw v. Western Assurance Co [2013] O.H.R.T.D. No. 297 Quebec (Commission des droits de la personne et des droits de la jeunesse) v. Boisbriand (City), [2000] 1 S.C.R. 665 R. v. Kapp, 2008 S.C.J. No. 42 R. v. Malmo Levine [2003] 3 S.C.R. 571 R. v. Oakes, [1986] 1 S.C.R. 103 Reference Re Assisted Human Reproduction Act, 2010 SCC 51 Reference re Genetic Non-Discrimination Act, 2020 SCC 17 Reference Re Validity of Section 5(1) Dairy Industry Act, [1949] 1 S.C.R. 1 RJR MacDonald Inc. v. Canada (Attorney General) [1995] 3 S.C.R. 199 Trachemontagne v. Ontario (Director, Disability Support Program), 2006 S.C.C. 14 Vriend v. Alberta, [1998] S.C.J. No. 29 Withler v. Canada (Attorney General), 2011 S.C.J. No. 12 Zavarovalna Skupnost Triglav v. Terrasses Jewellers Inc., [1983] S.C.J. No. 22 Zurich v. Ontario Human Rights Commission, [1992] S.C.J. No. 63

Statutes Adverse Contractual Action Regulation, Alta. Reg. 28/2015 Automobile Accident Minor Injury Regulations, N.S. Reg. 94/2010 Automobile Insurance Prohibited Underwriting Regulations, O.C. 2004-297 Automobile Insurance Regulation, RRO, 1990, Reg. 664 Automobile Insurance Underwriting Regulation, N.S. Reg. 125/2003 Automobile Rating Classification Regulation, N.B. Reg. 2004-139 Charter of Human Rights and Freedoms, CQLR, c. C-12 Human Rights Act, RSA 2000, c. A-25.5 Human Rights Act, RSNB 2011, c. 171 Human Rights Act, RSNL 2010, c. H-14 Human Rights Act, RSNS 1989, c. 214 Human Rights Act, RSPEI 1988, c. H-12 Human Rights Act, RSY 2002, c. 116 Human Rights Act, S. Nu 2003, c. 12 Human Rights Act, SNWT 2002, c. 18 Human Rights Code, CSM, C. H-175 Human Rights Code, RSBC 1996, c. 210 Human Rights Code, RSO 1990, c. H-19 Human Rights Code, SS 2018, c. S.24.2 Injury Regulation – Insurance Act, N.B. Reg. 2003-20 Insurance Act, R.S.P.E.I. 1988, c.I-4 Insurance Act, RSA 2000, c. I-3 Insurance Act, RSNWT (Nu) 1988, c. I-4 Insurance Act, RSNWT 1988, c. I-4 Insurance Act, RSO 1990, c. I-8 Matters Considered in Automobile Insurance Rates and Risk-Classification Systems Regulations, N.S. Reg 183/2003 Minor Injury Regulation, Alta. Reg. 123/2004 Minor Injury Regulation, B.C. Reg. 60/2019 Northwest Territories Act, R.S.C. 1985, c. N-27 Nunavut Act, S.C. 1993, c. 28

Insurance and Discrimination in Canadian Law

81

Ontario Human Rights Code, RSO 1990, c. H-19 Operator Licensing and Vehicle Control Regulation, Alta. Reg. 320/2002 Part 1 of the Constitution Act, 1982, being Schedule B to the Canada Act 1982 (UK), 1982, c. 11 Prohibited Underwriting Practices Regulation, N.B. Reg. 2003-15 Prohibiting Underwriting Practices Regulation, P.E.I. Reg. EC697/03 Saskatchewan Human Rights Code Regulation, CS-24.1, Reg. 1 Statutory Accident Benefits Schedule, ON Reg. 34/10 Vital Statistics Information Regulation, Alta. Reg. 108/2018 Yukon Act, S.C. 2002, c. 7

Part II

Insurance and the Right to Health

Health Reinsurance as a Human Right Christina S. Ho

Abstract Health reinsurance as a public policy measure aims to off-load the expensive costs of those who are catastrophically ill onto the best risk bearer, often the state. The benefits ripple out, helping not just those with the highest health costs but also the broader public by helping to render health coverage more widely affordable and accessible. The health and human rights discourse ought to include the notion that we all enjoy a core health right to the state’s performance of its reinsurance function. First, the features of reinsurance map well onto those of the right to health specified in the International Covenant on Economic Social and Cultural Rights and the associated General Comments. These texts suggest particular concern for the vulnerable and give attention to covariant risks, the promotion of equitable distribution, and state action that ensures the underlying conditions for a strong health system. This book chapter explains how government-sponsored health reinsurance also addresses these same concerns and is instrumental in creating stable background conditions for the organization of broad health provision. I further argue that understanding the core right to health as including reinsurance helps soften certain tensions that afflict the concept of “the minimum core.” Reinsurance helps bridge the tension (1) between context sensitivity and universalizability and (2) between individually claimable rights and broader systemic duties. I illustrate these advantages using the experiences that various countries around the world have had with health reinsurance as a policy.

I wish to thank Christine H. Lee for her superb research assistance. C. S. Ho (*) Rutgers Law School, Newark, NJ, USA e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_4

85

86

C. S. Ho

1 Introduction Both “insurance” and “rights” can serve as technologies of assurance. One of the domains where this overlap is most apparent is in the health sector. But rights are commonly understood to be a “public” technology, guaranteed by the state, while insurance need not be so, as is evident in countries like the United States, where private health insurance continues to play a significant role.1 What is the proper duty of the government to its citizens with respect to their health insurance, and why has rights discourse said little about the topic? One of the chief anxieties of health and human rights discourse has been the difficulty specifying the scope and content of the right to health. What belongs in the right is notoriously indeterminate, in part due to factors like changing technologies and the irreducibly particularistic nature of the medical practice.2 The doctrine of the minimum core emerged to address this problem, narrowing the contested domains and purporting to fix at least the health goods and services that must be provided across the range of sovereign nations, with little room for limitation or derogation.3 This tool has been imperfectly embraced, and as a result, exponents of health as a human right have more work to do in developing specifications of such a right that would garner broad acclamation. The US, as a health rights laggard, is experiencing more of a hurdle than a model in this area. Yet, here, I will draw from the US experience to identify one proposal to be considered, namely government-sponsored reinsurance. This chapter argues that the affirmative government provision of reinsurance for health, if understood in a broad sense, should be a part of the core obligation of the state to ensure the human right to health.

2 Background on Reinsurance in the Health Sector 2.1

What Is Reinsurance?

Reinsurance is commonly referred to as “insurance for insurers.”4 Commercial reinsurance is purchased by primary insurers (including life and health carriers) when exposure to loss exceeds their willingness to carry risk, like risk from large catastrophic claims, which may require excessive capitalization.5 A classic example of reinsurable risk is the risk of correlated (or covariant) losses. For instance, primary insurers in agriculture may seek reinsurance because weather-dependent crop 1 Barnett et al. (2019), available at https://www.census.gov/library/publications/2019/demo/p60267.html (noting that in 2018, 67.3% of the population had private insurance coverage). 2 See, e.g., Ho (2017), pp. 756–759. 3 Young (2012), pp. 69–79. 4 Hall (2010), p. 1168. 5 See Blewett et al. (2019).

Health Reinsurance as a Human Right

87

failures can afflict many enrollees in one season. The probability of one farmer’s loss does not stand independent of the probability of another’s; they instead covary.6 Therefore, “to place a limit on their exposure to such expenses,” insurers can pay a premium to a reinsuring entity to absorb some of the unwanted risks.7 Reinsurance policies feature attachment points and often coinsurance. An attachment point is a threshold condition that triggers reinsurance payout obligations. It is to the primary insurer what a deductible is to the insured insofar as a deductible marks the threshold medical loss incurred before the primary insurer’s obligation to pay submitted claims begins. Aggregate stop-loss reinsurance sets an attachment point based on a threshold of aggregate losses across the risk pool. But health coverage often takes the structure known as “excess of loss” reinsurance, where the attachment point is defined as a level of loss per beneficiary.8 Some reinsurance policies feature both simultaneously. For instance, a reinsurance policy for a health plan might assume obligations for claims once the plan hits 20 million USD in aggregate claims a year, but it may also agree to shoulder claims incurred by any given beneficiary or enrollee once that person exceeds 100,000 USD in policy-year claims. The primary insurer often cedes to the reinsurer only a portion of the loss above the attachment point. The remaining fraction is retained by the ceding insurer as coinsurance. For instance, the reinsurer may agree to absorb 80% of medical losses above 100,000 USD for any given beneficiary, leaving the primary insurer with a 20% coinsurance (assuming the patient-beneficiary has no cost-share).

2.2

Matters of Terminology

Reinsurance characteristically reimburses post hoc for actual losses incurred. This feature generally distinguishes reinsurance from other types of risk stabilization, such as risk adjustment, which distributes money to insurers based on their ex ante, predicted losses.9 Some in the discourse may complain that health sector observers use the term “reinsurance” too loosely, eliding the distinction between reinsurance and high-risk pools. High-risk pools, another risk stabilization device, target and subsidize risk based on the ex ante identification of high-risk individuals for enrollment in a risk-segregated product. For the purists, some policies that are dubbed “health reinsurance” should instead be called “high risk pools,” even if the 6

See Glauber and Miranda (1997), available at: https://doi.org/10.2307/1243954. Swartz (2005), pp. vi–vii (discussing Healthy New York, a state reinsurance program), available at: https://www.commonwealthfund.org/publications/fund-reports/2005/jul/reinsurance-howstates-can-make-health-coverage-more-affordable. 8 Swartz (2006), p. 105, available at https://www.russellsage.org/sites/default/files/0871547272text. pdf (also describing another form, quota loss reinsurance, as “not as prevalent in connection with health insurance”). 9 Swartz (2006), p. 102. 7

88

C. S. Ho

beneficiary may not know that they are subsidized or pooled differently from others. A type of so-called reinsurance program where the cession of claims is based on a beneficiary’s high-cost diagnosis should perhaps be called an “invisible” high-risk pool instead.10 To illustrate, take the example of Alaska and a number of other US states. These states were granted waivers of otherwise applicable requirements in order to experiment with their administration of the Affordable Care Act (ACA). These “1332 state waiver plans” often feature “reinsurance” or “invisible high-risk pools” to shore up the private insurance offered on the ACA exchanges. However, in Alaska, the “reinsurance” program is structured to pay 100% of the cost of claims associated with any of 33 health conditions.11 These conditions, identified as cost drivers, include cystic fibrosis, blood diseases like hemophilia, bone marrow disorders, and end-stage renal disease.12 Again, some could argue that a design where a diagnosis triggers payment is based on an ex ante “risk” factor rather than actual post hoc losses. What we colloquially refer to as “health reinsurance” in this context is from one perspective more akin to an “invisible” high-risk pool. However, the distinction matters little if indeed the conditions, like end-stage renal disease, are certain to be medically costly. Therefore, in this chapter, I will adhere to the vernacular use of the term “reinsurance,” as is common in the health coverage world.13 I argue that many of the policies, though they might fall outside the strictest sense of the term, do perform the function of reinsurance, where catastrophic losses beyond a certain threshold are off-loaded to stabilize the primary private risk market.

2.3

Public and Private Reinsurance

This discussion raises the distinction between public and private reinsurance. Reinsurance can be “public,” private, or hybrid. Private reinsurance involves a premium to a private reinsurer to take on the layer of risk that the underlying primary insurer wishes to cede. As some have observed in the US, “private reinsurance is unlikely to provide a technical fix for chronically expensive patients,”14 in part because while US insurance laws prohibit certain health-status-based exclusions or underwriting for health insurance, those same laws continue to permit health status distinctions for reinsurance.15

10

Persad (2020), p. 26, n. 131 (citing Allumbaugh et al. 2017). Ibid., p. 24. 12 Ibid. 13 Ibid., p. 26 (describing the vernacular use). 14 Ibid., p. 23. 15 See Monahan and Schwarcz (2013), p. 1966. 11

Health Reinsurance as a Human Right

89

Instead, in the US, interest has burgeoned lately in a model of governmentsponsored reinsurance. Instead of paying premiums in order to transfer risks beyond the “attachment point” to a private reinsurer, insurers may join a state-organized fund that will shield the primary insurer from unwanted risk. While it is common for the primary insurers to pay into the fund as a condition of joining, the government can also subsidize that fund partially or fully from other sources such as general tax revenue.16

2.4

The Systemic Functions of Reinsurance

As discussed earlier, covariant loss is one of the chief rationales for reinsurance and loss in the health sector can covary for a number of reasons.17 In a normal year, individuals in a community may experience a certain rate of hospitalization, but no one person’s likelihood of developing a condition requiring hospitalization necessarily predicts the next person’s. By contrast, during a respiratory epidemic, the probability of hospitalizations could spike across the enrollee base, and many people could experience high-cost ventilator needs all at once. Government action can also pose covariant risks. For instance, government-granted monopolies can cause pharmaceutical spending to surge. But insurers are not the only entities that benefit from reinsurance. The high-cost patient may appear as the party most directly targeted for subsidy. Yet reinsurance benefits participants in the health system far beyond the primary insurers or high-risk individuals. Mark Hall has articulated three main policy effects of reinsurance in the health insurance sector, each of which illustrates broader public benefit. Reinsurance can have the effects of (1) reducing premiums; (2) deterring insurer risk selection, which can undermine the market conditions for pooling risk; and (3) engendering business confidence, which will spur insurers to enter into or stay in the market.18 What is interesting about these policy effects is that they describe the pathways by which reinsurance can benefit populations apart from high-cost catastrophically ill patients, who might be the most immediately visible beneficiaries of reinsurance. Through these pathways, reinsurance can increase the availability of insurance and

16

See Bennett and Ranson (2002) in: Dror, D. and Preker, A. (eds), p. 258 (“Government may set up a reinsurance scheme (or solidarity fund). Participating [insurers may] contribute to this pool..., [g] overnment may establish this fund but not contribute to the pooled resources, or establish the fund and make some contribution to the pooled resources (a combination of reinsurance and subsidy).”). But see Brenzel and Newbrander (2002) in: Dror, D. and Preker, A. (eds), p. 310 (arguing, “[T]his approach is not sustainable, may give negative performance and risk-management incentives, and may perpetuate poor microinsurance designs. Instead of using scarce public resources or donor funding to cover deficits, those resources can be better spent on developing management capacity and management systems and on improving scheme design to reduce financial risk.”). 17 See Glauber and Miranda (1997). 18 Hall (2010), p. 1169.

90

C. S. Ho

reduce premiums for low-risk individuals as well. This is a point I will return to throughout this chapter. Reinsurance does so in at least five distinct ways. Firstly, if the government injects funds for reinsurance, the low-risk enrollees shed some of the economic burdens of subsidizing the highest medical costs. Secondly, reinsurance reduces volatility for primary insurers so they need not load on an additional risk premium, making health coverage more affordable. Thirdly, by eliminating the advantages of risk selection, reinsurance helps primary insurers trim the expense of aggressive risk selection activities. Fourthly, to the extent that reinsurance blunts incentives for risk selection, it benefits not only high-risk individuals who might otherwise be excluded from coverage but also the low-risk consumer who has access to a better product. According to the famous Rothschild-Stiglitz model, reducing risk selection benefits healthier low-risk individuals insofar as they might otherwise be offered only barebones products on the insurance market.19 Finally, to the extent that more private insurers are encouraged to enter the market, price competition can exert downward pressure on premiums.20 Thus, by the government’s assumption of the most medically expensive patient claims, the stability, affordability, and appeal of health coverage for low-risk individuals increase as well. We have witnessed this lesson learned in real time. The Yeshasvini Trust in India has long offered a package that focuses mostly on highcost surgery, eschewing items like preventive benefits and follow-up care.21 In the mid-aughts, they reaped the consequences of their choice to skew away from “balance[ing] the effect of sticking to more traditionally insurable events with having a more attractive product on offer, [which can] thereby attract more clients, which increases the risk diversification.”22 Yeshasvini’s choice of benefit design destabilized their pool, provoking dramatic premium increases. It is hardly surprising that the Yeshasvini Trust thereafter sought reinsurance in response, which they eventually secured from the state government.23 They also added a few more routinely needed services such as normal delivery and neonatal care.24

19

Rothschild and Stiglitz (1976), p. 629, available at: https://www.uh.edu/~bsorense/Rothschild& Stiglitz.pdf. 20 Ibid., p. 641. 21 See Radermacher et al. (2005), available at https://www.ilo.org/employment/Whatwedo/ Publications/WCMS_122476/lang%2D%2Den/index.htm. 22 Radermacher et al. (2009), p. 19, available at http://ssrn.com/abstract¼1477272. 23 See La Forgia and Nagpa (2012), p. 266. 24 Id., p. 258.

Health Reinsurance as a Human Right

91

3 The US Health System: A Tradition of Government-Sponsored Reinsurance When the government backstops or provides assurance against high losses for the purpose of stabilizing the underlying private risk market, the state is providing a form of government-sponsored reinsurance. This idea of the government’s role as performing the reinsurance function is a notion with deep roots in the US politicolegal system, as many eminent scholars in the US have argued. For instance, William Eskridge and John Ferejohn contend that in the US, the government’s assurance of security for banknotes and deposits, environmental matters, retirement security, and the stability of markets is part of our set of “small c” constitutional “commitments embodied in federal statutes.”25 Some of the examples that David Moss gives of government-as-risk-backstop in the US include the Federal Reserve, the institution of Federal Deposit Insurance Corporation (FDIC), limited liability for corporations, Superfund, flood insurance, crop insurance, government-backed mortgages, pension guaranty laws like the Employee Retirement Income Security Act (ERISA), and student loans.26 Michele Landis Dauber similarly traces a deeply rooted, remarkably precedent-driven tradition in the US of government financing at those times when “disaster afflicted citizens through no fault of their own.”27 Here, I focus on the health domain and indicate some evidence that even America, long hobbled by our status as the only developed nation without universal health care, has nevertheless persisted in casting the government as the ultimate guarantor against catastrophic risk in health. I suggest in other writing that “the development of the patchwork system of US laws in health care can be understood as a history of implicit reinsurance, as yet incomplete.”28 Examples include our most visible government health coverage programs. Medicaid was established in 1965, covering the “aged, blind and disabled” and those who were institutionalized.29 These groups were most vulnerable to exclusion from private coverage, in part because they included some of the costliest health care utilizers whom no one would insure. The fight for Medicare was supported by unions and employers in part to off-load the cost of retiree health insurance onto the government.30 Many of the groups later

25

Eskridge and Ferejohn (2010), p. 77. See Moss (2004). 27 Dauber (2013), p. 34. 28 Christina S. Ho, With Liberty and Reinsurance for All (unpublished manuscript), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id¼3840904. 29 ASPE (2005), available at: https://aspe.hhs.gov/report/using-medicaid-support-working-ageadults-serious-mental-illnesses-community-handbook/brief-history-medicaid. 30 See Daschle et al. (2008), p. 57 n. 27 (citing Quadagno, p. 47) (“The unions had a vested interest in government help for the elderly. In the late 1950s and early 1960s, they began to win health benefits for retirees, but these victories came at a high price. With the advent of experience rating, retirees were a significant drain on employers’ finances, soaking up money they might otherwise 26

92

C. S. Ho

added to Medicare also exemplified the reinsurance principle whereby high-cost risks that would skew insurance risk pools were ceded to the state. For instance, in 1972, the US gave Medicare eligibility to permanently disabled individuals who have qualified for Social Security for two years.31 The following year, end-stage renal disease patients were added,32 and in 2001, Medicare was extended to patients with amyotrophic lateral sclerosis (ALS).33 Even ERISA, a notoriously deregulatory federal health law, was itself a pension reinsurance act. ERISA’s displacement of state laws with its own scant remedial scheme functioned as limited liability for employer-sponsored health plans; it constituted a government-sponsored risk ceiling that distributed the risks of benefit denial across patient-beneficiaries rather than employers in order to keep employers in the market for health benefits. Even now, amid efforts to dismantle the ACA and its arrangement of stable background conditions for financing health care, reinsurance has emerged as a rare point of agreement. As Jeanne Lambrew, one of the architects of the ACA has observed, “Reinsurance was the only proposal in both the Republicans’ 2017 ‘repeal and replace’ bills and Democratic alternatives.”34 Though the express reinsurance provision in the ACA was designed to be temporary, federal and state officials alike have found ways to extend it. For instance, the ACA did authorize a permanent risk adjustment program, and once the ACA reinsurance provision expired, the riskadjustment program was modified to supply payments to health insurers of 60% of the cost above a per-beneficiary attachment point of 1 million USD.35 The Trump Administration briefly scuttled the risk adjustment rule for unrelated reasons, but vehement outcry led to a rapid reinstatement.36 Moreover, state governments have stepped into the breach by instituting state-based reinsurance programs, even when those states’ leaders are otherwise on record opposing the ACA.37 Amid the indisputable catastrophe posed by the coronavirus pandemic, calls for state and federal reinsurance have resumed.38

have spent on wage increases. If the government took responsibility for insuring retirees, the unions would be able to bargain for higher wages and better benefits for current workers.”)). 31 See SSA of 1972, PL 92-603; see also Syzmendera (2009), available at: https://greenbookwaysandmeans.house.gov/sites/greenbook.waysandmeans.house.gov/files/2012/documents/ RS22195_gb_0.pdf. 32 See SSA of 1972, PL 92-603, §299I; see also Eggers (2000), available at: https://www.ncbi.nlm. nih.gov/pmc/articles/PMC4194691/. 33 See Consolidated Appropriations Act of 2001, PL 106-554; Syzmendera (2009). 34 Lambrew and Montz (2018), available at: http://prospect.org/article/next-big-thing-healthreform-where-start (emphasis added). 35 Counihan (2016), available at: https://ccf.georgetown.edu/wp-content/uploads/2016/08/Build ing-on-Premium-Stabilization-for-the-Future-_-The-CMS-Blog.pdf. 36 See CMS (2018), available at: https://www.cms.gov/Newsroom/MediaReleaseDatabase/Pressreleases/2018-Press-releases-items/2018-07-24-2.html. 37 See State Health Access Data Assistance Center (SHADAC), available at: http://www.shadac. org/publications/resource-1332-state-innovation-waivers-state-based-reinsurance. 38 See Kreidler (2020), available at: https://www.insurance.wa.gov/sites/default/files/documents/ letter-to-washington-congressional-delegation-reinsurance-and-covid-19.pdf.

Health Reinsurance as a Human Right

93

I suggest that if the US were to finally turn to health rights as part of the social compact, the affirmative right to health care could be constituted in a manner consistent with our traditional views on government roles by assuring a right to reinsurance of health coverage.39 Other scholars have argued that reinsurance could position us on the glide path to broader collective health commitments, including single-payer.40 Certainly, governments could and should provide more coverage beyond mere reinsurance within their available resources. But my argument here is that at a minimum, they have a duty to provide something that performs the reinsurance function as the groundwork that brings organized affordable health care within reach. Governments’ obligations include the creation of stable background conditions for individuals, including the conditions for coming together to organize collective financing for health provision and protection. Health reinsurance would be one of those basic government duties, similar to the provision of a stable currency, basic safety, security, and national defense. I now look beyond the US case to the broader question of what role reinsurance might have in terms of advancing the human right to health globally. My argument is that the concept of reinsurance could not only fit the existing international understanding of the human right to health but also extend the doctrine in appealing ways. I first look to whether the positive law on the right to health permits reinsurance as part of its conception, and then I look at whether the inclusion of reinsurance might actually render the right to health doctrinally more attractive. In these two tasks, I focus principally on the language and normative elaboration of international instruments.

4 The Right to Health in International Instruments: Minimum Core 4.1

How to Specify the Right to Health: Language of International Instruments

First, the language of positive law on the right to health and its accumulated interpretations displays certain features consistent with reinsurance as a component of the right. One perennial difficulty is that the language of the canonical human rights instruments is general and ambiguous, hampering our ability to determine specific

39 40

See Moss (2004); see also Dauber (2013). See Jacobi (2007); see also Bovbjerg (1992), p. 168.

94

C. S. Ho

boundaries or disputes.41 For instance, Article 12 of the International Covenant on Economic Social and Cultural Rights (ICESCR) announces the “right of everyone to the enjoyment of the highest attainable standard of physical and mental health.” This declaration is so ambitious as to be considered unattainable. Thus, rather than demanding strict adherence, the text elsewhere permits states to fall short of the standard. The extent of permissible shortfall must then be defined, but the language on that front is also indeterminate. According to Article 2(1) of the ICESCR, the degree of provision required is that of “progressive . . . realization” within “available resources.”42 This admittedly unhelpful formulation is not all that the ICESCR provides by way of guidance. In Article 12(2), the convention elaborates on clause (1), thus: The steps to be taken by the States Parties to the present Covenant to achieve the full realization of this right shall include those necessary for: (a) The provision for the reduction of the stillbirth-rate and of infant mortality and for the healthy development of the child; (b) The improvement of all aspects of environmental and industrial hygiene; (c) The prevention, treatment and control of epidemic, endemic, occupational and other diseases; (d) The creation of conditions which would assure to all medical service and medical attention in the event of sickness.43

Article 12(2) thus identifies specific priorities.44 It flags first and foremost a concern with the health of the most vulnerable, including children and particularly infants.45 Second, it targets a certain degree of what we might call covariant risk: environmental and industrial hygiene and epidemic disease.46 Last but not least, it emphasizes the “creation of conditions which would assure to all medical service . . . in the event of [illness],” hearkening to the background conditions that reinsurance would help secure.47 All of these specific features can be seen as related to the functions of health reinsurance. Perhaps it is no coincidence that the rescue of at-risk babies at birth is one of the canonical high-cost scenarios envisioned when one considers the need for health reinsurance. The ICESCR’s specific invocation of epidemics even prods states to consider tools that cope with covariant risk. To the

The International Covenant on Economic, Social and Cultural Rights requires states to “take steps, individual and through international assistance and co-operation, especially economic and technical, to the maximum of [their] available resources, with a view to achieving progressively the full realization of the rights recognized in the present Covenant by all appropriate means, including particularly the adoption of legislative measures.” ICESCR, Art. 2(1), available at: https://www. ohchr.org/en/professionalinterest/pages/cescr.aspx; see also ibid., Art. 12. 42 Ibid., Art. 2(1). 43 Ibid., Art. 12(2). 44 See Hunt (1996). 45 Ibid. 46 Ibid. 47 Ibid. 41

Health Reinsurance as a Human Right

95

extent that reinsurance itself does not provide medical service, it does instead serve as the condition under which medical service could be assured to all, and thereby it is one of the “conditions of assurance” highlighted in paragraph (2)(d).

4.2

General Comments Interpreting the ICESCR

While I cannot in this space delve into the case law of the various state and regional bodies that interpret the right to health language from human rights instruments and national constitutions alike, suffice it to say that the doctrinal development of the right to health does not end with the language in the ICESCR.48 Even considering solely those international bodies interpreting the ICESCR, one can see that a great deal of interpretive work has transpired. The United Nations Committee on Economic, Social and Cultural Rights (CESCR) was created in 1985 to monitor the ICESCR’s implementation, and it has in the process spelled out its understandings of what the Covenant requires.49 These understandings are memorialized in the form of General Comments.50 In General Comment No. 3, the CESCR addresses the indeterminacy of the “progressive realization” language head-on, insisting that “the fact that realization over time, or in other words progressively, is foreseen under the Covenant should not be misinterpreted as depriving the obligation of all meaningful content.”51 The Comment spells out specific features of that obligation. I will remark on a few of those features below. One feature is the duty of nonretrogression, discussed in paragraph 9 of General Comment No. 3: “[A]ny deliberately retrogressive measures . . . would require the most careful consideration and would need to be fully justified by reference to the totality of the rights provided for in the Covenant and in the context of the full use of the maximum available resources.”52 Thus, while an absolute threshold of provision for all Member States might elude us at present, and we cannot say how much partial realization satisfies the right to health, at least we can recognize that deliberately moving backwards from levels of provision that had already been attained would violate the injunction to “progressively” realize this right. 48

See De Schutter (2019). United Nations Human Rights Office of the High Commissioner, available at: https://www.ohchr. org/en/hrbodies/cescr/pages/cescrindex.aspx. 50 See Young (2008), p. 143 n.174, available at: https://lawdigitalcommons.bc.edu/cgi/viewcontent. cgi?article¼1920&context¼lsfp (“Although the legal status of the General Comments is uncertain, the Committee commenced with their publication after an invitation by the Economic and Social Council which was endorsed by the General Assembly. G.A. Res. 42/102, at 202, U.N. GAOR, 42d Sess., 93d plen. mtg., U.N. Doc. A/Res/42/102. (Dec. 7, 1987).”). 51 CESCR General Comment No. 3 (1990), available at: https://www.refworld.org/docid/ 4538838e10.html. 52 Ibid. 49

96

C. S. Ho

Next, in paragraph 10 of General Comment No. 3, the Committee goes on to introduce the idea of “minimum core obligations”: On the basis of the extensive experience gained by the Committee, as well as by the body that preceded it, over a period of more than a decade of examining States parties’ reports, the Committee is of the view that a minimum core obligation to ensure the satisfaction of, at the very least, minimum essential levels of each of the rights is incumbent upon every State party. Thus, for example, a State party in which any significant number of individuals is deprived of essential foodstuffs, of essential primary health care, of basic shelter and housing, or of the most basic forms of education is, prima facie, failing to discharge its obligations under the Covenant. If the Covenant were to be read in such a way as not to establish such a minimum core obligation, it would be largely deprived of its raison d’etre.53

Like the nonretrogression concept, the minimum core concept imposes a higher burden of justification for states that claim that they cannot meet that level of provision. Paragraph 10 of General Comment No. 3 warns that “[i]n order for a State party to be able to attribute its failure to meet at least its minimum core obligations to a lack of available resources it must demonstrate that every effort has been made to use all resources that are at its disposition in an effort to satisfy, as a matter of priority, those minimum obligations.”54 To read a core minimum requirement into the scope of the states’ affirmative health obligations represents, at least potentially, a significant advance in the determinacy of the right to health. Unfortunately, rather than settling disputed boundaries, the core minimum concept has itself provoked contestation. I argue first that the core minimum obligations as articulated here do not exclude but in fact lend themselves to the inclusion of reinsurance as an element. I will later argue that including the reinsurance function within the core can actually help resolve some of the contestations concerning the core minimum.

5 Argument for Reinsurance as Part of the Minimum Core 5.1

Reinsurance Is Consistent with the Right to Health Minimum Core Doctrine

I introduced the concept of the core minimum requirement through its textual appearance in General Comment No. 3, which was adopted in late 1990. General Comment 3 speaks not just to the right to health but also to all of the socioeconomic rights in the ICESCR that are subject to “progressive realization.” Thus, 10 years later, the Committee issued a separate General Comment No. 14, which explained

53 54

Ibid. Ibid.

Health Reinsurance as a Human Right

97

the Committee’s views more specifically on the right to health.55 That explanation included greater detail on how the core minimum requirement applied in the health context. In paragraph 43, the Committee lays out particular items that they view as contained within the core health right: States parties have a core obligation to ensure the satisfaction of, at the very least, minimum essential levels of each of the rights enunciated in the Covenant, including essential primary health care . . . . [I]n the Committee’s view, these core obligations include at least the following obligations: (a) To ensure the right of access to health facilities, goods and services on a non-discriminatory basis, especially for vulnerable or marginalized groups; (b) To ensure access to the minimum essential food which is nutritionally adequate and safe, to ensure freedom from hunger to everyone; (c) To ensure access to basic shelter, housing and sanitation, and an adequate supply of safe and potable water; (d) To provide essential drugs, as from time to time defined under the WHO Action Programme on Essential Drugs; (e) To ensure equitable distribution of all health facilities, goods and services; (f) To adopt and implement a national public health strategy and plan of action, on the basis of epidemiological evidence, addressing the health concerns of the whole population; the strategy and plan of action shall be devised, and periodically reviewed, on the basis of a participatory and transparent process; they shall include methods, such as right to health indicators and benchmarks, by which progress can be closely monitored; the process by which the strategy and plan of action are devised, as well as their content, shall give particular attention to all vulnerable or marginalized groups.56

In a somewhat confusing manner, the document proceeds in the very next paragraph (44) to articulate other items that are separate from the items in 43 which ostensibly mark out the territory considered the core minimum. Nevertheless, paragraph 44 proceeds to declare these items of “comparable priority” to those in 43: The Committee also confirms that the following are obligations of comparable priority: (a) To ensure reproductive, maternal (pre-natal as well as post-natal) and child healthcare; (b) To provide immunization against the major infectious diseases occurring in the community; (c) To take measures to prevent, treat and control epidemic and endemic diseases; (d) To provide education and access to information concerning the main health problems in the community, including methods of preventing and controlling them; (e) To provide appropriate training for health personnel, including education on health and human rights”57

To the extent that these highlighted portions give additional content to the core minimum, they include some cross-cutting elements such as the requirement of

55

CESCR General Comment No. 14 (2000), available at: https://www.refworld.org/docid/ 4538838d0.html. 56 Ibid. (emphasis added). 57 Ibid. (emphasis added).

98

C. S. Ho

strategic planning and groundwork, nondiscrimination, equitable distribution, concern for covariant risk, and a solicitude for the most marginalized and vulnerable. These principles, unsurprisingly, overlap somewhat with the specific features of the right to health outlined in Article 12(2). But new aspects or details also emerge from this additional language. For instance, broad health education for the public is included as a core health obligation here. The comment also centers on the obligation to provide what are called determinants of health (food, housing/shelter, sanitation, water), though it does not help much in resolving the question of the sufficiency of the quantity of these determinants. It also flags categories, such as primary health care, essential drugs, reproductive and maternal and child health, and immunization, but leaves the question of the sufficient level of these items glaringly open as well. While reinsurance is not specifically mentioned among the items and principles listed in either the Covenant language or the General Comments, reinsurance is nevertheless consistent with a number of the concepts flagged here. First, and perhaps most straightforwardly, reinsurance, by targeting its help at those with the most catastrophic health needs, can be understood to address some portion of the most marginalized and vulnerable. Second, the need for systemic thinking and planning around health resources is clearly contemplated by General Comment 14, as evidenced by its call for a national strategic public health plan. As discussed earlier, some of the most important contributions that governments can make to health care consist not in the provision of items and services themselves, or even the provision of the financing for the items and services, but in the assurance of the conditions that enable the provision of financing, care, and services. Some literature refers to the government’s stewardship role or its role in creating an “enabling environment.”58 Investment in and regulation of the baseline quality of providers are considered part of this government function and are, indeed, recognized in General Comment 14 paragraph 44(e), which stipulates the government’s obligation to provide appropriate training for health personnel. Reinsurance also functions to create the “enabling environment” or “systemic conditions” for a functioning health system. This is true in the US, for example, because the vast majority of the medical costs are consumed by a small percentage of the population, namely those catastrophic cases. The top 5% of patients ranked by health care expenditures account for almost half of all medical spending in the US59 The top 1% of health spenders account for more than 20%.60 Meanwhile, the bottom 50% account for just 3% of costs.61 Vulnerability to extreme costs could leave most institutions with little to address the routine health care needs of the vast majority of the population and could cripple the medical system altogether. An institution like

58

See Bennett and Ranson (2002), pp. 255–257. Schoenman (2012), p. 2, available at: https://www.nihcm.org/pdf/DataBrief3%20Final.pdf. 60 Ibid. 61 Institute for Healthcare Improvement (IHCI) (2012), slide 7, available at: https://www.slideshare. net/kingsfund/maureen-bisognano-an-international-perspective-leading-for-better-health-care. 59

Health Reinsurance as a Human Right

99

reinsurance, which would off-load the catastrophic cases to a separate government backstop, could free up the health system to serve other needs, in other words, creating the underlying conditions for a health system that addresses needs broadly and equitably. Indeed, this dynamic reveals an irony of reinsurance, namely its consistency with the minimum core’s charge in favor of the equitable distribution of health resources. Though reinsurance may initially target a skewed few, it actually makes routine health provision, including primary health care, more accessible to all in the system when their needs are not squeezed out by high-cost patients. When extreme costs are funded not through premiums contributed by low-risk patients but through government revenue structured in a progressive manner, then premiums fall, and the benefit basket can tilt toward more broadly appealing services, such as primary care. As a corollary then, the fourth way by which reinsurance comports with the principles articulated in General Comment No. 14 is by promoting the availability of essential primary care, as prioritized in paragraph 43. I am not arguing here that formal reinsurance is the only way to create the conditions or enabling environment for a health system or to provide services broadly. I am arguing, however, that one way or another, the state must take on the “function” of reinsurance. Especially in countries with fully tax-funded health coverage, or with direct government provision of services, governments are subsidizing necessary but high-cost care in direct ways. Subsidies can take the form of “government ownership of public facilities where such [high-cost care] is provided,”62 i.e., tertiary institutions. The function of addressing these cases remains the same, whether it is formally structured as reinsurance or otherwise. Certainly, China had in the past been accused of such oversubsidization of tertiary care.63

5.2

Reinsurance Reconciles Common Tensions Surrounding the Minimum Core Right to Health Doctrine

Until now, I have shown that to whatever extent the minimum core doctrine has been specified, reinsurance fits those articulated parameters. There is no great strain when including reinsurance as an element of the right to health, indeed a core element. This claim is in some ways a modest one, merely demonstrating that no textual or doctrinal obstacle prevents reinsurance from becoming part of the core bundle of sticks that make up the right to health. Now I propose a somewhat different argument about reinsurance as not merely permitted by the doctrine but as an attractive interpretation of the doctrine. Reinsurance fits the specification thus far but can also fill in a coherent account where the current specification runs out. Using 62 63

Bennett and Ranson (2002), p. 259. See Xu et al. (2019).

100

C. S. Ho

reinsurance to interpret the minimum core helps negotiate certain problems and tensions that currently afflict the concept. I will discuss two here: (1) the tension between context sensitivity and universalizability and (2) the tension between individually claimable rights and broader systemic duties. As mentioned above, however much the doctrine of the right to health under the ICESCR has developed over time, those specifications have not quelled anxieties over the doctrine’s indeterminacy, including indeterminacy over what belongs in the core. The core minimum has proven difficult to define, and its content may well be no less contested.64 The tool has struggled to garner a consensus among jurists and decision-makers, perhaps because of failures to render the concept sufficiently workable. The South African Constitutional Court in particular has rejected the minimum core formulation, as numerous commentators have lamented.65 South Africa is a particularly noteworthy example because “of [all the] national courts, the South African Constitutional Court ranks among those most carefully engaged with arguments for and against a minimum core of economic and social rights.”66 It is indeed revealing that the Interim South African Constitution contained the core minimum concept,67 but a mere 4 years later, the final South African Constitution excised any corresponding idea.68 At the same time, there are countervailing examples “in the legal systems of Colombia, where the Constitutional Court has explicitly adopted the minimum core in relation to the right to health, as well as the disparate constitutional systems of India, Argentina, Hungary and Spain.”69 Scholars have also cited Switzerland as an example of a jurisdiction that has favored the minimum core doctrine in its jurisprudence.70

5.2.1

The Tension Between Context Sensitivity and Universality

This variability raises the problem of ill-fit between the doctrine of the core minimum and the reality of varying country circumstances. The core minimum seems to point toward a universal enjoyment of some essential baseline provision. However, circumstances necessarily diverge across different countries. Some have suggested, for instance, that “Canada’s core minimum will go considerably beyond . . . 64

See De Schutter (2019), p. 546; see also Young (2008), p. 138; see, e.g., Toebes (2001), p. 176; Tushnet (2004), p. 1904. 65 See Forman and Singh (2014), pp. 288–318 (arguing that it was argued but rejected in Grootboom, and then later in Minister of Health v. Treatment Action Campaign 2002 (5) SA 721 (CC), 272 (S. Afr.), as well as in Mazibuko v. The City of Johannesburg 2010 (4) SA 1 (CC)). 66 See Young (2012), p. 80. 67 Interim S. Afr. Const., § 33(I)(b). 68 S. Afr. Const., § 36. 69 Young (2012), p. 80 (citing Parra-Vera and Yamin (2009)). 70 Langford et al. (2007), p. 29 n. 125 (citing V v. Einwohrnergemeine X und Regierunsgrat des Kantons Bern (BGE/ATF 121 I 367, Federal Court of Switzerland, of 27 October 1995)).

Health Reinsurance as a Human Right

101

Mali’s.”71 And, indeed, this variance in standards is not only descriptively accurate but may also be normatively desirable. Health provision should be responsive and culturally appropriate,72 and we expressly recognize this norm within the health-ashuman-right framework. General Comment No. 14 after all declares acceptability to be constitutive of the right to health, stipulating that health care be “culturally appropriate, i.e. respectful of the culture of individuals, minorities, peoples and communities.”73 Thus, any definition of core health needs must account for these differences. A requirement of state performance of the reinsurance function conceptualizes a threshold obligation for the state while also contemplating different rights-triggering thresholds or “attachment points.” Each country could define its own “attachment points” or construct its own lists of diagnoses deemed “catastrophic,” and these parameters would necessarily evolve and adapt over time. The state could nonetheless be held to the affirmative duty to provide at least the scaffolding of the institution of reinsurance itself. The adaptability of reinsurance as a policy measure may cast it as more appealing and achievable for otherwise intractable governments like the US. For too long, the idea of a core minimum has been located far outside the Overton window of what is politically possible in the US. But as I have suggested above, perhaps a core right to affirmative state provision of reinsurance, namely government backstopping in the face of disaster, has stronger grounds for recognition. The US example is just one illustration of how reinsurance could serve to operationalize the core right to health obligations in a way that targets developed as well as developing countries.74

5.2.2

The Tension Between Individualized Rights and the Systemic Duties of the State

The core minimum concept, and indeed the concept of health rights more generally, is also complicated by the tension between the individualized nature of rights and the systemic nature of health provision and delivery. One oft-cited example of this tension is the experience of Colombia in the late nineties and aughts. The availability of the tutela, a claimant-friendly 10-day pathway for constitutional claims, prompted an explosion of right-to-health suits for new high-end pharmaceuticals and procedures, many of which lacked strong evidence of cost-effectiveness.75 In 2006, state payments for services extracted by these claims totaled 162 million USD. Just

71

Alston and Scott (2000), p. 250. Murray and Evans (2003), Chapter 43, pp. 573–75. 73 CESCR General Comment No. 14, Art. 12(c). 74 See Craven (1995) (criticizing the core minimum concept for training its focus primarily on developing countries). 75 LeMaitre and Young (2013), p. 186 (noting that “in 2008, 41.5% of all tutelas claimed protection for the right to Health”). 72

102

C. S. Ho

3 years later, those payments had escalated to 963 million USD, and the year after that, it reached 1.264 billion USD.76 Meanwhile, services such as human papillomavirus (HPV) vaccines or preventive health screenings were left out of the benefit basket.77 Data suggest that these claims favored middle and upper socioeconomic strata.78 As Everaldo Lamprea observes, “The escalation of health litigation in a context of deregulation of pharmaceutical prices transformed Colombia’s hyperindividualized right-to-health litigation into a fiscal trap with detrimental effects on the financial stability of the health sector.”79 The privatization and deregulation of health financing also exacerbated the situation. These lawsuits might not have accelerated if the state could have curbed unjustified claim denials by private insurers. But Colombia “proved ineffectual in chastising health insurance companies that customarily deny . . . health services.”80 Lamprea concludes: “It is reasonable to suppose that a vigorous enforcement of disciplinary measures against rogue health insurance companies would have deterred the enactment of unlawful barriers to access and avoided much of the right-to-health litigation.”81 The Colombian example sharply illustrates the earlier observation, also reflected in the human rights documents above, that one of the most important contributions a government can make to health care consists not in the provision of items and services themselves or even the provision of the financing for the items and services. Instead, the most important state contribution lies in the establishment and assurance of background conditions, such as sound regulatory regimes that enable a functioning health system. It is upon the foundation of a reasonably functioning system that the provision of financing, care, and services can be organized. I wrote several years ago now of similar dangers looming for China’s health system, which needed strong organizing systems far more than it needed individual entitlements to rather crudely apportioned savings accounts and lists of essential drugs. Such individual financial claims, in my view, “provide[d] a superficial sense of microeconomic empowerment, while government disclaim[ed] responsibility for the macroeconomic forces in the health system.”82 At that time, I warned: “[G] overnment cannot merely provide financing and abjure any role in solving systemic and collective action problems, such as medical inflation, or the ‘brain drain’ of personnel from underserved rural areas.”83 South African Constitutional Court Justice Albie Sachs sounded a similar note in urging that the fulfillment of health rights requires the government to engage in

76 Lamprea (2014), p. 150 (citing Departmento Nacional de Planeacion, Colombia Plan Nacional de Desarrollo [National Development Plan] 2010–2014 (2011)). 77 Ibid. at 149. 78 Ibid. at 146. 79 Ibid., 152. 80 Ibid., 141. 81 Ibid. 82 Ho (2014), pp. 32–33. 83 Ibid., p. 33.

Health Reinsurance as a Human Right

103

coordinating overall market conditions. In a case where the Constitutional Court declared that the right to health included the right to government regulation of pharmaceutical pricing as a necessary condition for access to medicines, Sachs wrote: “Preventing excessive profit-taking from the manufacturing distribution and sale of medicines is more than an option for the government. It is a constitutional obligation flowing from its duties under Section 27(2).”84 This same piece of practical wisdom, illustrated across different jurisdictions, nevertheless sits uncomfortably with a key feature of rights as norms. Part of what makes a right distinct from other types of political norms is that it is at least to some degree individuated, enforceable by and owed specifically to the right bearer. Ronald Dworkin in his early account, for instance, describes rights as follows:85 [A] political right is an individuated political aim. An individual has a right to some opportunity or resource or liberty if it counts in favor of a political decision that the decision is likely to advance or protect the state of affairs in which he enjoys the right, even when no other political aim is served and some political aim is disserved thereby. . .86

Joel Feinberg invented the thought experiment of “Nowheresville” expressly in order to highlight what is lost by protecting values using duties and virtues while failing to recognize the importance of individuals claiming on their own behalves. In other words, he argues that the distinctive advantage of the rights frame is that it focuses on the role of the claimant, the bearer of rights.87 So how can this perspective be reconciled with what should be provided by the state to foster human health, much of which, it turns out, is collective in nature? This tension has provoked substantial doctrinal and intellectual spadework around the right to health. Commentators note that “structural remedies” were prominently featured for just this reason in both Grootboom,88 the South African right-to-housing case, and the landmark right-to-health case brought by the Treatment Action Campaign, seeking state provision of nevirapine to prevent HIV transmission from mother to child.89 The Constitutional Court in each of these cases ordered the government to establish plans and policies, favoring “a remedial system that does not guarantee that any particular plaintiff will receive individualized relief.”90 As Mark Tushnet notes, these South African remedial orders are related to the kind of structural remedies in the US that ordered school desegregation “with all deliberate

84

Minister of Health v. New Clicks South Africa Pty Ltd. (CCT 59/2004) [2005] ZACC 14, par. 514; see also id. at par. 706 (J. Moseneke, declaring, “Prohibitive pricing of medicine. . .would in effect equate to a denial of the right of access to health care.”). 85 Dworkin (1977), pp. 89–93. 86 Ibid., p. 91. 87 See Feinberg (1980), p. 155. 88 Government of the Republic of South Africa v. Grootboom Case No. CCT11/00. 2000 (11) BCLR 1169 (4 October 2000). 89 Minister of Health v. Treatment Action Campaign. Case No. CCT 8/02. 2002 (10) BCLR 1033 (5 July 2002). 90 Tushnet (2004), Social Welfare Rights and the Forms of Judicial Review, p. 1906.

104

C. S. Ho

speed.”91 The widespread resort to structural remedies both signals the prevalence of this tension and indicates one tool developed to address the tension. This tension also drives what Katharine Young speaks of as the turn toward the language of “core obligations.”92 This language is evident in the General Comments we examined above and focuses less on outcomes for the individual rights holder and more on the correlative duties (obligations) that the state shoulders to take action because of those rights. Young argues, however, that this shift in vocabulary from “rights” to “obligations” does not entirely vitiate the individual claimability of rights. She proposes how one could use litigation as a burden-shifting device to preserve the claimants’ role yet still emphasize the collective form of the remedy: “Once claimants were able to prove that their minimum core was not protected . . . it would be for the state, rather than the applicant, to prove that it has taken the required ‘reasonable legislative and other measures, within its available resources, to achieve the progressive realization’ of the right, or to show that any limitation is ‘reasonable.’”93 For the precise reasons I emphasized above in explaining the policy functions of reinsurance, reinsurance as a component of the core minimum might prove comparatively well suited to satisfy both poles of the individual right-collective duty axis. As a policy tool, reinsurance displays the feature of being owed to specific individuals, namely specific contracting insurers or even patients with high-cost claims, while also producing systemic effects that stabilize and reduce insurance premiums more broadly.94

6 Precedent for Reinsurance Around the World I described earlier how reinsurance has strong roots in the US and may be undergoing a policy renaissance. But reinsurance enjoys familiarity in many other parts of the world as well.

6.1

Thailand95

Thailand operates separate systems of health coverage for civil service and formal sector employees. However, farmers, the elderly, those below the poverty line, and

91

Tushnet (2008), Weak Courts, Strong Rights, pp. 244–249. Young (2012), Constituting, pp. 74–75. 93 Ibid., 83 (citing Liebenberg (2005), pp. 22–26). She later concedes that this approach would perhaps be “reduced in its effect by the doctrines of standing, ripeness, mootness, and political questions for example.” Ibid., 86. 94 See Lehmann (2006), p. 165. 95 Bennett and Ranson (2002), pp. 258–259. 92

Health Reinsurance as a Human Right

105

others outside the formal employment sector are covered by a public Universal Coverage Scheme (UCS), which has evolved over time.96 Starting in 1975 with major program overhauls since, each province began to administer “health card” schemes available on a mostly voluntary basis. Under that system, each household could purchase a “card” for roughly 500 baht and the government would match another 500 baht.97 Yet the uninsurance rate still hovered around 25%. Therefore, in 2001, Thailand undertook an ambitious populist reform to extend health coverage to everyone at little to no patient cost. Under this new nationally administered UCS system, patients receive health care from a network of public providers with nearly the entire cost funded by general tax revenue.98 Throughout these decades of transformation, Thailand has confronted the issue of catastrophic high-cost medical conditions in different ways. In the 1990s, under the 500-baht card system, each province paid 2.5% of total premiums into the central fund. When people needed health care outside their province, or required other costly services such as referral to a university hospital, this central fund covered the expenses.99 Under the current UCS system, the government has continued to make provision for these expensive services, not just by subsidizing the cost but also through active stewardship to control costs and maximize value. The Thai government’s Health Intervention and Technology Assessment Program (HITAP) is an evidence-based participatory body established to “assess the merits of high-cost medical advances” and recommend which treatments to include in the benefit package.100 The government also relies upon a price negotiation working group to bargain down the prices of high-cost items like “antiretroviral drugs, intraocular cataract lenses, erythropoietin-stimulating agents and coronary stents, saving the health-care sector an estimated 257 million USD in 2016.”101

96 Wibulpolprasert and Fleck (2014), pp. 472–473, available at: https://doi.org/10.2471/BLT.14. 030714. 97 Damrongplasit and Melnick (2009), p. 458, available at: https://www.healthaffairs.org/doi/pdf/ 10.1377/hlthaff.28.3.w457. 98 See Center for Global Development, Thailand’s Universal Coverage Scheme, available at: http:// millionssaved.cgdev.org/case-studies/thailands-universal-coverage-scheme; see also Wibulpolprasert and Fleck (2014) (interviewing Suwit Wibulpolprasert, who said that the health spending increased from 4% of the budget in the 1980s to 14% by 2014). 99 Pannarunothai et al. (2000), p. 308, available at: https://academic.oup.com/heapol/article/15/3/ 303/573306. 100 Kanitsorn Sumriddetchkajorn et al. (2019), pp. 415–422, available at https://doi.org/10.2471/ BLT.18.223693. 101 Ibid., p. 416.

106

6.2

C. S. Ho

Uganda

The Kisiizi Hospital Health Insurance Scheme was launched in Uganda in the mid-1990s.102 With an enrollment of roughly 45,000 members, it is the largest nonprofit community health insurance scheme in Uganda.103 It serves as a prepaid health service scheme for Kisiizi Hospital and its extended community-based services. Every three months, members pay premiums, which then entitle them to receive outpatient and inpatient care at Kisiizi without fear of being charged more than the designated copayment amount. In the first few years, with help from British funding, the Ugandan Ministry of Health (MOH) agreed to assume losses beyond collected premiums up to a cap of 18 million USh (roughly 13,300 USD).104 Notably, the “MOH also implicitly accepted responsibility for losses arising from epidemics, and reimbursed the scheme for a loss of 8.5 million USh from a malaria epidemic in 1998.”105

6.3

China and the Philippines

Some countries like China and the Philippines cover major catastrophic illnesses as a category separate from ordinary coverage. China, starting in 2012, introduced “Da Bing Yi Bao,” loosely translated as “Critical Illness Coverage,” which provides additional centrally funded benefits when illnesses trigger “out-of-pocket expenses [that] are more than the average disposable income per capita in the local area.”106 On the other hand, the Philippines’ PhilHealth package contains “Z Benefits,” which are oriented to disease conditions that “are deemed economically and medically catastrophic” to patients and their families.107 This classification includes certain cancers, kidney transplants for end-stage renal disease, and coronary artery bypass graft surgery.108 102

Kisiizi (Jan. 30, 2020), How a Ugandan hospital delivers health insurance through burial groups, available at: https://www.economist.com/middle-east-and-africa/2020/01/30/how-a-ugandan-hospi tal-delivers-health-insurance-through-burial-groups. 103 Kisiizi Hospital Health Insurance Scheme, available at: http://www.kisiizihospital.org.ug/wpcontent/uploadedfiles/2019/06/KISIIZI-HOSPITAL-HEALTH-INSURANCE-SCHEME-article08-2018.pdf. 104 Bennett and Ranson (2002), p. 257 (citing Musau (1999), available at http://www.phrplus.org/ Pubs/te34fin.pdf). 105 Ibid., p. 262. 106 Hai et al. (2019), available at: https://www.bmj.com/content/365/bmj.l2378. 107 Honda (2016), p. 180. 108 Dayrit MM et al., World Health Organization (2018), p. 108, available at: https://apps.who.int/ iris/handle/10665/274579; see also Querri et al. (2018), pp. 175–180, available at: https://doi:org/ 10.5588/pha.18.0046 (Table 3.13 shows the number of patients and amount of claims under these Z benefits).

Health Reinsurance as a Human Right

6.4

107

India’s VimoSEWA

India’s Self Employed Women’s Association (SEWA) has from 1972 served as a trade union for female informal sector workers. Based on this platform, the union organized additional services such as childcare, training, and banking. VimoSEWA is the arm of SEWA that offers microinsurance, including life, accident, health, and asset coverage.109 The most common package for health insurance covers hospital stays up to a designated ceiling.110 VimoSEWA has variously operated with outside insurers as partners or brought health and asset insurance functions in-house, especially when problems emerged with their outside partners. The program faced a dramatic instance of covariant risk in January 2001, when Gujarat suffered a massive earthquake.111 VimoSEWA thereafter contracted with outside reinsurers to shield them from catastrophic risks.112 In the context of the discourse on health and development, the international community has also sounded the call for governments to fulfill a reinsurance function. The World Health Organization in 2000 convened a Commission on Macroeconomics and Health.113 The six-pronged recommendations from that effort urged countries to transition to prepayment schemes, including community financing programs supported by public funding. In the course of that project, Jeffrey Sachs, in his capacity as chair, commissioned a series of Health, Nutrition, and Population (HNP) discussion papers from the World Bank’s Human Development Network. Alexander Preker’s introduction to one of these papers called even more specifically for governments to “use. . .reinsurance to enlarge the effective size of small risk pools.”114 The prepayment community finance schemes recommended by the Commission achieve feasibility and stability only under conditions where public funding backstops these endeavors. In other words, while the right to health may require much more, state performance of the reinsurance function as a means of publicly funding community health financing schemes may be a necessary minimum precondition.

109

See Gerand, VimoSEWA, India (2005) available at: http://www.ilo.org/wcmsp5/groups/public/ @ed_emp/documents/publication/wcms_122472.pdf. 110 Ibid., 19. 111 Ibid., 7. 112 Ibid., pp. 10, 16. 113 Sachs, JD, WHO Commission on Macroeconomics and Health & World Health Organization (2001), available at: https://apps.who.int/iris/handle/10665/42463. 114 Ibid.

108

C. S. Ho

7 Conclusion Our health and human rights discourse should include the idea that we have a core health right to the state’s performance of its reinsurance function. It would be no panacea. The socioeconomic right to health would still confront the problem of indeterminacy. Questions of the proper judicial role versus those of the other democratic branches of government would persist. But two other major tensions could soften. First, it might help address the tension between the universal aspiration of the core minimum requirement and the need for context sensitivity. Second, it could bridge the tension between background systemic state duties and individualized rights. The government’s role in the affirmative provision of health is a question on which it is well worth pressing for a more ambitious response. But even as we do so, perhaps we can agree that the government should at least serve as a reinsurer, as the ultimate guarantor of risk. I have argued here that health reinsurance should rank alongside the provision of a stable currency, basic safety, security, and national defense. At a minimum, the collective human endeavor exists to assure conditions of security; as an ideal, it exists to assure the conditions of human flourishing.

References Allumbaugh J, Archambault J, Bragdon T (2017) Invisible high-risk pools: how congress can lower premiums and deal with pre-existing conditions. Health Affairs Blog, March 2. https://doi.org/ 10.1377/hblog20170302.059003 Alston P, Scott C (2000) Adjudicating constitutional priorities in a transnational context: a comment on Soobramoney’s Legacy and Grootboom’s promise. South Afr J Human Rights 16:206–268 ASPE Office of the Assistant Secretary for Planning and Evaluation (2005) Using Medicaid to Support Working Age Adults with Serious Mental Illnesses in the Community: A Handbook. A Brief History of Medicaid. Available at: https://aspe.hhs.gov/report/using-medicaid-supportworking-age-adults-serious-mental-illnesses-community-handbook/brief-history-medicaid. Accessed 22 May 2020 Barnett JC, Berchick ER, Upton RD (2019) Current Population Reports, P60-267(RV), Health Insurance Coverage in the United States: 2018. U.S. Government Printing Office, Washington, DC. Available at https://www.census.gov/library/publications/2019/demo/p60-267.html Bennett S, Ranson MK (2002) Role of central governments in furthering social goals through microinsurance units. In: Dror D, Preker A (eds) Social reinsurance: a new approach to sustainable community health financing. Washington, DC, ch. 11, pp 245–61. Available at: http://documents.worldbank.org/curated/en/425661468779093475/pdf/ 265280PAPER0Social0reinsurance.pdf Bisognano M (2012) Institute for Healthcare Improvement, An International Perspective: Leading for Better Healthcare. Presented at the 2nd Annual NHS Leadership and Management Summit, The King’s Fund, 23 May 2012 Blewett L, Drake C, Fried B (2019) Estimated costs of a reinsurance program to stabilize the individual health insurance market: national- and state-level estimates. J Health Care Org Prov Financ https://doi.org/10.1177/0046958019836060

Health Reinsurance as a Human Right

109

Bovbjerg RR (1992) Reform of financing for health coverage: what can reinsurance accomplish? Inquiry 29:158–175 Brenzel L, Newbrander W (2002) Creating favorable market environment for microinsurance and the community level. In: Dror D, Preker A (eds) Social reinsurance: a new approach to sustainable community health financing. Washington DC., ch. 15, pp 303–310 Center for Global Development, Available at: http://millionssaved.cgdev.org/case-studies/ thailands-universal-coverage-scheme. Accessed 21 May 2020 CMS (2018) CMS Adopts the Methodology for the Permanent Risk Adjustment Program Under the Patient Protection and Affordable Care Act for the 2017 Benefit Year. Available at: https:// www.cms.gov/newsroom/press-releases/cms-adopts-methodology-permanent-risk-adjustmentprogram-under-patient-protection-and-affordable. Accessed 21 May 2020 Counihan K (2016) Building on premium stabilization for the future. The CMS Blog. Available at: https://ccf.georgetown.edu/wp-content/uploads/2016/08/Building-on-Premium-Stabilizationfor-the-Future-_-The-CMS-Blog.pdf. Accessed 21 May 2020 Craven M (1995) The ICESCR: a perspective on development. Clarendon Press Damrongplasit K, Melnick GA (2009) Early results from Thailand’s 30 baht health reform: something to smile about. Health Affairs 28(3):457–466. Available at: https://www. healthaffairs.org/doi/pdf/10.1377/hlthaff.28.3.w457 Daschle T, Greenberger SS, Lambrew JM (2008) Critical: what we can do about the health-care crisis. Thomas Dunne Books. St. Martin’s Press Dauber ML (2013) The sympathetic state: disaster relief and the origins of the American Welfare State Dayrit MM et al (2018) The Philippines health system review. World Health Organization, Regional Office for South-East Asia, New Delhi. Available at: https://apps.who.int/iris/ handle/10665/274579 De Schutter O (2019) Public budget analysis for the realization of economic, social and cultural rights: conceptual framework and practical implementation. In: Sen (Author) A, Young K (eds) The future of economic and social rights (globalization and human rights). Cambridge University Press, Cambridge, pp 527–623. https://doi.org/10.1017/9781108284653.020 Dworkin R (1977) Taking rights seriously. Harvard University Press, Cambridge Eggers PW (2000) Medicare’s end stage renal disease program. Health Care Financ Rev 22 (1):55–60. Available at: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4194691/ Eskridge W, Ferejohn J (2010) A republic of statutes: the new American constitution. Yale University Press Feinberg J (1980) The nature and value of rights, reprinted in rights, justice, and the bounds of liberty. Princeton University Press, pp 143–155 Forman L, Singh J (2014) The role of rights and litigation in assuring more equitable access to health care in South Africa. In: Flood C, Gross A (eds) The right to health at the public/private divide: a global comparative study. Cambridge University Press, Cambridge, pp 288–318. https://doi.org/10.1017/CBO9781139814768.015 Gerand D (2005) VimoSEWA India, CGAP Working Group on Microinsurance Good and Bad Practices Case Study No. 16. Available at: http://www.ilo.org/wcmsp5/groups/public/@ed_ emp/documents/publication/wcms_122472.pdf Glauber JW, Miranda MJ (1997) Systemic risk, reinsurance, and the failure of crop insurance markets. Am J Agric Econ 79(1):206–215. https://doi.org/10.2307/1243954 Government of the Republic of South Africa v. Grootboom Case No. CCT11/00. 2000 (11) BCLR 1169 (4 October 2000) Hai F et al (2019) Enhancing financial protection under China’s social health insurance to achieve universal health coverage. BMJ 365:l2378. https://doi.org/10.1136/bmj.l2378 Hall M (2010) The three types of reinsurance created by federal health reform. Health Aff 29 (6):1168–1172. Available https://doi.org/10.1377/hlthaff.2010.0430

110

C. S. Ho

Ho CS (2014) Health rights at the juncture between state and market: the people’s Republic of China. In: Flood C, Gross A (eds) The right to health at the public/private divide: a global comparative study. Cambridge University Press Ho CS (2017) Are we suffering from an undiagnosed health right? Am J Law Med 42(4):743–796 Ho CS. With Liberty and Reinsurance for All (unpublished manuscript). Available at https://papers. ssrn.com/sol3/papers.cfm?abstract_id¼3840904. Honda A (2016) Strategic purchasing in China, Indonesia and the Philippines. Comp Country Stud 2(1) Available at: https://apps.who.int/iris/bitstream/handle/10665/252763/9789290617686eng.pdf?sequence¼1 Hunt P (1996) Reclaiming social rights, international and comparative perspectives. Dartmouth Publishing International Covenant on Economic, Social and Cultural Rights (ICESCR), GA. Res. 2200A(XXI) of 16 December 1966, entered into force 3 January 1976 Jacobi J (2007) The present and future of government-funded reinsurance. St. Louis Univ Law J 51:370 Kisiizi Hospital Health Insurance Scheme, available at: http://www.kisiizihospital.org.ug/wpcontent/uploadedfiles/2019/06/KISIIZI-HOSPITAL-HEALTH-INSURANCE-SCHEME-arti cle-08-2018.pdf. Accessed 21 May 2020 Kreidler M (2020) Letter to members of the Washington State Congressional Delegation. Available at: https://www.insurance.wa.gov/sites/default/files/documents/letter-to-washington-congressio nal-delegation-reinsurance-and-covid-19.pdf. Accessed 21 May 2020 La Forgia G, Nagpa S (2012) Government sponsored health insurance in india: are you covered 266. World Bank 2012 https://elibrary.worldbank.org/doi/book/10.1596/978-0-8213-9618-6 Creative Commons Attribution CC BY 3.0 IGO Lambrew J, Montz E (2018) The next big thing in health reform: where to start? The American Prospect. Available at http://prospect.org/article/next-big-thing-health-reform-where-start. Accessed 21 May 2020 Lamprea E (2014) Colombia’s right-to-health litigation in a context of health care reform. In: Flood C, Gross A (eds) The right to health at the public/private divide: a global comparative study. Cambridge University Press, pp 131–158 Langford M, Nolan A, Porter BW (2007) The justiciability of social and economic rights: an updated appraisal. NYU School of Law Center for Human Rights and Global Justice. Available at: http://socialrightscura.ca/documents/publications/justiciability-social-econ-rights-updatedappraisal.pdf Lehmann K (2006) In defense of the constitutional court: litigating socio-economic rights and the myth of the minimum core. Am Univ Int Law Rev 22(1):163–197 LeMaitre J, Young K (2013) The comparative fortunes of the right to health: two tales of justiciability in Colombia and South Africa. Harv Human Rights J 26:179–216 Liebenberg S (2005) The value of human dignity in interpreting socio-economic rights. S Afr J Human Rights 21:22–26 Monahan AB, Schwarcz D (2013, 1935) Saving small-employer health insurance. Iowa Law Rev 98. Available at https://scholarship.law.umn.edu/faculty_articles/577 Moss D (2004) When all else fails: government as the ultimate risk manager. Harvard University Press Murray CJL, Evans DB (2003) World Health Organization. Ch. 43 in Global Programme on Evidence for Health Policy. Health systems performance assessment: debates, methods and empiricism. Available at: https://apps.who.int/iris/handle/10665/42735 Musau SN (1999) Community-based health insurance: experiences and lessons learned from east and Southern Africa. Technical Report No. 34. Partnerships for Health Reform Project, Abt Associates Inc., Bethesda Pannarunothai S et al (2000) Financing reform of the thai health card scheme. Health Policy Plan 15 (3):303–311. Available at: https://academic.oup.com/heapol/article/15/3/303/573306

Health Reinsurance as a Human Right

111

Parra-Vera O, Yamin AE (2009) How do courts set health policy? The case of the Colombian Constitutional Court. PLoS Med 6(2):e1000032. https://doi.org/10.1371/journal.pmed.1000032 Persad G (2020) Expensive patients, reinsurance, and the future of health care reform (March 24, 2020). Emory Law J 69, Forthcoming; U Denver Legal Studies Research Paper No. 20-15. Available at SSRN: https://ssrn.com/abstract¼3584782 Quadagno J (2015) The transformation of medicaid from poor law legacy to middle class entitlement. In: Wailoo K, Zelizer J, Cohen A (eds) Medicare and Medicaid at 50. Oxford University Press, New York Querri A et al (2018) The challenges of the Philippines’ social health insurance programme in the era of Universal Health Coverage 8(4). https://doi:org./10.5588/pha.18.0046 Radermacher R et al (2005) Yeshasvini Trust, Karnataka, India, CGAP Working Group on Microinsurance--Good and Bad Practices, Case Study No, 20. Available at: https://www.ilo. org/employment/Whatwedo/Publications/WCMS_122476/lang%2D%2Den/index.htm Radermacher R, Roberts Singh J, Srivastava S (September 23, 2009) Integrated risk management in microinsurance. Microfinance: An Innovative Tool for Disaster and Risk Reduction, IDRC (ed) Available at SSRN: https://ssrn.com/abstract¼1477272 Rothschild M, Stiglitz J (1976) Equilibrium in competitive insurance markets: an essay on the economics of imperfect information. Quart J Econ 90(4):629–649. Available at: https://www. uh.edu/~bsorense/Rothschild&Stiglitz.pdf Sachs JD, WHO Commission on Macroeconomics and Health & World Health Organization (2001) Macroeconomics and health: investing in health for economic development: executive summary/report of the Commission on Macroeconomics and Health. World Health Organization. https://apps.who.int/iris/handle/10665/42463 Schoenman JA (2012) The Concentration of Health Care Spending, NIHCM Foundation Data Brief. Available at: https://www.nihcm.org/pdf/DataBrief3%20Final.pdf. Accessed 21 May 2020 SHADAC, Resource: State-Based Reinsurance Programs via 1332 State Innovation Waivers. Available at: https://www.shadac.org/publications/resource-state-based-reinsurance-programs1332-state-innovation-waivers. Accessed 21 May 2020 Sumriddetchkajorn K et al (2019) Universal health coverage and primary care, Thailand, Bulletin of the World Health Organization 97:415–422. https://doi.org/10.2471/BLT.18.223693 Swartz K (2005) Reinsurance: how states can make health coverage more affordable for employers and workers. The Commonwealth Fund. Available at: https://www.commonwealthfund.org/ publications/fund-reports/2005/jul/reinsurance-how-states-can-make-health-coverage-moreaffordable. Accessed 20 May 2020 Swartz K (2006) Reinsuring health: why more middle-class people are uninsured and what government can do. Russell Sage Foundation, New York. Available at: https://www. russellsage.org/sites/default/files/0871547272text.pdf Syzmendera S (2009) Social Security Disability Insurance (SSDI) and Medicare: The 24-Month Waiting Period for SSDI Beneficiaries Under Age 65. Congressional Research Service. Available at: https://greenbook-waysandmeans.house.gov/sites/greenbook.waysandmeans.house. gov/files/2012/documents/RS22195_gb_0.pdf. Accessed 22 May 2020 Tax Policy Briefing Center, Key elements of the U.S. Tax System. Available at: https://www. taxpolicycenter.org/sites/default/files/briefing-book/key_elements_of_the_us_tax_system.pdf. Accessed 22 May 2020 The Economist, Middle East & Africa (2020) How a Ugandan hospital delivers health insurance through burial groups, available at: https://www.economist.com/middle-east-and-africa/2020/ 01/30/how-a-ugandan-hospital-delivers-health-insurance-through-burial-groups. Accessed 21 May 2020 Toebes B (2001) The right to health. In: Eide A, Krause C, Rosas A (eds) Economic, social and cultural rights, 2nd edn. Martinus Nijhoff, Dordrecht/Boston/London, pp 169–190 Tushnet M (2004) Social welfare rights and the forms of judicial review. Tex Law Rev 82:1895, 1904

112

C. S. Ho

Tushnet M (2008) Weak courts, strong rights: judicial review and social welfare rights in comparative constitutional law. Princeton University Press, Princeton. https://doi.org/10.2307/j. ctt7s5kr UN Committee on Economic, Social and Cultural Rights (CESCR), General Comment No. 14: The Right to the Highest Attainable Standard of Health (Art. 12 of the Covenant), 11 August 2000, E/C.12/2000/4, available at: https://www.refworld.org/docid/4538838d0.html. Accessed 21 May 2020 UN Committee on Economic, Social and Cultural Rights (CESCR), General Comment No. 3: The Nature of States Parties’ Obligations (Art. 2, Para. 1, of the Covenant), 14 December 1990, E/1991/23, available at: https://www.refworld.org/docid/4538838e10.html. Accessed 21 May 2020 United Nations Human Rights Office of the High Commissioner, Committee on Economic, Social and Cultural Rights, available at: https://www.ohchr.org/en/hrbodies/cescr/pages/cescrindex. aspx. Accessed 21 May 2020 Wibulpolprasert S, Fleck F (2014) Thailand’s health ambitions pay off. Bull World Health Organ 92(7):472–473. https://doi.org/10.2471/BLT.14.030714 Xu J et al (2019) Reforming public hospital financing in China: progress and challenges. BMJ 365: l4015. https://doi.org/10.1136/bmj.l4015 Young K (2012) Constituting Economic and Social Rights: The Path to Transformation. Available at SSRN: https://ssrn.com/abstract¼2419986 Young KG (2008) The minimum core of economic and social rights: a concept in search of content. Yale Int Law J 33:113–175. Available at: https://digitalcommons.law.yale.edu/cgi/viewcontent. cgi?article¼1337&context¼yjil

The Role of Cooperatives and Mutual Health Organizations in the Extension of Nondiscriminatory Universal Health Insurance in Africa Clément Labi and Willy Tadjudje

Abstract In most African countries, there is no universal health insurance. More aggravatingly, the national funds for social insurance, open only to formal sector workers, do not support the risk of disease. Therefore, people do not have access to quality healthcare, given the high prices practiced in health centers. Rich people can afford the prices for private insurance schemes, but the poor (more numerous) are left to themselves with no insurance. Therefore, the predominant system discriminates against the relatively poor, who are already statistically more likely to face serious health issues. Yet every human being has the right to health, as recalled by the Universal Declaration of Human Rights (Article 25) or the International Covenant on Economic, Social and Cultural Rights (Article 12). That is a reason why in recent years, programs for the promotion of mutual health organizations (MHOs) have been developed on the continent as an alternative for access to healthcare for all. Mutual societies are autonomous associations of people who want to organize their own healthcare by means of contributions and through a contract with a health center. It is therefore a service organized by private actors to provide social services (microinsurance), following a solidarity approach. In 2014, a study was conducted on the state of MHOs, and it was found that their penetration rate does not exceed 2% in most countries, even though they are accessible to all. Various reasons may explain this weakness. The main reasons include the nonrespect of healthcare agreements in health centers (usually public hospitals) as well as the difficulty of collecting contributions due to irregular incomes of members of MHOs, usually informal sector actors. On the first point, it was proposed to associate health cooperative clinics (HCC) with MHOs. The clinics

C. Labi (*) University of Luxembourg, Luxembourg, Luxembourg e-mail: [email protected] W. Tadjudje University of Luxembourg, Luxembourg, Luxembourg CRIDES of the Université catholique de Louvain, Leuven, Belgium © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_5

113

114

C. Labi and W. Tadjudje

are the property of the MHO, and the problem of agreement may find a solution. Moreover, the cooperative and the mutual society share the same operating principles as social and solidarity economy organizations. On the second point, it was advised to make contracts with organized groups, in particular agricultural cooperatives, in order to facilitate the collection of contributions with the help of savings and credit cooperatives. These experiments are currently underway in various African countries, and we intend to focus on Cameroon. The ambition is to raise public awareness of the possibility of laying the groundwork for public universal health insurance based on the experience of cooperatives and MHOs. The purpose of this reflection is to examine the conditions to be fulfilled in order for cooperatives and mutual societies to play a leading role in the access to quality healthcare insurance, as well as the promotion of the right to healthcare for all, thus alleviating the issues associated with health coverage discrimination. Thus, in assessing the consequences of the absence of mandatory health insurance, the prospect is to see to what extent such insurance can emerge in African countries, especially in Cameroon, following the experience of European countries, particularly Belgium, where this mandatory health insurance is carried by MHOs.

1 Introduction It might be difficult to conceive, let alone comprehend, that there existed health insurance mechanisms before the first healthcare, state-run systems (social security) were put in place. At some level, it might have always been the case: Can we imagine any kind of substantial civilization in which the sick and the elderly could have been left entirely unprotected? Even at a rudimentary level of advancement, the family played a role in caring for those unable to fend for themselves. The point might appear trivial, but it goes to show that a system where the state runs a de jure or de facto absolute monopoly over healthcare (therefore at the exclusion of the family) must be considered a monstrosity. There is a considerable risk at this stage of the analysis to paint Africa with too broad a brush. First, of course, the geographical reality of Africa belies the fact that its precolonization inhabitants would identify themselves by their ethnicities or tribes, by their religion, but not by their dwelling on Africa in toto, and we have no reason do to so otherwise. Ferdinand Ezembe, nevertheless, sees that African indigenous medical practices could be called sociotherapies because they are aimed at the healing of not only a diseased individual but also the entire group to which the individual belongs.1 Furthermore, the emphasis is not put on medicine as a theoretical discipline or branch of knowledge but more on healing, not only the physical body (where illness

1

See in particular Ezembe (2009), pp. 211–245.

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

115

expresses an imbalance or a lack of care) but also the mental body (where the individual communicates with themselves) and the spiritual body (in contact with the netherworld and the spirits of the ancestors). When the main colonial powers took over Sub-Saharan Africa, they established a European-style healthcare coverage that protected only (or at most) public servants.2 Upon the occurrence of decolonization, which accelerated in the 1950s and 1960s, newly created states, which did not coincide with local realities and ethnic groups, were left in charge of the healthcare of their millions of inhabitants. The unanimously acknowledged fact is that the level and quality of healthcare provided by African governments are insufficient and detrimental to the local populations3 so that only 17.2% of the African population can receive monetary compensation according to the International Labour Organization (ILO). In general, Africa is of the greatest concern as regards the lack of social protection.4 To quote the harsh words of the ILO5 itself in its most recent report, “Africa is the continent where the greatest proportion of the population does not have access to social protection and adequate healthcare, and where human needs are largest. The experience of sub-Saharan Africa with social development in the period between 1981 and 2005 was far from positive, with an additional 176.1 million people falling into severe poverty.”6 The context is also aggravated by serious health insurance issues, where some sicknesses are either endemic or epidemic.7 Evidently, the impact of the slave trade notably has also had a century-long detrimental effect on African populations. In general, there is a very strong correlation between areas where slave trade was predominant and future poor economic performance,8 notably in terms of healthcare and health insurance, since the areas heavily raided are likely to be less trustful in the following centuries.9

2

See the excellent analysis of Dr Felix Acthadé available at https://silogora.org/protection-socialeafrique-sub-saharienne/. 3 Association international de la sécurité sociale, 10 défis mondiaux pour la sécurité sociale – Afrique, 2017. 4 See https://www.ilo.org/global/about-the-ilo/newsroom/news/WCMS_601903/lang%2D%2Den/ index.htm. 5 International Labour Organization (2017), p. 121. 6 The exceptionalism of the African continent in this regard can be better explained in terms of a complex of postcolonialism and generally poor governance. As an illustration of the flaws of governance over the continent (with the usual caveats regarding differences from one country to another and also as to the reliability of date on a phenomenon that is by design covert), corruption in particular has been described as having “reached cancerous proportions.” In fact, so pervasive is this phenomenon in the region that it has been labeled the “AIDS of democracy.” See Hope (2000), p. 17. 7 Wainberg (2014), p. 19896. 8 Nunn (2008), pp. 139–176. 9 Nunn and Wantchekon (2011), pp. 3221–3252.

116

C. Labi and W. Tadjudje

Universal healthcare is a paramount ideal from both a value standpoint and an economic standpoint (raise life expectancy and eliminate preventable death as a sine qua non for African development). Basic fundamental notions of human rights, such as the right to life or even equality, lose their meaning when an equivalent level of protection against illnesses, accidents, and the negative effects of old age cannot be offered to everyone. But from a purely economic standpoint, besides the works of Dr Esther Duflo and her husband, Dr Abhijit V. Banerjee, on the effects of good health on development10 (Dr Duflo’s work in the Indian context is particularly noteworthy11), which are now common knowledge for any self-respecting development economist, a longer life expectancy in itself is extraordinarily beneficial to an economy. For instance, it has been found in 2005 by two economists working for the United States National Bureau of Economic Research that “a single percent reduction in mortality from cancer or heart disease would be worth nearly $500 billion to current and future Americans.”12 Because the stakes are so high and the solutions implemented have been so far unsuccessful, with some notable exceptions (the International Labour Organization does note that “universal non-contributory pension schemes have been successfully developed in Botswana, Lesotho, Namibia, Seychelles, Swaziland and Zanzibar” and that “Algeria, Cabo Verde, Mauritius and South Africa, have achieved universal coverage by a mix of contributory and non-contributory programmes”13), it has become necessary to achieve better results through alternative means: cooperatives and MHOs.

2 The Role of Cooperatives and MHOs in the Access to Quality Health Insurance In the absence of social security insurance, cooperatives and MHOs can play a leading role in providing health services to populations, especially the more vulnerable, that are active in the informal sector.14

10

Duflo and Banerjee (2011). Duflo et al. (2008), pp. 1–9. 12 Murphy and Toppel (2005), www.nber.org/papers/w11405.pdf. 13 International Labour Organization (2017), p. 121. 14 The informal sector in Africa, and more particularly in Cameroon, employs almost 90% of the population. More concretely, it is 53% in the informal agricultural and 37.5% in the informal nonagricultural. Tsafack Nanfosso (2016), pp. 1135–1152. 11

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

2.1

117

MHOs to Fulfill a Role of Solidarity Health Microinsurance

To understand how MHOs operate to offer health microinsurance services to their members, it is important to recall the definition proposed by the ILO (International Labour Organization). According to this organization, a mutual institution – or mutual – is a voluntary association of people (therefore free membership), non-profit (which does not therefore seek profit), whose operation is based on solidarity among its members. On the basis of the decisions of the members and by means of their contributions, the mutual society carries out, in their favor and that of their family, a provident, mutual aid and solidarity action in the field of social risks. As a result, a mutual is a social movement.15 The principle of solidarity and mutual aid can describe, at least partially, the essential philosophy of the operation of MHOs. This is the very foundation of mutuality. Its implications are twofold. On the one hand, each member pays a contribution regardless of their personal risk of falling ill. Also, the amount of the contribution is not determined by the member's age, sex, or health status. On the other hand, each member benefits from the same services in the event of illness for the same level of contribution.16 In MHOs, a system of solidarity and mutual aid between the sick and the healthy, between the young and old, and between the different professional and social categories, which is not necessarily found in insurance companies, is established. Solidarity and mutual aid in MHOs do not only concern the financial aspect. They can also be concretized by a voluntary commitment of the different actors, an attitude rather not found in the commercial companies.17 In practice, MHOs can make a significant contribution to improving the living and working conditions of the population. In the absence of a social security system, and following the high prices in commercial insurance companies, MHOs seem to offer an undeniable chance for the most vulnerable to access social protection. In this context, clinics and hospitals apply the principle of prepayment, which is a serious handicap to the populations mostly active in the informal sector and have irregular incomes. But knowing that “there is no rendezvous with the disease,” when it comes, one must react. In the face of the risk of illness, most people either resort to selfmedication (street drugs), confide in traditional practitioners, sell personal properties (sometimes including work materials), or go to loan sharks to access money to pay for medical expenses. Such a system is not sustainable, and it is in this sense that MHOs can provide appropriate solutions. 15

This definition seems to correspond, more specifically, to mutual health insurance. However, mutual insurance is usually formed to organize financial activities. It can be microinsurance and insurance, on the one hand, or banking and microfinance, on the other. 16 Tadjudje (2015), p. 146. 17 Tadjudje (2015), p. 146.

118

2.2

C. Labi and W. Tadjudje

Health Cooperatives to Facilitate Access to Care and Medication

In their practice, MHOs are usually confronted with contractual problems. Indeed, they are just entities offering a microinsurance system. Therefore, for such a system to function properly, they must enter into agreements with clinics or hospitals for the care of their members. From our observations in Cameroon, when MHOs collaborate with public hospitals or private clinics, they usually fail to meet their commitments. As a result, the members of the MHOs are not always adequately cared for in these health facilities, though they are entitled to be so under the microinsurance contract that binds them with their MHO. To find solutions, MHOs now favor collaborations with private organizations that operate according to the principles and values they share. They are particularly associations, even more of cooperatives. Cooperatives are present in all countries around the world. Unlike MHOs, they are well organized internationally under the ICA (International Cooperative Alliance). According to the ICA, a cooperative is an autonomous association of persons united voluntarily to meet their common economic, social, and cultural needs and aspirations through a jointly-owned and democratically controlled enterprise.18 A cooperative is a legal form of enterprise that can be used in all kinds of business. It is also the case for health services. A health cooperative is one whose business goals are primarily or solely concerned with healthcare. These cooperatives provide one or more services related to illnesses, accidents, health promotions, wellness, treatment, care, as well as rehabilitation.19 Concerning cooperatives in the health sector, these are mainly those that provide health services. More and more, they are created in various countries. They have a double advantage: on the one hand, they allow greater accessibility to medical doctors. On the other hand, they allow young people who have left medical school to find a job. Many health cooperatives are (micro)insurance providers like MHOs. In our developments, we will only focus on health cooperatives as health cooperative clinics (HCCs). According to Jean-Pierre Girard, we can classify HCCs into at least three categories: • Users or consumers: in this category, the services are directed to the members who are the owners of the cooperative. They hire medical doctors to work for them in their health cooperative clinic.

18

This definition is extracted from the International Statement of cooperative identity, 1995. This statement also contains seven principles and values. This definition, principles, and values are usually inserted in laws governing cooperatives. 19 Girard (2014), p. 8.

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

119

• Providers: in this category, the owners of the cooperative are the providers—the medical doctors. They are the producers of services, and they offer them to the market. Concretely, this is a worker cooperative. • Multistakeholder: this category includes at least two different types of members’ categories, usually users and providers, but it might concern other categories.20 In this perspective, pharmacy cooperatives play a specific role. In reality, if a patient receives treatment from an HCC and is not able to buy drugs, then the system is not sustainable. People can create cooperative pharmacies to complete their medical care. To build economies of scale, primary-level user-owned cooperative pharmacies can set up their own secondary networks, which undertake joint purchasing, common service, and common marketing functions.21

3 The Current Poor Record of Health Cooperatives and MHOs 3.1 3.1.1

The Causes MHOs

Our country of reference is Cameroon. In 2010, SAILD22 conducted a census of MHOs. The results showed a significant increase in these structures in Cameroon over the previous 10 years, rising from nine in 2000 to 37 in 2003, then to 150 in 2007, and to 158 in 2010. However, despite this number, the covered population remains very low, not exceeding 2% of the total population. In 2011, PROMUSCAM23 found that MHOs met with difficulties throughout the territory. The experiences of setting up MHOs have therefore had a very limited scope and duration. The reasons most often mentioned relate to the following: • • • • • • •

Absence of a legal framework Weakness of integrity in the management of financial resources Incomprehension of the mutualist logic (which slows down adhesions) Difficulty of control in case of misuse Difficulty in paying and collecting contributions Lack of concrete training (backing on volunteering) Poor reception in health facilities (noncompliance with the terms of the partnership agreements with healthcare providers) • Long distances, in some respects, to reach health facilities, etc.

20

Girard (2014), p. 5. Girard (2014), p. 6. 22 Services d’appui aux initiatives locales - Support services for local development initiatives. 23 Platform of Promoters of Mutual Health in Cameroon. 21

120

C. Labi and W. Tadjudje

These facts reflect a weakness in terms of governance and management. An explanation can be found in the fact that organizations usually operate on the basis of volunteering, in the absence of sufficient resources to recruit a professional staff. The weakness of the results obtained by MHOs is hardly good publicity, and one can thus notice a decrease or stagnation of adhesions. Members would like to be able to benefit from care, with the certainty that their contributions are well managed. In this perspective, the legal issue seems to be more important. For the moment, there is no legislation governing MHOs in this country or even in Central Africa. At the national level, Cameroon seems to be in an advanced process of reflection for a law in this area. Without a law governing MHOs, it becomes possible to ignore people’s rights. In this perspective of an absence of a legal framework, MHO initiatives are mainly established as associations. An association is a convention by which people pool their knowledge or activities for a purpose other than to share profits (Article 2 of the 1990 Law on Freedom of Association in Cameroon). According to BEPHA,24 one of the largest MHOs in Cameroon, with no legal framework, everything is mixed, and illusionists take the opportunity to make an infringement of the rights of MHO members. Some do not hesitate to flee with the contributions of members, leaving them without a possibility to exercise remedies. The law could provide relevant answers to the questions on the definition of MHO and the precise rights and obligations of MHOs and their members. Related issues also arise, such as MHOs’ accounting as well as drug pricing, to keep the system running smoothly.

3.1.2

HCCs

In Cameroon, all cooperatives, whatever their activity, are governed by the OHADA25 Uniform Act, relating to cooperative societies. These also include health cooperatives. The OHADA cooperative law is a general set of rules applicable to all kinds of cooperatives. It does not envisage special rules based on their activity, as is the case in other legal contexts (for example in East Africa). In addition to the status of cooperatives, common initiative groups (CIGs) should also be considered. CIGs are covered by Cameroon’s 1992 law governing cooperatives and CIGs (Law 92/006 of 14 August 1992 and Its Implementing Decree of 23 November 1992). Indeed, with the entry into force of the Uniform Act of OHADA in 2010, which only governs cooperatives, the CIGs remained functional under the auspices of the 1992 Act. They are mainly active in the health and agricultural sectors. CIGs can be considered small-scale cooperatives. In Cameroon, thus, besides the general law governing cooperatives, a corpus of special rules applicable to health cooperatives does not exist. This can pose

24 25

Bamenda ecclesiastical Health Assistance. we met in the fall of 2017. Organization for the harmonization of business law in Africa.

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

121

problems, in particular with regard to the institutional dimension. Cooperatives in Cameroon remained under the administrative supervision of the ministry in charge of agriculture and rural development, while at the same time cooperatives are active in various fields, beyond the agricultural sphere. Curiously, taking into consideration the present legal context, the relationship between the authorities in charge of delivering technical approval (technical supervision, Ministry of Health) and those determining who are qualified for registration (administrative supervision, Ministry of Agriculture) is not clearly specified. This situation creates crispation, in particular within the Ministry of Health of Cameroon, which remains relatively reticent to grant technical approval to health cooperatives. This attitude can be justified by the lackluster experience of CIGs. In recent years, many CIGs have been created. The Ministry of Health regrets the fact that the Ministry of Agriculture has been able to register health CIGs without its approval. On that ground, health CIGs seem to be heavily criticized in their modus operandi, and many have been ordered to close, by order of the administrative authorities. According to the local press, in December 2013, the Minister of Public Health launched in Yaoundé a national campaign against the illegal practice of medicine. According to the Ministry of Health, illegal practice of medicine is one of the main causes of maternal and infant mortality in Cameroon since staff that attends to pregnant women in health facilities are often incompetent, failing to recommend timely transfers to hospitals, which often have the technical platform and adequate staff. This illegal practice of medicine particularly pertains to the activities of health CIGs. The Cameroon National Order of Physicians notes that health CIGs have no place in the nomenclature of the Ministry of Public Health. It also denounces the fact that the Ministry of Health does not have, until now, the means to control these structures, which are rather approved by the Ministry of Agriculture. The Minister of Health noted that more than 500 unaccredited health facilities operated in Cameroon. According to him, the first phase of the campaign will last for six months and will just be an outreach; after that, repressive measures will follow. They will go from suspension to permanent closure, sometimes to be accompanied by pecuniary sanctions. According to Cameroon's Growth and Employment Strategy Paper 2010–2020, the rate of health consultation in informal structures is at 29.7%. It has increased slightly since 2001, when it was 24.5%. This increase is the result of the multiplication of CIGs/health nongovernment organizations (NGOs) and informal drug vendors, which account for 18.4% of the consultations in informal structures. It can also be explained by the household strategy, wherein consultations are being done at the patient’s or health personnel’s home and cheaper healthcare facilities are used. This recourse of the population to informal health structures is more pronounced among the poor than the nonpoor.26 CIGs being considered as a simplified model of cooperatives and considering they are perceived by the Ministry of Health as illegal health facilities, this may

26

Republic of Cameroon (2009), p. 39.

122

C. Labi and W. Tadjudje

explain the embarrassment of the Ministry of Health when talking about health cooperatives.

3.2

Possible Solutions and Perspectives

The major challenge for MHOs is financing. Indeed, it is very expensive to set up an MHO, and most initiatives fail because of underestimation in this aspect. This is explained by the mechanism of insurance, which requires a lot of financial means for the establishment. It is more interesting to build on existing initiatives or to focus on only a few, instead of scattering small MHOs whose viability might not be guaranteed. Through contracting and subject to the existence of health facilities, an MHO can operate on a very large area, especially if we take advantage of the current benefits of technology. Local offices or branches can be set up to ensure proximity and animation, without them being autonomous organizations. On the other hand, it would be beneficial to create HCCs all over the territory in order to be closer to the population. The proximity of health services to the population is a guarantee of the sustainability of mutualist initiatives. Another challenge for cooperatives and MHOs is the establishment of appropriate legal and institutional frameworks. It is important that the law defines what an MHO is, the rights and obligations of the various actors, the modalities of operation, as well as the constraints and responsibilities. This is also true for cooperatives. It would be important to put in place a specific law on health cooperatives to frame a number of parameters, including the coordination of contractual relationships within an HCC or a cooperative pharmacy. The introduction of a law could put an end to the institutional problem that currently prevents the establishment of health cooperatives. In addition to the legal frameworks, there should be support from the public authorities through public incentive policies. In the same vein, a significant challenge is awareness raising. The setting up of HCCs and MHOs implies membership and, therefore, the application of operating rules based on solidarity and responsibility. Without sufficient awareness of the population, the system will not be able to prosper, even in the presence of a law. To this must be added the capacity building of the actors. This involves training leaders and managers so that they can provide good services. To this end, to put an end to volunteering and to act professionally, it would be necessary to recruit people previously trained in the specific microinsurance professions and the management of health organizations. Timing is another issue, as MHOs are eager to reach critical mass while being mindful of the prudential norms, and are anxious to release resources without necessarily waiting for foreign aid. Beyond all these initiatives, an important aspect would be the establishment of a platform for networking and sharing. Organizations can work together to finance the creation of management or exploitation tools adapted to local contexts, instead of

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

123

each doing it in isolation. This is also solidarity, one of the cardinal values of cooperatives and MHOs.

4 The Development and Promotion of Cooperatives and MHOs as a Condition for the Extension of Universal Health Coverage and the Imposition of Health Insurance 4.1

Cooperatives and MHOs, the Only Organizations Close to Informal Sector Actors (the Most Numerous, Almost 90%)

It is indispensable at this point to address the reason one might choose to obtain insurance. In a stateless world, obtaining insurance involves paying a relatively small premium in order to receive benefits (in the form of monetary payments, but advantages could be procured in kind) because of unlikely but very detrimental events. The devastative effect (should they effectively occur) is the main incentive for agents to get insured, and their relatively low probability provides a happy middle in terms of expected returns for insurance companies so that insurance markets in general function relatively well, even with minimal interference from the state. The health insurance market, however, is an example of a difficult situation27 in at least two ways. First, in property insurance, contrary to say, those likely to subscribe spontaneously to health insurance would also be likely to foresee health issues or to be already victims of poor health—hence the issue of asymmetrical information. Second, an astute insurer would demand a much greater vehicular insurance premium from someone he would guess would be involved in a relatively high level of car accidents in the future and, if said driver could not afford such a premium, would refuse to enter into an insurance contract with them.28 Moral considerations forbid, however, that health insurance should be denied to categories empirically known to be more at risk. For instance, it is considered abhorrent that health insurance coverage should be denied to a man because he is HIV-positive (to counter this prohibition, insurance companies would, covertly, demand higher premiums from unmarried men over forty of age, in a well-known case of a legal cat-and-mouse play). Establishing health policies is a complicated matter that often yields suboptimal results,29 especially given that governments are neither perfectly pure in their intentions—it would actually seem that purity of heart is not a recipe for success.30

27

Arrow Kenneth (1971), p. 949. Cutler and Zeckhauser (2000a), pp. 563–643. 29 For a general assessment, see Cutler and Zeckhauser (2000b), pp. 563–643. 30 Scott (1998), p. 87 et seq. 28

124

C. Labi and W. Tadjudje

Given this mixed context of an imperfect market and even more imperfect states, why should African people elect to get their health insured? We owe to Defourny and Failon an excellent meta-study on the drivers of such a decision,31 which can be summarized as follows. It would appear that adherence to an MHO is not correlated with gender but could be correlated with older age (verifying the potential for adverse selection explained above) and most certainly with better education, both in terms of years of school of attendance and of effective literacy. Certain ethnicities seem to be more likely to subscribe (for instance, the Wolof and Bwaba, who are assessed as being culturally more open to innovation—the pragmatic importance of the values held seems to be somewhat confirmed by a positive correlation with the belief in the importance of saving for the future). Low income would seem to be a significant deterrent, and very surprisingly, the current health does not appear to matter much. In general, the belief in individual health and the confidence in the actual quality of healthcare provided play a very critical role and, it would appear, so is the belief in the principles of solidarity and mutuality (research into a Guinean MHO quotes the following verbatim: “We are in Maliando to assist each other in the matter of health. When my money has been used to treat a member that I do not know, this rejoices me. Before God I have rendered a great service. I will have his blessing. Me in turn, I can become ill. The cost of my treatment may exceed my subscription fee.”)32 Generally, the terrain would thus appear to be very propitious for the success of MHOs: there is no real adverse selection as the relatively high-earning, educated population adhere and there is no overrepresentation of those already affected by illness. The literature on formalization initiated, or at the very least popularized,33 by Peruvian economist Hernando de Soto34 is both epochal and fascinating, but there is, we believe, no relevance here nor need in formalization as the legal regime set in place for MHOS and health cooperatives satisfy the two objectives set by De Soto, which can be summarized as follows: “People need to feel secure of their legal tenure status so they can start investing in housing and business improvements; Security of tenure and resulting access to credit can only be provided by the legalization of informal settlements and businesses.”35 As explained above, further formalization might be counterproductive.

31

Defourny and Failon (2011), pp. 7–26. Criel and Waelkens (2003), pp. 1205–1219. 33 Fernandes (2002), pp. 5–8. 34 De Soto (2001). 35 Fernandes (2002), p. 6. 32

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

4.2

125

The Capacity for Cooperatives and MHOs to Negotiate with the State for the Inclusion of the Needy

In terms of their function, we assimilate cooperatives to community-based nongovernmental organizations with a service orientation, and some scholars described the role of health-sector NGOs in a way that is very similar to that we use to explain the success of MHOs.36 We owe to the seminal study of Jennifer M. Coston37 (later known below as Jennifer M. Brinkerhoff) our understanding of what the relationship between NGOs (and hence, we argue, MHOs) and the state might entail. In agreement with our own position here, the most significant polarity to explain such relationship is, according to Coston, that between “resistance to institutional pluralism,” which is conducive to attitudes of “repression” (at worst) or “rivalry” and “competition” (at best), and, at the other side of the spectrum, occurrences of “contracting,” “complementarity,” and “collaboration.” Maybe complementarity is, in our situation, the most appealing configuration. The three types of complementarity identified by Coston,38 drawing inspiration from previous works by Uphoff,39 are as follows: – Philanthropization—when a government allows the NGO/MHO “to channel resources to the local level and work with local institutions directly,” which typically involves a large-scale organization. – Intermediation—which involves, through more institutionalized MHOs, acting notably through membership organizations to perform certain functions that would be otherwise carried out by the government and obtain economic resources from it, such as subsidies; here, as noted by both Coston and Uphoff, the brokerage role evidenced by Tendler40 and according to which the local organizations “represent their constituents to government, lobbying on their behalf and mediating in service delivery,” is predominant. – “Assisted self-reliance”—the most advanced and, in our opinion, preferable configuration; it recognizes the importance of outside (governmental) help but in a strictly limited role—that of an “enlightened catalyst,”41 a terminology, and hence a concept, that we must deal with using appropriate caution.42 The conclusion is that although there exists a variety of constructive scenarios, it must be kept in mind that their availability depends on the good faith demonstrated

36

Leonard (2002), pp. 61–80. Coston (1998), pp. 358–382. 38 Coston (1998), p. 373. 39 Uphoff (1986). 40 Tendler (1982). 41 Lisk (1985), pp. 15–51. 42 Ingrao (1986), pp. 161–180. 37

126

C. Labi and W. Tadjudje

by the state and that the relationship is almost by design asymmetrical. We would be remiss if we did not mention at that stage the perspectives brought upon by the African Continental Free Trade Agreement, which entered into its operational stage very shortly before the writing of the present article,43 in the scope of which it is expected, as expressed by the Minister of Trade and Private Sector Promotion of Niger, Mr. Secko Seydou, that an improved role of civil society organizations would ask them “to learn to work together and play complementary political roles, such as acting as gatekeepers, advocates, mobilizers, educators, researchers and policy analysts” (emphasis ours).44

5 Conclusion: Can This African Solution Work Globally? Comme assez scavez, que Africque aporte tousiours quelque chose de nouveau.—François Rabelais, Gargantua (1534)

The importation and calque of European institutions in Africa, plainly, do not work. However, the healthcare debate in the rest of the world might be improved and enriched if these typically African grassroots organizations, the health cooperatives and the MHOs, are given their fair chance.

References Arrow Kenneth J (1971) The problem of ‘enlightened absolutism’ and the German States. Am Econ Rev 53(5):941–973 Coston JM (1998) A model and typology of government-NGO relationships. Nonprofit Voluntary Sector Q 27:358–382 Criel B, Waelkens MP (2003) Declining subscriptions to the Maliando Mutual Health Organisation in Guinea-Conakry (West Africa): what is going wrong? Soc Sci Med 57:1205–1219 Cutler D, Zeckhauser R (2000a) The anatomy of health insurance. In: Newhouse JP, Cutler A (eds) The handbook of health economics. Elsevier, pp 564–643 Cutler DM, Zeckhauser RJ (2000b) The anatomy of health insurance. In: Culyer A, Newhouse J (eds) Handbook of health economics. Elsevier, pp 563–643 De Soto H (2001) The mystery of capita: why capitalism triumphs in the west and fails everywhere else. Bantam Press Defourny J, Failon J (2011) Les déterminants de l'adhésion aux mutuelles de santé en Afrique subsaharienne: un inventaire des travaux empiriques. Mondes en développement 153:7–26 Duflo E, Banerjee AV (2011) Poor economics: a radical rethinking of the way to fight global poverty. Public Affairs Duflo E, Greenstone M, Hanna R (2008) Indoor air pollution, health and economic well-being. Surv Persp Integr Environ Soc 1:1–9

43

Associated Press, African leaders to launch continent-wide free trade zone, 7 July 2019. African Union, Civil Society organizations urged to play “complimentary political roles,” press release, 4 July 2019.

44

The Role of Cooperatives and Mutual Health Organizations in the Extension. . .

127

Ezembe F (2009) L'enfant africain et ses univers. Karthala Fernandes E (2002) The influence of De Soto’s mystery of capital, land lines. Lincoln Institute of Land Policy, 5–8 Girard JP (2014) Better health & social care, Boosting Innovation & Access Worldwide? How are Co-ops & Mutuals Boosting Innovation & Access Worldwide?, 2014, Volume 1: Report. An international survey of co-ops and mutuals at work in the health and social care sector (CMHSC14): https://ccr.ica.coop/sites/default/files/publication-files/international-survey-coopand-mutual-health-and-social-care-cmhsc-14-274944967.pdf Hope KR (2000) Corruption and development in Africa. In: Hope KR, Chikulo BC (eds) Corruption and development in Africa. Palgrave Macmillan, London, pp 17–39 Ingrao C (1986) The problem of ‘enlightened absolutism’ and the German States. J Mod Hist 58:161–180 International Labour Organization (2017) World Social Protection Report 2017–19 - Universal social protection to achieve the Sustainable Development Goals Leonard KL (2002) When both states and markets fail: asymmetric information and the role of NGOs in African health care. Int Rev Law Econ 22:61–80 Lisk F (1985) Popular participation in planning for basic needs: concepts, methods and practices. Gower Murphy KM, Toppel RH (2005) The value of health and Longevity, National Bureau of Economic Research. www.nber.org/papers/w11405.pdf Nunn N (2008) The long term effects of Africa’s slave trades. Quart J Econ 123(1):139–176 Nunn N, Wantchekon L (2011) The Slave Trade and the origins of Mistrust in Africa. Am Econ Rev SS101:3221–3252 Republic of Cameroon (2009) Cameroon’s Growth and Employment Strategy Paper, 2010-2020: https://www.undp.org/content/dam/cameroon/docs-one-un-cameroun/2017/dsce.pdf Scott JC (1998) Seeing like a state: how certain schemes to improve the human condition have failed. Yale University Press Tadjudje W (2015) Le droit des coopératives et des mutuelles dans l’espace OHADA. Larcier Tendler JD (1982) Turning private voluntary organizations into development agencies: questions for evaluation. U.S. Agency for International Development (AID) Tsafack Nanfosso R (2016) Trade Union and the informal sector in Africa: Cameroon. Mod Econ 7:1135–1152 Uphoff N (1986) Local institutional development: an analytical source book with cases. Kumarian Wainberg A, Kippax S, Bras M, Sow PS (2014) HIV and Ebola: similarities and differences. J Int Aids Soc 17:19896

Part III

Insurance and the Right to Privacy

Big Data, Privacy, and Protection of the User of Autonomous Vehicles: Ethical Issues, Insurance Aspects, and Human Rights Sara Landini and Kyriaki Noussia

Abstract The ethical and legal challenges resulting from information and communication technologies (ICT) are pervasive in our lives. The digitalization of mobility and the increase of data are creating new requirements to be met by vehicle safety and infrastructure with a view to protecting the rights and freedoms of data subjects. Automated/autonomous vehicles (AVs) as well as connected automated/autonomous vehicles (CAVs) and driving systems require clear cybersecurity and data protection requirements. This chapter examines the use of ICT technologies to collect massive amounts of data and the principles of fundamental rights and the interplay of the above with the drafting process of motor insurance contracts. We discuss the repercussions involved for the users/drivers of AVs/CAVs in relation to their privacy and the ethical issues and implications involved in big data collection and usage in terms of connected AVs and CAVs. We also discuss the lessons drawn from intellectual property (IP) law that can be applied to personal data and privacy, as well as examine the comparative legal regime in Germany and Italy, cybersecurity issues in relation to data, and the effect of big data and AVs/CAVs on insurance.

S. Landini (*) University of Florence, Florence, Italy e-mail: sara.landini@unifi.it K. Noussia University of Reading, Reading, UK e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_6

131

132

S. Landini and K. Noussia

1 Introduction In recent years, autonomous technology has managed to permeate nearly all forms of modern existence. The provision of legal services has not been immune to its charm1 with the promise of increased efficiency and reduced costs. The potential for change is perhaps most dramatic in the advances that autonomous technology will bring to the automotive world.2 Autonomous vehicles (AVs) have been tested in countries such as Japan, Singapore, and the US for several years. Disruptive taxi company Uber has deployed AVs in Pittsburgh.3 Although they still require human oversight, fully autonomous cars are imminent. With vehicle manufacturers such as Volvo, Ford, Tesla, and Google anticipating that their autonomous cars will be ready for consumers within the next few years, considerable thought must be given toward the legal and ethical implications for individuals.4 As cars will become even more intelligent and autonomous in the future, with AVs and connected autonomous vehicles (CAVs) contributing to road safety, this will enable the mobilization of disabled citizens and will also lead, inter alia, to a decrease in CO2 emissions.5 One of the EU goals pertains to stimulating responsible innovation in the field of AVs in a way that ethical acceptability, sustainability, and societal desirability will be taken into account. Notwithstanding the above remarks, it is notable that the current legal frameworks are not observed so as to optimally facilitate innovation or successful societal deployment of AVs.6 This chapter examines the use of ICT technologies to collect massive amounts of data and the principles of fundamental rights and the interplay of the above with the drafting process of motor insurance contracts. We discuss the repercussions involved for the users/drivers of AVs/CAVs in relation to their privacy and the ethical issues and implications involved in big data collection and usage in terms of connected AVs and CAVs. We also discuss the lessons drawn from intellectual property (IP) law that can be applied to personal data and privacy, as well as examine the comparative legal regime in Germany and Italy, cybersecurity issues in relation to data, and the effect of big data and AVs/CAVs on insurance.

1

Legal Voice (2015), http://www.legalweek.com/sites/legalweek/2015/11/12/is-artificial-intelli gence-the-key-to-unlocking-innovation-in-your-law-firm/?slreturn¼20160914110454; Jeffcott and Inglis (2017), p. 19. 2 Jeffcott and Inglis (2017), p. 19. 3 Telegraph (2016), https://www.telegraph.co.uk/business/2016/09/14/watch-uber-launches-driver less-car-service/; Jeffcott and Inglis (2017), p. 19. 4 Jeffcott and Inglis (2017), p. 19. 5 de Bruin (2016), p. 485. 6 de Bruin (2016), p. 485.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

133

2 Ethical Implications—Setting the Scene While the impact of autonomous vehicular technologies is set to be positive and far-reaching, a number of ethical implications must be properly considered before they can be safely deployed on the road. Perhaps the most significant issue faced by the onset of AVs is that of whose safety the car will be programmed to protect in the event of an accident, particularly with more vulnerable road users. This issue is akin to the “trolley problem”7 often posed by philosophers: “A train is running out of control; the brakes have failed and five people are tied to the track ahead of them. You are standing by the side of the train and can turn a lever which will send the train down a side track on which one person is tied to the track. The question is: should you turn the lever and so turn the train onto the side track to kill one person and save the life of five?" When people are asked what the “right” decision is, they will normally say to turn the lever and kill the one to save the five. Human drivers ordinarily have to make such judgment calls in the agony of the moment, whereas the programmers of AVs will have to consider such scenarios in advance and build their algorithms accordingly. Intuition tells us that we should save the most number of lives where possible. However, there are also qualitative considerations that may sway your decision. Should a person abiding by the law be preferred over someone acting in contravention? Should the young and fit be favored over the elderly or infirm? Researchers from the Massachusetts Institute of Technology (MIT) have designed a “Moral Machine,”8 whereby people can assess who they would favor in various scenarios, mirroring the unenviable choices that will have to be made.9 One view is that harm should be directed toward the occupants of the vehicle, given that they are

7

Shallow et al. (2011), pp. 593–601. http://moralmachine.mit.edu/. 9 Jeffcott and Inglis (2017), p. 22; see Acosta (2018), https://cyber.harvard.edu/sites/default/files/ 2018-07/2018-07_AVs02_0.pdf, whereby it is stated that “a research based on the SWOT analysis demonstrates the benefits of adopting automation systems in transport.” The SWOT analysis (also known as the SWOT matrix) is a strategic planning tool used to evaluate Strengths, weaknesses (Weaknesses), opportunities (Opportunities) and Threats of a project or in a company, etc. “Regulators and policymakers are increasingly involved in making important decisions about the governance of automated vehicles (AVs). Policymakers need to design comprehensive policies to deliver the benefits of AVs and to foresee and address potential unintended consequences; however, this is not an easy task. Especially given the complexity of the technology, AVs require a sophisticated analysis: beyond the apparent safety and security issues, AVs have significant potential to a raise issues related to privacy, accessibility, the environment, and land management”; with regard to human error as the main cause of car accidents and the importance of introducing automated cars, see also Gurney (2013), p. 249; Google is not the only company engaged in the arms race to develop a truly driverless vehicle. Many other companies are engaged in the same enterprise. See also Funkhouser (2013), pp. 437–438; Smith (2014), pp. 1777–1820; Garza (2012), pp. 581–616; Beiker (2012), pp. 1145–1156; Business Insider (2016), http://www.businessinsider. com/advantages-of-driverless-cars-2016-6/#traffic-and-fuel-efficiency-will-greatly-improve-2. 8

134

S. Landini and K. Noussia

responsible for introducing a machine of potential danger to the highway. This is consistent with the existing approach of the civil courts toward motorists. As Hale LJ in Eagle v Chambers (No.1) Court of Appeal, 24 July10 explained, “The court ‘has consistently imposed upon the drivers of cars a high burden to reflect the fact that the car is potentially a dangerous weapon’. A 2016 study entitled “The Social Dilemma of Autonomous Vehicles”11 examined this problem through a series of surveys. The majority of the 1928 participants agreed that, ethically, it would be better for autonomous cars to sacrifice their occupants rather than crash into pedestrians. Yet the majority also said they would not buy autonomous cars if the car prioritized pedestrian safety over their own. Manufacturers are thereby placed in the conundrum of choosing to implement an algorithm that people feel is unethical or one that people will not want to buy. Mercedes Benz has decided that their cars will favor the people inside the car. As their manager of driver assistance systems and active safety explained, “. . .you could sacrifice the car . . . but then the people you’ve saved initially, you don’t know what happens to them after that in situations that are often very complex, so you save the ones you know you can save.”12 In other words, if a car swerves to avoid another road user and instead collides with another object, the lives of those in the car are at risk and one cannot predict with certainty what other side effects may follow. The relevance of these dilemmas should wane with improvements in road safety and when AVs are normalized. It is nonetheless important that these issues are resolved in a manner society finds ethically palatable before they become the status quo. In all legal systems, there is an imperative need that the legislation passed will ensure that the ethical algorithms are consistent among different manufacturers as, from a practical point of view, it is important that cars behave predictably and there be a level playing field for consumers. Allowing manufacturers to market themselves on how well their algorithms protect the occupants of their vehicles, even at the expense of other road users, is extremely unattractive. The Volkswagen emissions scandal shows us the lengths that car manufacturers are willing to go to in order to obtain an edge over the competition. In order to avoid an ethical race to the bottom, it is important that the Government does not allow pressure from car manufacturers to permit a “laissez-faire” attitude toward regulation in this highly competitive market. There should also be consistency between different countries as it may be impractical to expect an English driver, for example, to change algorithm if they drive to France. It would also be very difficult to police such inconsistencies.13 Liability regimes in general aim to contribute, inter alia, to the prevention of accidents and to protect victims of accidents by fairly distributing damages. By

10

Eagle v Chambers (No.1) [2003] EWCA Civ 1107; [2004] R.T.R. 9 at [16]. Bonnefon et al. (2016), pp. 1573–1576; Jeffcott and Inglis (2017), p. 23. 12 Motoring.com.au (2016), http://www.motoring.com.au/kill-the-rest-says-benz-104114/; Jeffcott and Inglis (2017), p. 23. 13 Jeffcott and Inglis (2017), p. 23. 11

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

135

requiring certain minimum levels of safety, the Product Liability Directive14 seeks to prevent consumers from being exposed to defective (unsafe) products. Fair apportionment of liability must be reached through the no-fault liability regime for producers of defective products. Legal regimes addressing liability for motor vehicles aim to protect the more vulnerable road users from harm but differ significantly in their approach with others stipulating strict, no-fault liability for drivers or custodians (France) or semi-strict liability for owners or keepers (the Netherlands) or rather high standards of care for drivers (United Kingdom) of cars. These regimes were not drafted with the emergence of AVs in mind. At the EU level, the Product Liability Directive and many motor vehicle liability regimes use a concept of causality for determining and allocating liability. The notion that cars are becoming more and more autonomous and intelligent poses a challenge in terms of determining causality. A higher level of autonomy implies that it is harder to establish the exact cause of a damage-inflicting accident. Providing clarity on the levels of safety the public at large may expect from AVs will be beneficial for consumers. Different approaches in allocating liability for motor vehicles between the Member States have not yet led to further harmonization. Furthermore, while it is estimated that AVs will eventually lead to increased road safety and reduce accidents and damage along the way, the interim period in which autonomous and “traditional” cars coexist on roads may be less safe than the present situation. This imminent interim period could provide an opportunity for the European legislator to harmonize liability regimes for motor vehicles prepared for AVs. An option worth investigating may be a harmonized regime of strict no-fault liability for damage in which AVs are involved, for the owners of these vehicles.15 Whereas the advent of AV technology is promising in terms of increased safety on the roads, resulting in less damage to be covered, insurance companies also observe that when an accident is caused by autonomous technology, it would need extensive software and hardware analysis expertise in order to know how and why it occurred. To assist in answering the question of where liability lies, vehicles will be equipped with black boxes or with telematics technologies connecting AVs to a dedicated infrastructure and/or to remote servers.16 The objectives of these types of technologies are, among other things, to record the movements of autonomous cars and operational choices that are made by either the car itself or the driver controlling its movement, as well as data concerning events and objects in the vicinity of an autonomous vehicle. Black box technology records and stores the gathered data inside a vehicle and offers potential for later assessment.

14

Product Liability Directive 85/374/EEC https://eur-lex.europa.eu/eli/dir/1985/374/oj, in cooperation with the General Product Safety Directive, 2001/95/EC, http://data.europa.eu/eli/dir/2001/95/ oj. 15 de Bruin (2016), pp. 494–495. 16 Anderson et al. (2014), pp. 94–95; de Bruin (2016), pp. 494–495.

136

S. Landini and K. Noussia

Telematics technology may have wider applications. Data could not only be used for assessing errors and the causes of damage after the occurrence of accidents; it could even have a preventive effect. Vehicle-to-vehicle communication (V2V) and vehicle-to-infrastructure (V2I)17 communication could be used for the real-time prevention of accidents and serve “safety, mobility and environmental benefits” in general.18 Although black box technologies and telematics solutions such as V2V and V2I (“tracing Technology” (TT)) may be promising in terms of preventing accidents and apportioning damage caused by AV accidents, these also impose risks in terms of the right to (information) privacy of the people inside and in the vicinity of cars equipped with these technologies.19 Privacy was defined by Warren and Brandeis in 1890 as “the right to be left alone.”20 It is the fundamental right of citizens that sees to the protection of a personal sphere, whether it is virtual or physical, in which neither the government nor other citizens should interfere without permission. Many forms and types of privacy have been recognized in the literature. These can be categorized, for instance, as relational privacy versus information privacy.21 Information privacy is the right to control the use of the personal information held by persons other than the individual it concerns. It is this kind of information that can be collected, processed, and stored through AVs’ tracing technology. At the European level, there are a number of harmonization directives providing more detailed rules on information privacy, of which the Data Protection Directive (DPD)22 formed initially the core. The DPD was replaced by the General Data Protection Regulation (GDPR),23 which is directly applicable in the Member States as of May 2018, when it entered into force. The objectives of both the previous legislation, i.e. the DPD, and the current one, i.e. the GDPR, include enabling the free movement of personal data between the Member States, which has positive effects for the EU internal market, while setting strict rules for the processing of personal data, in line with the privacy protection of EU citizens. The right to privacy and the protection of personal data specifically are beneficial for consumers’ trust in cross-border industry development and innovation and growth in general. Currently, the GDPR applies to the processing of personal data.24 17

Anderson et al. (2014), pp. 94–95; de Bruin (2016), pp. 494–495. Anderson et al. (2014), p. 81; de Bruin (2016), pp. 494–495. 19 de Bruin (2016), p. 495; Acharya (2014). 20 Barron (1979), pp. 875–922. 21 For a different view, see, for instance, Finn et al. (2013). Here, a distinction is made between the privacy of the following: the person, behavior and action, communication, data and image, thought and feelings, location and space, and association. See also Solove (2010); de Bruin (2016), p. 496. 22 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. https://eur-lex.europa.eu/eli/dir/1995/46/oj. 23 General Data Protection Regulation 2016/679, (GDPR) https://eur-lex.europa.eu/eli/reg/2016/ 679/oj. 24 Art. 4(3) GDPR. 18

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

137

Personal data are defined as “any information relating to a identified or identifiable natural person.” A person is identifiable if he can be identified, directly or indirectly, “in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity,” to which the GDPR, inter alia, adds location data.25 Processing personal data is defined very broadly: any action or “operation” with regard to personal data, such as collection, storage, adaptation, and deletion, is considered as processing.26 Parties that determine the goals and means of data processing are “controllers”; those that process personal data on behalf of controllers are called “processors.”27 Personal data may only be processed “fairly and lawfully” and may only be collected for “specified, explicit and legitimate purposes,” and processing should always be in line with these purposes.28 This will be the case if, inter alia, a data subject has given his or her unambiguous consent, if processing is necessary for the performance of a contract that the data subject has entered into, or if it is necessary to comply with the legal obligations of a processor.29 Special categories of data concerning, for example, the race, ethnicity, political opinions, religion, health, or sex life of a data subject may not be processed unless explicit consent has been obtained, the processor is carrying out obligations under employment law, or the processing relates to data that have been made manifestly public by the data subject.30 As a remedy for the damage caused to the data subject that relates to the unlawful processing of personal data, the controller is liable for compensation thereof, unless he or she can prove that he or she was not responsible for the damage-causing event. Furthermore, Member States were to set up a supervisory authority to enforce compliance with the DPD rules, also equipped with “effective powers” to investigate and interfere in activities that are carried out contrary to the rules. Under the GDPR, powers of supervisory authorities are even more effective: authorities may impose fines of up to € 20.000.000 or, if higher, 4% of the annual worldwide turnover of a controller or processor for some forms of incompliancy with the GDPR rules. With regard to the processing of personal data through networks such as the Internet, both as per the DPD and the GDPR, certain measures must be taken to protect the integrity of data. At the same time, the GDPR imposes limits on the export of data to countries that have a lower level of protection than required in the EU. The GDPR requires a controller to carry out a “data protection impact assessment” (DPIA) prior to the processing of personal data using new technologies, where

25

Art. 4(1) GDPR. Art. 4(3) GDPR. 27 Art. 4(5) and 4(6) GDPR. 28 Art. 5(1)(b) GDPR. 29 Art. 6(1) GDPR. 30 Art. 9 GDPR.; de Bruin (2016), p. 497. 26

138

S. Landini and K. Noussia

this would likely result in a high risk for the rights and freedoms of individuals.31 Furthermore, the GDPR equips data subjects with the right to access their data and the right to have their data erased from systems.32 Already under the DPD, controllers were under the obligation to implement “appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.” The GDPR added that these measures should be “built into” the new technology as much as possible; must, inter alia, aim at data minimization; and must be enabled by default.33 State-of-the-art security and implementation costs must be taken into account for the implementation of measures. Furthermore, these “shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.” Where the DPD did not define or indicate when measures are “appropriate,” the GDPR suggested some minimum requirements.34 Regarding the export of personal data, the DPD provided that this may only take place if third countries ensure an adequate level of protection. Should data be exported to non-EEA countries, the European Commission could, for instance, be consulted to verify whether or not the importing country offers adequate protection. The GDPR regulates a regime that is formally comparable to the DPD when it concerns the export of personal data.35 According to the European Commission, the United States of America, which does not have a regime similar to the DPD—nor the GDPR—does not guarantee an adequate level of protection. However, in collaboration with the US Department of Commerce, the European Commission developed a “safe harbor” framework of principles and frequently asked questions.36 US companies and institutions complying with the safe harbor rules were considered

31

Art. 33 GDPR. See also Case, C-131/12, Google Spain/Maria Costeja Gonzalez ECLI:EU:C:2014:317; and Kulk and Zuiderveen Borgesius (2015), pp. 113–125. 33 Art. 23 GDPR. 34 See art. 30 GDPR, which, inter alia, lists as appropriate a) the pseudonymization and encryption of personal data; b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal data; c) the ability to restore the availability of and access to data in a timely manner in the event of a physical or technical incident; and d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. de Bruin (2016), p. 497. 35 See articles 40–43 GDPR. Export of personal data may only take place when the minimum level of protection stipulated in the GDPR is not undermined. Therefore, this is essentially stricter than the DPD regime, since the GDPR rules themselves are more stringent than those formulated in the DPD. 36 See 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbor privacy principles and related frequently asked questions issued by the US Department of Commerce, available at http://eurlex.europa.eu/LexUriServ/LexUriServ.do? uri¼CELEX:32000D0520:EN:HTML; de Bruin (2016), p. 498. 32

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

139

to guarantee an adequate level of protection according to the DPD and were therefore allowed to “import” personal data from the EU. However, on October 7, 2015, the safe harbor regime was declared invalid by the European Court of Justice (ECJ) in the Maximilan Schrems37 case. The ECJ ruled that the US does not offer an adequate level of protection for personal data, for it became clear, after the revelations by Edward Snowden, that US authorities such as the National Security Agency have easy access to personal data processed by US companies and institutions. The Court ruled that the powers of the European supervisory authorities are undermined by the US practices, which may not be enabled by a decision of the European Commission. This ruling implies that the export of personal data to the United States is no longer possible on the basis of the safe harbor framework. The safe harbor framework was replaced by the “EU-US Privacy Shield,”38 in order to bring transfers of personal data between the European Union and the United States in line with the Maximilan Schrems ruling, and also the “EU-US Data Protection Umbrella Agreement,”39 which was developed in order to provide safeguards for the transatlantic transport of personal data. In the case of AVs and tracing-technology-related data, such data collected and processed using tracing technology are personal data when these identify or can identify, even indirectly, a natural person. The location data (recording the whereabouts) of AVs do not directly identify a natural person.40 Should a vehicle also be equipped with cameras monitoring the behavior of people inside and around the car, natural persons can be directly identified from the images. These images even qualify as special category data since the race of the depicted persons will be visible. Data Protection Impact Assessments (DPIAs) may be required when, for example, “systematic monitoring of a publicly accessible area on a large scale” is to take place. Certain forms of tracing technology might indeed result in systematic monitoring on a large scale—when this technology is always switched on when operating an AV—of a publicly accessible area, namely in public roads.

37

Case C-362/14, Maximilian Schrems/Facebook [2015] ECLI:EU:C:2015:650. See the press release of the European Commission of 29 February 2016, “Restoring trust in transatlantic data flows through strong safeguards: European Commission presents EU-U.S. Privacy Shield”, http://europa.eu/rapid/press-release_IP-16-433_en.htm. 39 See the press release/fact sheet of the European Commission of 8 September 2015, “Questions and Answers on the EU-US data protection ‘Umbrella agreement’”, http://europa.eu/rapid/pressrelease_MEMO-15-5612_en.htm. 40 However, it can be construed on the basis of combined data that for instance location data of the AVs on working days between 8.00 and 8.30, plotting the route from A (a house address) to B (a certain office address), can identify the owner of a vehicle who happens to live at A and work at B. In that case, these location data are personal data.; On ‘location data’ as personal data see also the Working Party 29 Opinion on the use of location data with a view to providing value-added services, 2310/05/EN, November 2005, http://ec.europa.eu/justice/data-protection/article-29/ documentation/opinion-recommendation/files/2005/wp115_en.pdf. 38

140

S. Landini and K. Noussia

Processing personal data, such as location data,41 is only allowed insofar as this is done on a legal basis, as long as the processing takes place for a specified lawful goal. It is at least questionable if the general processing of “all data available” generated through “tracing Technology” (TT) would be proportional to the goal of, for instance, accident prevention or analysis. A legal basis may, for example, stem from specific legislation regarding autonomous vehicle information, which to date is not in place in the EU.42 Creating a specific regulatory basis for processing all available data through tracing technology would, however, not be recommendable in terms of ensuring the privacy of those inside and especially around AVs. Without a basis in legislation, controllers, such as manufacturers, insurers, employers, or road supervisory authorities, would have to obtain permission from individuals (drivers but perhaps also passengers and people outside the vehicle) in order to comply with the requisite “fair and lawful” basis for processing. The processing of special category data is more strictly regulated: this may not take place in principle unless a legal exception allows this specific processing, which may be the case, inter alia, if data subjects have given their explicit consent. Personal data must be stored (either in black boxes or on Internet servers) under the condition that appropriate measures have been taken to protect them, among other things, from loss and alteration or from being hacked into. It is not clear at the moment which measures are deemed appropriate.43 TT could assist in preventing accidents and determining how accidents originated and therefore in establishing liability. TT could thus be beneficial to consumers seeking remuneration from manufacturers for the damage caused by defective products and to victims of road accidents in which AVs are involved. The imminent trade-off from the deployment of TT in favor of road safety and the allocation and apportioning of liability is the following: a decrease in autonomy for drivers, who will have virtually no other option than to choose AVs with tracing technology,44 and therefore in the information privacy of drivers, passengers, and other people in the vicinity of AVs. Massive amounts of personal data can be obtained, stored, and otherwise processed in conformity with the rules (even with the stricter forthcoming rules). These large sources of personal data can, however, be vulnerable to hacking and other unintended uses. This may also negatively impact the societal acceptance of AVs. Rules regarding the information privacy of EU citizens are strongly applied within the European Union and will become even more stringent in the near future. The privacy regime creates a framework in which intercommunal trade is facilitated 41

For instance, through recording and storing (in a black box) and/or through real-time communication with other vehicles (V2V) or infrastructure (V2I). 42 In Germany, car manufacturers (Verband der Automobilindustrie) developed “Data Protection Principles for Connected Vehicles,” which may eventually form input to a specific legal basis for the processing of vehicle data, https://www.vda.de/en/topics/innovation-and-technology/network/ Data-Protection-Principles-for-Connected-Vehicles.html. 43 de Bruin (2016), p. 499. 44 Acharya (2014); see also Glancy (2012), p. 1172; de Bruin (2016), p. 499.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

141

while at the same time consumers’ privacy rights are guaranteed when the data of EU citizens are exported to non-EU countries. Strongly safeguarded information privacy, as well as transparency regarding the processing of personal data, favors consumer protection and contributes to consumers’ trust and therefore acceptance of AV technology. The current and any forthcoming rules demanding for more tailored, i.e. privacyby-design, privacy-enhancing-technology, and privacy-by-default, principles may challenge manufacturers to develop and incorporate tracing technology in AVs that is aimed at preventing damage and contributing rightful allocation of liability when accidents happen while at the same time providing optimal protection of the information privacy of people inside and around AVs. One hurdle that might stand in the way of innovation for a well-balanced TT is formed by uncertainty resulting from the Max Schrems45 decision, for this poses a serious obstacle, for instance, to the storage of AV data in the United States. While the deployment of TT can form a significant source of data and information, increasingly strict rules on the protection of information privacy stand in the way of the availability of data and information in general. The availability of these data may, otherwise, provide valuable input, for instance, to assessing responsibility and liability, which could thus contribute to legal certainty regarding liability, which is beneficial to stimulating the development of AVs and to the protection of consumers at the same time. However, the privacy of the users of AVs should be the first goal and be closely safeguarded.46 Innovation and growth align the ambition of the EU as depicted in its digital agenda in relation to the development of robotics in general, of which AVs are an example. At the same time, the ethical acceptability, sustainability, and societal desirability of these innovations must be taken into account in a responsible way in order to foster a fertile ground for the societal acceptance of AV technology. It will be a complex challenge to find this balance and to provide answers to the question in which ways regulation could contribute to finding this equilibrium. Improving the conditions for innovation could, for example, have a negative impact on consumer protection, while consumers’ trust in new technology is vital for the acceptation thereof. The employment of certain forms of TT is a practical, albeit partial solution proposed by insurance companies and the developers of AVs to the identified challenges to liability in Europe and in favor of the safety of AVs on the roads. This technology will be used, firstly, to assist in avoiding damage-causing accidents and, secondly, in assessing the causation of accidents. TT will, however, challenge the right to the information privacy of citizens, who will eventually have no other option than to choose AVs equipped with tracing technology. The European regulator could seek to strike a fair balance between legal certainty concerning allocating and apportioning liability and road safety on the one hand and information privacy on the other. Regulatory measures should, among other things and notwithstanding

45 46

Case C-362/14, Maximilian Schrems/Facebook [2015] ECLI:EU:C:2015:650. de Bruin (2016), p. 499.

142

S. Landini and K. Noussia

the current and forthcoming rules on data protection, be aimed at minimizing the need for processing personal data, privacy by design, and privacy-enhancing technologies, such as anonymizing data, as much as possible. In order to minimize the need to process personal data for allocating and apportioning liability, it can be once more suggested that liability frameworks for motor vehicles need to be further harmonized. However, the question remains of how the regulatory frameworks should be optimized and how new, disruptive technologies will be introduced with a level of flexibility that is necessary for anticipating new innovations as well as the societal adoption thereof.47

3 Big Data, Privacy, and AVs/CAVs The emergence and widespread of the Internet of Things (IoT), i.e., the fact that many everyday objects, from fridges to self-driving cars, have or will have the ability to send and receive data via the Internet, imply that the number of devices connected to the Internet has already, for years, surpassed the number of people using the Internet.48 In reality, this has also meant that we have access to more data than ever before and have data about most things on the planet. This huge increase in the amount of data available means that we can use it to create a smarter world. In this smarter world, buildings will be able to sense and predict outside temperatures and adjust heating, or air conditioning, systems as a result. AVs are already a reality, although not widely circulating on public roads yet.49 For individuals, wearable devices collect data on how many steps they take, how well they have slept, how many calories they have consumed, and much more. In addition to this, smartwatches collect data on almost anything—an individual’s location, their speed, and their body functions. Once synced to a device, individuals will be able to use this data to analyze how they “performed” during the day and the impact certain activities have on their bodies. The potential for the “internet of things” is huge; however, privacy issues have also arisen as a result of the above, given that in relation to many functions in terms of IoT, including the use of AVs will incur big data selection and usage.50 Big data are different from other data because of four key elements: volume, velocity, variety, and, perhaps most importantly, value.51 The best use of “big data” can only occur if the data are presented and used in a way that works for a large group of people in the society (public, organization, etc.) Big data also need to be

47

de Bruin (2016), pp. 500–501. Mullan (2014), p. 170. 49 Mullan (2014), p. 170. 50 Mullan (2014), p. 170. 51 Mullan (2014), p. 170. 48

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

143

carefully managed in order to be effective, especially where they are being used to analyze private information, so as to not breach the privacy rights of the individuals concerned.52 AVs and CAVs collect or will collect data for the purpose of providing a user with a service. They can be thought of as a “hub” that connects with a data center in order to facilitate the collection and processing of data, including personal data, and provide Internet access to all the mobile devices used by the driver and passengers. Regardless of how they are defined, the AV/CAV industry is rapidly growing. Although new buyers recognize the enhanced service that CAVs provide, privacy will be a major concern for the users of AVs/CAVs. It is estimated that already prior to the full-automation AV era, an average of 37% of buyers would not consider owning a CAV due to fears about the vehicle being hacked.53 It has been reported that connected cars, in particular Google’s AVs, have been involved in five minor accidents in the Silicon Valley suburb. The cause of these accidents has been reported to be crashing into connected cars due to drivers being distracted by the features of self-driving cars. This is just one of the many challenges that manufacturers of connected cars have been presented with. A key challenge is the users’ concerns about their privacy. A connected car is likely to collect volumes of data that will enable manufacturers to form a profile of the user. For instance, based on the locations visited by a user, a manufacturer can develop a profile identifying where the individual shops, how often they shop, and at what time. Such information can then be used to target the user with appropriate marketing. This processing of personal data could potentially lead to an individual feeling that their connected car is “spying” on them. The question that is then presented to the manufacturers is how best to address this concern. Industry leaders are aware of these privacy concerns, and following the GDPR, some of the major global automakers have committed to addressing the issues now. In the US, the Alliance of Automobile Manufacturers (AMM) and Global Automakers (GA) jointly published a set of privacy and security standards, namely the “Consumer Privacy Protection Principles for Vehicle Technologies and Services,”54 with the aim of regulating how car manufacturers should process personal data collected via vehicles that they manufacture in order to protect the personal data collected. Some of the key highlights from the US privacy and security standards set by the automobile industry include the following: • The manufacturers will not disclose the customer’s geolocation data to the government unless the government produces a warrant or a court order. • The manufacturers will not market to their customers using identifiable personal data collected by the vehicle unless the customer explicitly agrees.

52

Mullan (2014), p. 170. Mahmood and Sayers (2015), p. 3. 54 Consumer Privacy Protection Principles for Vehicle Technologies and Services, www. pdpjournals.com/docs/88463. 53

144

S. Landini and K. Noussia

• The manufacturers will not share sensitive personal data collected by the vehicle with data brokers and other third parties unless the customer explicitly agrees. • The manufacturers will each have a dedicated web portal that will contain their privacy information for users to easily refer to.55 These privacy and security standards are publicly binding commitments that, in the USA, can be enforced under Section 5 of the Federal Trade Commission Act, which requires companies to fulfill their publicly stated policies and practices. As any equipment used in the EU will trigger the applicability of European data protection laws, the privacy and security standards do not only apply to US consumers. This presents an additional challenge for US manufacturers of connected cars, which, as well as abiding by US privacy standards, will also need to consider European data privacy laws when processing personal data generated from connected cars. As connected cars and AVs in the near future have shifted up in the agendas of the regulators on the issue of privacy, manufacturers will need to consider how they will ensure that they comply with privacy laws when designing connected cars or, in the future, AVs and CAVs. There are several privacy obligations that car manufacturers will need to comply with, and the main key requirements are as follows: first, the need for transparency and consent—users of connected cars and future users of AVs and CAVs will have rights under European data privacy legislation. In order to collect and process personal data, the car manufacturer doing so must show that the data are collected and processed fairly and that the data are necessary for the legitimate aim of that company. In effect, this means that a connected car/AV/ CAV user must freely give his/her informed consent before his/her personal data can be used. The car manufacturer must ensure that it clearly tells the user, in a language that is understandable and not legalistic, i.e. in plain and intelligible language, what information is being collected, who it will be provided to, and what it is used for. In order to ensure that a user’s personal data are not being collected and processed unfairly, transparency is paramount. The purpose for which the data are collected must be made clear to the user, and their consent must be obtained before personal information is collected via the connected car. Such consent must be freely given, specific, and informed. Further, the car manufacturer must ensure that the user is fully aware of the purposes for which the data are collected change substantially from the original purpose. If the purpose of the collection does change, the manufacturer must obtain additional consent from the user in relation to that new purpose. In terms of how to define the purposes for which the personal data will be processed, this should be done by the manufacturer in a privacy notice or a fair processing notice.56 Manufacturers should ensure that such notices follow the following protocol, i.e., that the privacy notice includes information on how the car manufacturer will collect the personal data from the connected

55 56

Mahmood and Sayers (2015), p. 4. Mahmood and Sayers (2015), p. 4.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

145

car/AV/CAV, that all purposes for which the manufacturer intends to use the personal data collected via the connected car/AV/CAV should be listed, that information should be provided regarding with whom the manufacturer will share a user’s personal data and for what purposes, and that the privacy notice should set out the rights that the user will have in relation to the personal data generated from the use of the connected car/AV/CAV. The second requirement is the need to strike a balance between connected cars /AVs /CAVs and cybersecurity: European data protection legislation, such as the GDPR, requires that appropriate technical and organizational measures be taken against any unauthorized or unlawful processing of personal data and any accidental loss or destruction of, or damage to, personal data. Car manufacturers exploring the area of connected cars/AVs/CAVs have entered into a process to address cybersecurity for cars. Car manufacturers and users perceive the hacking of cars as a real and very serious threat. Therefore, many manufacturers are taking measures to prevent and mitigate this threat. Hence, car manufacturers will do the following to ensure that personal data collected via a connected car/AV/CAV are adequately protected: i) they will review and regularly update their information technology (IT) infrastructure (including data centers, the security of the connected car/AV/CAV and the device that the car connects to, and the connection between the two) in order to ensure that the systems are tested for any vulnerabilities; ii) they will implement appropriate security measures to protect the personal data from vulnerabilities—such measures might include ensuring that the data collected via the connected car/AV/CAV are encrypted; and c) they will implement a comprehensive data security compliance framework—this would include putting in place an information security policy, ensuring the training of all personnel who are processing the personal data collected from the connected car/AV/CAV, and ensuring the presence of a robust cybersecurity/data breach management policy to deal with situations where personal data are compromised.57

3.1

Lessons from IP Law Applied to Personal Data and Privacy

IP law offers manifold insights into the current debate on the optimal regulatory environment for markets in personal data. IP rights and personal data are comparable not only with respect to their theoretical foundations but also in light of recent empirical studies from the US and the EU about user attitudes and valuations of the respective rights. The interlinked system of property, liability, and inalienability rules in existing IP laws offers a blueprint for the contested regulation of markets in personal data. In January 2017, the European Commission published a Communication entitled “Building a European Data Economy.” In it, the Commission proposes a principle of 57

Mahmood and Sayers (2015), p. 5.

146

S. Landini and K. Noussia

free movement of data in the EU to advance the fundamental freedoms enshrined in the EU treaties. The Commission showed its intention to subject personal data to the current “notice and consent” regime epitomized by the GDPR. Generally, the Commission aims for a comprehensive framework for data access, trade, and ownership that leads to a “fair sharing” of benefits between data holders, processors and “application providers”. In the US, in March 2017, the Republican-led US House of Representatives voted to repeal privacy protection for personal data processed by Internet providers, removing consent requirements and effectively handing over user data to cable companies and wireless providers. These conflicting proposals show that the construction of an effective regulatory environment for data markets is an urgent, complex, and highly controversial task.58 Against this background, there are lessons that can be learned from the regulation of IP for the legal construction of markets on personal data. Data processed in the digital economy can be personal or nonpersonal, depending on whether or not they relate “to an identified or identifiable natural person.” Already, the rise of IoT has led to a significant surge in the generation and collection of personal data “with an unprecedented degree of specificity and intimacy.” This increases even more the already massive amounts of personal data circulating in the digital ecosystem at the moment, allowing for precise profiles tracking individuals over an entire lifetime. It is this type of data, i.e. personal data, that triggers the most concern among the public, arguably precisely because of its intimate relation to questions of individual personhood and identity. Access to personal data can be socially beneficial and is a prerequisite for much of the innovation that drives the digital economy.59 The focus on personal data allows us to draw analogies from an IP perspective, i.e., investigate the common roots of IP and data protection law in personhood and dignity, not only with respect to the theoretical foundations of both fields but also by asking how such a conception is borne out in recent empirical studies about the valuation of moral rights in IP markets and of privacy in data markets. This is even more needed as the initial entitlement to personal data is allocated to the data subject generating the data in the EU, but not in all instances in the US. Despite these differences, users on both sides of the Atlantic voice concerns about lack of control. The plural roots of IP rights and personal data suggest novel arguments in the rich debate surrounding the construction of a regulatory environment for markets in personal data. Importantly, the article thereby also reorients the current debate about data ownership toward the, arguably more important, inquiry into the appropriate types of rules that should protect entitlement to personal data; as is well known, and as IP law shows, a property right, for example, can be protected by a property or a liability rule, with highly differential consequences for control and compensation.60

58

Hacker (2018), pp. 45–46. Hacker (2018), pp. 48–49. 60 Hacker (2018), pp. 48–49. 59

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

147

Copyright law, particularly in Europe, is based, following Kant, on an idea of natural rights inherent in a person qua her personhood. At first glance, personal data (such as geolocation data, etc.) seem very different from IP rights in this respect. While copyright, for example, attaches to an original creation of the author, personal data are most often generated with a diminished degree of consciousness or intentionality. A vast amount is created as a mere side effect of other activities, often unbeknown to those whose data are collected. Nevertheless, recent empirical studies have shown that the combination and analysis of seemingly mundane and innocuous data points via, for example, machine learning algorithms, reveal intricate personality profiles that function more reliably, in some instances, than personality ascriptions by close friends. Not only is the reconstruction of the personality of data subjects increasingly possible as an empirical matter; on a more theoretical note, privacy, at least in the European context, also follows from a Kantian and Hegelian understanding of personality as free self-realization.61 In the US, by contrast, IP law is founded, to a large extent, on the idea of economic incentives and aggregate utility maximization, being largely devoid of a grounding in personality or dignity. US data protection law, by extension, is similarly dismissive of the recognition of privacy as a component of a fundamental right allowing from a user’s personality or dignity. On a theoretical level, the transatlantic divide is therefore quite palpable. However, recent empirical analyses challenge this account by shedding light on a shared understanding of both IP law and privacy among the holders of the respective rights on both sides of the Atlantic.62 In some legal systems, privacy is equally rooted in personhood and dignity. This holds particularly true for the EU, where it is protected by Article 8(1) of the Charter of Fundamental Rights of the European Union and by Article 16(1) of the Treaty on the Functioning of the European Union (TFEU). However, while an economic conception of personal data prevails in the US, some US commentators also stress the connections between privacy, dignity, and freedom in a liberal democracy.63 Although empirical estimations have found that consumers assign only little value to concealing their browser history, contact list, or location, this does not mean that, as a matter of revealed preferences, people thereby disclaim a foundational component of personhood and identity in personal data, as many people experience psychological discomfort when personal information is exposed without their full consent; consumers are sometimes willing to pay a premium to protect privacy, particularly when privacy is salient; and when people do not seem to value privacy, there are strong reasons to suspect that revealed preferences only inadequately capture true preferences. In addition, users often only have incomplete information about the consequences of the use of personal data, while there is a patent lack of salience of privacy aspects in everyday interactions. Additionally, behavioral biases, such as

61

Hacker (2018), pp. 48–49. Hacker (2018), pp. 48–49. 63 See, e.g., Schwartz (1999), p. 1611; Reidenberg (1995), pp. 497–498; Hacker (2018), pp. 48–49. 62

148

S. Landini and K. Noussia

present bias, affect the valuation of personal data. Finally, significant uncertainty persists as to the future value of personal information as it is difficult to foresee, particularly for users inattentive about the consequences of sharing personal data, what the future value of those data will be, given potential technological developments of data analysis and commercial use.64 When an AV analyzes the voice commands of the driver, a question arises: Who should be entitled to use the data in the first place? As IoT has already propelled the amount of personal data collected to new heights, the question of to whom these data “belong” becomes ever more pressing. In the US, while Congress is weighing its options, the personal data environment of IoT remains largely unregulated.65 Similarly, it is doubtful whether the European data protection framework stands the test of IoT.66 Two questions need to be answered for any regime protecting an entitlement:67 a) Should a property rule, a liability rule, or even some type of inalienability be adopted? b) To whom does the entitlement belong in the first place? IP law has answered both questions in a distinct way. IP rights grant explicit property rights. Clearly, the type of protective rule (property, liability, or inalienability), in combination with the choice of the initial allocation of the entitlement, determines to what extent users may exert control over personal data and how far they are compensated. In the realm of the protection of personal data, we can distinguish two distinct subcategories of property rules. On the one hand, explicit property rights, akin to IP rights, could be created so that individuals have ownership over personal data as they have over the car they own. This would require the introduction of a novel property right: currently, in the US, information cannot be owned by any person; similarly, in the EU, only physical objects can be owned as property, not immaterial goods, and the ownership of a physical object does not necessarily entail ownership of the data produced by that object. On the other hand, personal data can be protected by a mere contractual regime that does not explicitly grant a property right but rather legally recognizes specific interests in personal data and subjects them to voluntary transactions between individuals, with a system of default or mandatory legal rules shaping the transactions. Contracts are currently routinely employed in the industry to collect and

64

There are strong reasons to believe that, empirically, privacy is in fact valued by most users: not only do stated preferences testify to this, but also context-dependent studies on revealed preferences; the widespread sharing of personal information, by contrast, seems to be motivated by a lack of understanding and salience, as well as by behavioral biases. Therefore, it does not convincingly speak against the link between personal data and personhood in the perception of users. All this strengthens the claim that both IP law and privacy share a root not only in their commodity dimension but also in personhood, for they are both economically instrumental and an end in itself; Hacker (2018), pp. 50–52. 65 Pike (2016), p. 13. 66 Helberger (2016), p. 135; Hacker (2017); Hacker (2018), p. 52. 67 Calabresi and Melamed (1972), pp. 1089–1092; Hacker (2018), p. 54.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

149

process data. It follows from the above that we have to distinguish between, and evaluate, four different regimes: the property rights regime modeled directly on intellectual property (IP), the contractual regime modeled on general consumer contract law (both embodying a property rule), a liability rule modeled on tort law under which personal data can be used at will by third parties in exchange for appropriate compensation to the holder of the entitlement, and inalienability, which removes personal data (partially) from the market. The key questions therefore are as follows: What type of regime is necessary from a perspective that takes questions of identity and personhood seriously? What lessons can be drawn from IP law?68 Arguably, the closest link between users and their data would be established by a regime of inalienability. However, despite its roots in personhood, it would be excessive to make personal data fully inalienable: invariably, users demand more control over the use of their data. Furthermore, the expected disruption of the digital economy, from which users also derive numerous benefits, clearly speaks against a regime of full inalienability. We may, therefore, borrow from copyright law the idea of partial inalienability, which is implied by the strong connection between personal data and personal identity. Partial inalienability may supplement a property rule to bolster the protection of specific, personal interests. However, as a general concept, inalienability fails to strike an adequate balance between control, access, and the general utility of personal data. If privacy is grounded in personhood and dignity, it seems at first glance as if some property rule must, at least as a general rule, protect personal data: consent ought to be required to use it, just as works protected by moral rights cannot be published or altered without the consent of the creator. This seems to rule out a liability regime under which third parties may make use of the entitlement against adequate compensation. The European data protection framework is indeed based on consent (GDPR Article 6(1)(a) (7)–(8)). However, evidence is mounting that while EU data subjects are formally in control, they are unable or unwilling to adequately redeem their data sovereignty. Consent can only be informed if there is a sufficiently high salience of the object of consent. While IP rights are of high importance to most authors, the transfer of personal data is most often only ancillary to a primary objective (e.g., obtaining access to a digital service). Since most users, even under a property rule, sign away their control rights anyway, a liability regime would at least aim to ensure that they get a fair deal for the use of personal data by third parties. However, there are two reasons that speak decisively against a liability rule. First, it would fully give up on control by data subjects. While it is true that the exertion of control seems almost impossible in IoT, it is equally a fact that 74% of Europeans prefer consent to be necessary for the processing of personal data, and US adults also long for greater control. Even if control is factually illusory for most data subjects, there is at least a significant minority that does sufficiently care for privacy questions to exert control over their data, for example, by paying privacy premiums or by using antitracking and

68

Hacker (2018), p. 54.

150

S. Landini and K. Noussia

encryption technology. Since fundamental rights are always also, and even primarily, minority rights, the fact that the vast majority does not make use of the control option should not be decisive. A liability rule would sever the link between personal data and personhood; by granting access to any third party, it would disproportionately burden those that take this link seriously. Therefore, the noneconomic perspective clearly suggests a property instead of a liability rule. A property rule could use either explicit property rights or contractual transactions of specific, nonproprietary interests in personal data. From the 1990s on, and more often again recently, a number of economists and lawyers have forcefully advocated explicit, individual property rights in personal data whereby markets for personal data would track most closely markets for IP rights; it would present a novelty both in US and EU data protection. However, there are two arguments speaking against this regime; they follow from the subtle differences between personal data and IP markets that lie beneath the structural analogies identified in the second part of the article. Firstly, the amount of personal data generated poses serious problems for the operationalizing of property rights markets. In IP law, some types of rights need to be registered (e.g., patents), while others are created automatically alongside the object they attach to (e.g., copyrights). Either approach could be chosen for property rights in personal data. If property rights simply arise from the generation of personal data, it is unclear how far this would improve on the current system and make rights pertaining to these data more transparent for right holders. Rather, the sheer amount of personal data created in each instance by each individual would give rise to an ever-multiplying amount of property rights whose management would likely overwhelm the owner. Secondly, the economic reasons for creating explicit IP rights do not apply to personal data either: IP rights are granted, inter alia, to incentivize the creation of informational public goods that would otherwise be underproduced. However, personal data are already produced and traded on a massive scale, so that the incentivizing rationale fails. Given the operational difficulties just mentioned, it is also highly doubtful that explicit property rights in personal data would operate. Therefore, granting an explicit property right is not necessary for making personal data marketable; furthermore, it does not match the economic rationale for introducing a property right in the first place.69 This speaks for a contractual rather than a property rights approach. First, at least in principle, a contractual approach is highly flexible in that contracts can be adapted to the many different uses and interests connected with personal data. Hence, while an explicit property right establishes one uniform type of property, a contractual regime implicitly creates a variety of different ways of using personal data or of excluding third parties from their use. Second, contractual solutions lack an erga omnes effect, of course; however, the limits to rational trade in personal data suggest that the main decision for consumers is whether or not to grant access to their data in the first place (i.e., whether or not to contract over it at all)—and not whether they can sue an actor down the digital value chain that makes inappropriate use of their

69

Towse (2006), p. 567; Hacker (2018), p. 57.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

151

data (which is arguably easier under a property right regime). Finally, a contractual regime built on specific interests also mitigates the information problem of registering, or otherwise keeping track of, explicit property rights.70

3.2

In Favor of a Contractual Regime for the IP Evolution and for the Achievement of “No Longer Personal” Data

In the current complexity of the social reality and in the incessant technological evolution on many sides, it is underlined how top-down regulations risk giving life to a schizophrenic regulation that will have to change constantly to keep up with the times, creating a situation of uncertainty. The solution is therefore rather to be found in the creation of best practices and self-regulation through private autonomy.71 Such considerations in favor of the contractual regime are reinforced by some further considerations regarding the evolution of the concept of personal data in the system of big data corrections. As it is well known, the term big data indicates a complex of huge data size that can be used to form new knowledge through relationships between data knowable. Big data have a heuristic value since they represent the starting point for identifying correlations that can be relevant for future developments.72 There are various techniques used: 1. “Data mining” is the process of analyzing data from different perspectives and summarizing them into useful information. It is the process of finding correlations or patterns among dozens of fields in large relational databases.73 2. “Data fusion” is the process of integrating multiple data and knowledge. The expectation is that fused data are more informative than the original inputs. 3. Clustering procedure is used to organize a set of data into clusters so data contained in the same cluster are more similar in respect to objects in different clusters. 4. Regression analysis is used to estimate the strength and direction of the relationship between variables that are linearly related to each other. There is no single definition of big data. Sometimes the adjective “Big” refers to the amount of data; other times it is reported to their extent and granularity analysis. In general, they are characterized by a large volume: this means that the amount of data cannot be handled with traditional methods such as spreadsheets or databases. Another feature is the large velocity relating to the rapid transfer of information.

70

Hacker (2018), pp. 45–67. Bauman (2000). 72 Towse (2006), p. 567; Hacker (2018), p. 57. 73 Cabena et al. (1997), Dulli et al. (2009), Hall and McMullen (2004), Mitchell (2007) and Das (2008). 71

152

S. Landini and K. Noussia

Eventually, there is the aspect of a variety of data. Big data come from different and have different formats funds. Big data may be used for purposes of fraud detection and fraud prevention of particular interest to companies not only in the field of motor insurance claims. Through big data technologies, companies are able to improve their fraud detection and pattern identification capability. An efficient methodology is to apply a Bayesian model in fraud recognition combined with big data analysis techniques. This approach includes data discovery through all the available internal and external structured and unstructured data sources, integrated with the computational capabilities of a big data infrastructure in order to support the claims during all phases of the investigation. We can indicate the following phases: 1. network analysis that will identify any historical relationship between the actors in a specific claim in the past that could suggest a propensity to commit fraud. 2. a cauterization of the actors and related behaviors based on a self-learning statistical model; it permits a better representation of relations and attitudes to plausible fraud existence. This system of elaboration of big data has an impact on the concept of personal data since each data can be considered not only as a single datum but also in relation to others and through such correlations; a datum that does not refer to an identified person can refer to such an identified person. Furthermore, the protection system of personal data based on the typical legal instrument of the so-called informed consent becomes no longer effective if it is considered that through this system of correlations, each data is interconnected with other data referring to other people. Every data is able to reflect information relating to different people, even among people who do not even know each other. Whose consent is needed? From these considerations, it turns out that the classical models of protection are not able to offer adequate protection. The only solution is the acceptance of the risk inherent in becoming part of a community by relying on the risk management guarantees that the system created by the community is able to provide. It is also necessary to consider the intersections between the IP regime and the protection of the person in the concept of digital identity. The construction of digital profiles identifying entities in social environments leads to reflections on the personal dimension of the phenomenon, both with regard to freedom in the creation of digital identity, taking into particular account possible frictions with the rights of the personality of others, and with regard to the protection of digital identity created considered in the dynamics of relations between personality rights and intellectual property Digital identity becomes the key to access the digital community. In becoming part of a digital community, it is necessary to set up an account that identifies us within social media. A digital identity is thus created based on the data that the platform manager asks of us as a minimum condition to be part of the established social media (usually the name and surname and an e-mail address are sufficient) and

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

153

the additional data we are allowed to insert (photo, profession, domicile, date of birth, etc.). Digital identity has the function of allowing the identification of the subject within the community and the reporting of acts and activities. Moreover, it is the only profile that allows identifying the subject within the digital community; it is the “mask” with which we present ourselves. The profile that we are going to build with information and images, even of fantasy, becomes a distinctive sign of a natural person, a legal person, or an abstract entity. It will be possible to create digital identities of institutions, of abstract entities (ideas, films, works of art, etc.). The digital identity creation activity represents at the same time an associative phenomenon (without the digital account, it is not possible to be part of the digital community, even though through the creation of the identity of abstract entities it is possible to bring together individuals around an idea, etc.) and a moment of personal development in terms of both the right to associate and creativity in the construction of a personal fantasy identity in whole and/or in part. Even in the field of vehicle circulation, we have and will increasingly have the creation of social environments and digital identities. Let’s think about the current car-sharing platforms. Soon it will be possible for car sharing to be implemented through fully automated vehicles that carry out transport services within the membership community.

4 Comparative Legal Analysis—The Legal Regime and Developments in Germany and Italy In different European countries, the development of technologies applied to road traffic has had different uses and a different level of attention on the part of legislators. In this part, we will consider the approach followed in Germany and Italy, which have their own peculiarities.

4.1

The Legal Regime and Development in Germany

Germany has adopted a law that sets out the legal framework for self-driving cars (AVs) and allows automated driving on German roads. The law doesn’t cover autonomous driving systems on public roadways, which would be complete self-driving systems where no driver is required and all persons on board are passengers. It only allows driverless parking systems on separated private grounds outside the public roadways operating at low speed. For driving on public roadways, it provides the rules for highly and fully automated driving systems that can drive the vehicle after being activated by the driver and can be manually overridden and deactivated by the driver at any time.

154

S. Landini and K. Noussia

There are data protection concerns that have been raised. The recorded data must be kept for 6 months, and in case of an accident for 3 years. If the data are not deleted after the required period, fines for noncompliance with the General Data Protection may apply (up to 4% of the group’s worldwide turnover). The law has been criticized for leaving open questions that will be subject to specification and clarification by ministerial order on data protection and technical issues. These concern who is responsible for recording and deleting the data, the details on the technical design and the location of the data storage device, the methods of recording the data, and the measures required to protect the recorded data against unauthorized access in the event the vehicle is sold. Therefore, car manufacturers should ensure that their technical systems are sufficiently flexible to adapt to further amendments and specifications in the law. Examples might be keeping the logbook function flexible by enabling remote deactivation, ensuring the deletion date of data can be changed, and enabling the selection of different types of collected data. The law came into force on June 21, 2017, and is scheduled to be reevaluated in 2019 to ensure the technical developments are well covered.74 Germany has also implemented new ethics rules for autonomous cars that address ethical questions relating to the technology. A Commission in the German Transport Ministry has recommended ethics rules for self-driving cars that could provide a model for China and other nations.75 In addition, the country’s Ethics Commission of the Federal Ministry of Transport and Digital Infrastructure released guidelines for AVs. The Commission was composed by 14 scientists and legal experts, and the ministry said it would implement and enforce them. One of the report’s recommendations was that human life should always have priority over property or animal life.76 Another ethics rule stipulated that a surveillance system should record activity in order to determine the cause of any accident. This is similar to the so-called black box used in aircraft.77 Scientists and legal experts see a value in mandating a “black box” to record behavior and determine accident causation. Personal privacy was also a priority during the advent of AVs. Drivers should be able to decide what personal information is collected from a vehicle. This way, they would be able to prevent such data from being further used to customize advertising.78

74

Freshfields (2017), https://www.freshfields.com/de/our-thinking/campaigns/digital/internet-ofthings/connected-cars/automated-driving-law-passed-in-germany/. 75 Freshfields (2017). 76 van der Schaft (2018) https://www.roboticsbusinessreview.com/unmanned/germany-createsethics-rules-autonomous-vehicles/. 77 van der Schaft (2018). 78 van der Schaft (2018).

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

4.2

155

The Legal Regime and Development in Italy

In Italy, on February 28, 2018, the Minister of Transport and Infrastructure (MTI) issued a decree that permits the road testing of automatic-guided vehicles. The Decree of February 28, 2018, was implemented taking into account Regulation (EC) n. 377/2014 of the Parliament and of the European Council of 3 April 2014, establishing the program Copernicus and repealing Regulation (EU) n. 911/ 2010, and having regard to Directive n. 2010/40/EU of the European Parliament and of the Council of 7 July 2010, on the general framework for dissemination intelligent transport systems in the transport sector and interfaces with other modes of transport. The Act of the Italian Minister of Transport reports interventions, times, and types of roads involved. The Decree identifies functional standards to create more connected and safer roads that, thanks to new technologies introduced in road infrastructures, can dialogue with users onboard vehicles to provide real-time information on traffic, accidents, and weather conditions, as well as tourist news that characterize the different routes. They will cover newly constructed or governmental motorway or governmental sections. In particular, in the first phase, by 2025, action will be taken on the Italian infrastructures belonging to the European network Trans European Network – Transport (TEN-T) and on the entire motorway and state network. Progressively, the services will be extended to the entire network of the national integrated transport system, as identified by the annex to DEF Decree 17.4.2017 “Connecting Italy.” By 2030, we expect that further services will be activated: diversion of flows; intervention on average speeds to avoid congestion; suggestion of trajectories; dynamic management of access; parking and refueling, including of electric vehicles; and installation of devices for the structural monitoring of the static nature of roadwork. The transformation in smart road has been identified after a comparison with the sector and taking into account what has already been achieved by some motorway concessionaires and by ANAS, which is the company that manages the Italian roads. At the same time, the Decree draws the path toward the experimentation of innovative driver assistance systems on new connected infrastructures. The Ministry of Infrastructure and Transport can authorize, on request and after a specific investigation, the testing of automatically guided vehicles on certain stretches of roads, according to specific procedures and controls during the experimentation, with the aim of ensuring that it takes place under conditions of absolute security. University institutes, public and private research institutes, and vehicle manufacturers equipped with automatic driving technologies may apply for authorization. Finally, a Smart Road Observatory will be set up at the MIT to monitor the implementation of the provision.

156

S. Landini and K. Noussia

With regard to liability in the case of an accident, Article 1 letter j of the Decree states that “the occupant of the vehicle, which must be always able to take control of the vehicle regardless of the degree of automation of the same, in any moment the need arises, acting on the vehicle controls with absolute precedence over automated systems and which, therefore, is the person responsible for the circulation of the vehicle. If it is effectively guided, in manual mode, it assumes the role of driver.” On February 22, 2018, the Italian privacy authority issued a provision implementing Regulation 679/2016 (GDPR), providing information on the following points: (a) The methods through which the authority monitors the application of the Regulation (b) The procedures for verifying the presence of adequate infrastructures for the interoperability of the formats with which data are made available to the interested parties, in particular, for the purpose of exercising the right referred to in Article 20 of the Regulation (c) The information provided by the holders of personal data that carry out a treatment based on the legitimate interest that involves the use of new technologies or automated tools (d) Good practices regarding the processing of personal data based on the legitimate interest of the owner In Italy, the use of technology in motor insurance has been an important instrument for combatting fraud. It is a matter of fact that motor insurance is a compensation mechanism that has a relevant impact on the free movement of persons and vehicles. Therefore, it should have reasonable costs.79 We can put at the top of the list of the reasons of high cost of motor insurance: the increase in the propensity to claim, the increase in the amounts awarded with specific regards to physical damages not objectively assessable (like in case of whiplash claims) and to not pecuniary losses. Not pecuniary losses are not assessable in money on the basis of any standard financial yardstick. We can consider, for example, pain and suffering as a result of physical injury, or even the death of a person. Another reason for the increased cost of insurance could be fraud. Typical motor insurance frauds are the so-called crash for cash (for example, a person crashes with innocent motorists to make fraudulent insurance claims) and the case of exaggerated claims (for example, a real accident may occur, but the dishonest victim may take the opportunity to ask compensation also for a whole range of previous minor damages of the vehicle). Small damages are difficult to ascertain, and it is easy to simulate pain to get compensation.

See “Indemnification procedures in Motor Insurance, social function of coverages and costs’ control”, in http://www.aida.org.uk/workpart_motorins.asp.

79

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

157

According to Italian law, the compensation for biological damage due to minor injuries resulting from the road use of motor vehicles and ships is made according to predetermined criteria and measures (Article 139 Insurance Code – dlgs 209/2005). Italian law provides limits for personal damage nonobjectively assessable (Articles 139, 2 Insurance Code – dlgs 209/2005 as modified by Article 32 Decreto Legge 24 gennaio 2012, n. 1, converted into law by Act Legge 24 marzo 2012, n. 27). According to this rule, no personal injury compensation can be claimed for any mild injury in the absence of a forensic examination that, depending on the type of injury, makes specific observations on the claimant’s injury (either visual or via diagnostic instruments). The Italian Constitutional Court80 said that the constitutionality of the biological damage tabular compensation mechanism introduced by the contested Article 139 must therefore be conducted not considering that the right to be compensated is an absolute and intangible value, but verifying the reasonableness of its balance with other values. The Court considers that in the legal system in force the insurance companies, by law, contribute to the guarantee fund for the victims of the street, even pursuing charitable purposes. So the interest to compensation of road victims must still contend with the general and social interest of the insured people to have an acceptable and sustainable level of insurance premiums. The rules in question reconcile these conflicting interests. In fact, the introduced quantification standards of damage mechanism—relating only to specific and limited field of slight injuries— leaves, however, space the judge to personalize the amount of compensation. Although the Court of Justice of the European Union requested the Italian Tribunal of Tivoli to give a preliminary ruling, in its judgment of January 23, 2014, in Case C-371/12, E. and C. Petillo against Unipol insurance, has ruled out the incompatibility proposed Article 139 of Italian Insurance Code with European directives. On September 21, 2007, Mr Enrico Petillo suffered physical injuries as a result of a road accident. Mr Petillo brought an action against Unipol, the insurer of the wrongdoer, seeking an order directing Unipol to pay compensation for material and nonmaterial damages. In Italy, as said, the amount of compensation to be paid for the nonmaterial damage suffered by the victims of road traffic accidents is calculated according to a specific scheme that lays down restrictions in comparison with the assessment criteria applied to damages arising from other types of accidents. The Tivoli General Court (Rome, Italy) asks the EU Court of Justice if the directives on the approximation of compulsory insurance against civil liability preclude national

80

C.Cost. 16.10.2014, n. 235 http://www.cortecostituzionale.it/actionSchedaPronuncia.do? anno¼2014&numero¼235. According to the Court of Cassation 08.28.2015, n. 17209, moral damage, meaning pain and suffering, must also be compensated outside of the schemes, and even in case of minor injuries. The schemes would not be all-encompassing. https://www. personaedanno.it/index.php?option¼com_content&view¼article&id¼48291&catid¼78& Itemid¼323&mese¼08&anno¼2015 with the note of Prof. Patrizia Ziviz, “Danno morale e micropermanenti. Le tabelle non sono onnicompresive”.

158

S. Landini and K. Noussia

legislation, which, in the context of a particular scheme, limits the compensation payable for the nonmaterial damage resulting from minor physical injuries caused by road traffic accidents in comparison with the compensation allowed for identical damage arising from causes other than road traffic accidents. The Court finds that the motor insurance directives do not require that the Member States adopt a particular scheme for determining the extent of the right to compensation.81 Then the Court notes that the Private Insurance Code determines the extent of the victim’s right to compensation on the basis of the insured person’s civil liability and does not limit the insurance cover against civil liability as provided in the Italian Civil Code. This decision is important considering that we’re waiting for national tables also in case of macroinjuries according to Article 138 of the Italian Insurance Code. At the moment, certain uniformity in the case of macroinjuries has been achieved, thanks to the table drawn by the Court of Milan and generally accepted by other Italian courts. In Italy, insurers try to encourage the installation of the black box to prevent fraud. The share of motor insurance with a black box, according to IVASS (Italian Authority for insurance market) Regulation, rose from 10.7% of total new contracts signed in October 2013 to 13.8% in June 2015. One issue concerns the evidential value of the black box results. Insurers would like to use the results produced by the black box not just to prove in front of the Court the dynamics of claims but also in a criminal proceeding to prosecute any insurance fraud committed by the insured person. The risks of alteration of digital evidence should be considered a constraint to the use of the tracks in a criminal court where it will be important to ensure the integrity, authenticity, and fidelity of the data collected, verbalizing the entire chain of custody, as well as experience the perfect device capabilities necessary for the case. In civil courts, the most interesting rulings have qualified the results of the black box devices as “mechanical reproductions” according to Article 2712 of the Civil Code. Article 2712 says that the photographic reproductions, computer or film, phonographic recordings and, in general, any other mechanical representation of facts and things make full proof of the facts and things represented, though the one against whom they are produced It does not contest the representations of facts and things. One solution is perhaps found by the Italian legislator in Act n. 124 of 4 August 2017. The Act introduces a new article in the Insurance Code—Article 145-bis (Probative value of so-called “black boxes” and other electronic devices), which states: “When one of the vehicles involved in an accident is equipped with an 81

Council Directive 72/166/EEC of 24 April 1972 on the approximation of the laws of the Member States relating to insurance against civil liability in respect of the use of motor vehicles, and to the enforcement of the obligation to insure against such liability (OJ, English Special Edition 1972 (II), p. 360) and Second Council Directive 84/5/EEC of 30 December 1983 on the approximation of the laws of the Member States relating to insurance against civil liability in respect of the use of motor vehicles (OJ 1984 L 8, p. 17), as amended by Directive 2005/14/EC of the European Parliament and of the Council of 11 May 2005 (OJ 2005 L 149, p. 14).

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

159

electronic device that has the technical and functional characteristics established in accordance with Article 132-ter, paragraph 1, letters b ) and c), and without prejudice, as comparable, the electronic devices already in use at the date of entry into force of those provisions, the device results from full evidence in civil judicial proceedings, the facts to which they refer, unless the party, against which have been produced, demonstrate the failure of the said device.” Accordingly, through Article 135 of the Italian Insurance Code, a database is established in IVASS (Italian Regulatory Authority for Insurance) in order to enhance the effectiveness of preventing and combating fraudulent practices in the field of compulsory insurance for motor vehicles registered in Italy. There are three databases named: claims, witnesses, and damages. Companies are required to disclose data concerning the claims of their policyholders in the manner prescribed by the regulation adopted by IVASS. Data on insurance companies operating in the territory of the Italian Republic under the freedom to provide services or by way of establishment are required by IVASS to the respective supervisory authorities of the Member States concerned. The organization and operating procedures, the terms and conditions of access to the databases by public authorities, the judicial authorities, the police, insurance companies and third parties as well as the consultation obligations of databases by insurance companies in the process of settlement of claims are established by IVASS regulation in accordance with the Ministry of Economic Development and the Interior Ministry, and, for the profiles protection of confidentiality, the Authority for the protection of personal data. On June 1, 2016, IVASS issued Regulation n. 23 on the use of such database. The Ivass databases collect data of claims relating to motor vehicles registered in Italy, as well as data of witnesses and damaged refer to the same claims, in order to facilitate the prevention and combating of fraudulent practices in the insurance sector compulsory for motor vehicles. The databases are organized so that IVASS can perform data and statistical analyses, research, and studies.

5 Cybersecurity and Data Protection Automatized cars today, and fully automated AVs in the not-so-distant future, operate by collecting and processing numerous data, which may be traced back to a specific individual. Several legal challenges, especially for the manufacturers of such vehicles, or the providers of connected services, arise from this situation. The data collected by autonomous vehicles (location data, sensor data, etc.) are regularly deemed as “personal data” according to the EU GDPR since these are information about the personal or factual circumstances of a determinable person, such as the owner, driver, or passenger of such vehicles. Most data collected by modern cars are attributed to the vehicle identification number (VIN). Although such data may not relate to a person but only to the car, at the same time they can be quite easily attributed to the owner and/or driver of the car. Car data attributed to the VIN or the license plate is considered personal data. With AVs, it is very likely that

160

S. Landini and K. Noussia

the vehicle will be online constantly and also generate data referred to the vehicle’s IP address, which will also be considered personal data. In detail, in order to assess whether personal data are collected and who the responsible controller is, one has to distinguish between “online” and “offline” vehicles. In the case of cars with no Internet connection, the data saved “inside” the vehicle will be collected by the person or organization who reads it out, usually the car garage, which then is considered to be the controller, i.e., the responsible entity. Today, vehicles are “learning machines,” which, in order to predict the behavior of traffic participants, must be able to “think” like human beings. This is done by collecting sensor data, which are stored and analyzed in order to recognize patterns of behavior from other traffic participants. An example of this would be AVs, which must have the ability to recognize the movements and glances of playing children to determine if they are about to run onto the road. For this, the enormous amounts of data accumulated cannot be stored locally. On the other hand, a kind of “artificial swarm intelligence” can be created by networking the vehicles among themselves and with the manufacturer, in the course of which vehicles participate in the “learning progress.” “Data collection” is then carried out at the time of transmission, and those persons or companies that receive these data would be considered the responsible controllers. These could either be the vehicle manufacturers or service providers such as network operators, portal operators, or app providers. It remains to consider to what extent classical car manufacturers will offer the underlying IT services or if they will solely serve as hardware producers, while other companies build and operate the underlying IT system allowing for the “intelligence” to be installed into the vehicle. In each case, EU data protection laws require full transparency; that is, they must be able to define which actor is responsible for what and who has control over which data. As a general principle, each company processing personal data as a controller needs a legal basis to do so. For selling and offering services related to AVs, this basis may include, in terms of a contract, a premise that a company may process their customers’ data if this is required to fulfill the contract or process data with the explicit prior consent of the affected individual, probably the driver or owner of the vehicle. In terms of legitimate interest, this basis may include a premise that a company may also invoke their legitimate interests; i.e., it has to demonstrate that the processing is necessary for the purposes of the legitimate interests pursued by the company, except in cases in which those interests are overridden by the interests or fundamental rights and freedoms of the data subject. None of the above grounds apply in all cases. On the contrary, the legal situations of AVs are complex, with many different players involved, each having different purposes for the data collected. Given this complexity, setting up the data protection framework for services on AVs requires a diligent legal review of the specific type of collection, storing, and processing of data that is in use. The data processed for the transportation service itself usually fits under the permission included in travel contract. But it is necessary to analyze the contractual relationships between the owner of the car, the manufacturer, the service/platform

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

161

provider on the one hand and the respective driver or passenger on the other. It is of particular importance the case of shared vehicle services or the offer of driving services. Permission for data processing may also be provided through consent. The GDPR states several requirements for such consent. First, it must be freely given and “informed,” which means that a person concerned must always exactly know what he is agreeing to. Consent is presumed not to be freely given if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance. After all, the withdrawal of a given consent must be possible at any time.82 Car manufacturers and/or dealers could meet these requirements by informing the buyer of the exact data collection and processing procedures used on their cars. The required transparency and the possibility of withdrawal of consent could be implemented, for example, by making the current connection status of the vehicle known to the driver or passenger by means of standardized symbols in the cockpit that would allow him to activate or deactivate the connection at any time. Therefore, it is recommended to draw as much data processing as possible for contract purposes. Finally, a company could most likely invoke legitimate interests as a legal ground in the case of service improvements or preemptive maintenance. However, it should consider technical measures like anonymization and pseudonymization.83 Concerning the matter of data protection, laws in various countries impose an obligation to put some kind of black box on automatized vehicles. Manufacturers will have to implement a device that records whether the vehicle was controlled by its driver or by an automated driving function.84 Furthermore, the laws state the legal grounds on which such collected data have to be submitted to the authorities or third parties (for example, injured parties that want to enforce indemnity claims).85

6 The Effect on Insurance 6.1

Future Automobile Insurance and Additional Lines of Insurance Products

With regard to the relevance of retention in policies, claim discounts will no longer be significant and may even no longer exist for AVs in a few decades from now. Currently, individual owners obtain insurance cover. There may be a trend toward

82

Henkel et al. (2017), http://www.nortonrosefulbright.com/knowledge/publications/154716/ autonomous-vehicles-the-legal-landscape-of-dsrc-in-germany. 83 Henkel et al. (2017). 84 Henkel et al. (2017). 85 Henkel et al. (2017).

162

S. Landini and K. Noussia

the insurance of car fleets, for example, due to car sharing, and in particular the insurance of many motor vehicles produced by one manufacturer under one or a few policies. Additional lines of insurance products for the manufacturer might appear. As the market for personal automobile insurance decreases, opportunities arise for insurers focusing on other customers and types of policies. Insurers interested in insuring AVs should consider focusing on products targeted at manufacturers and insuring new technologies. A shift of responsibility for accidents from drivers to manufacturers and service providers would likely result in additional lines of insurance related to the manufacturers of motor vehicles. Instead of considering the costs of increased responsibility in the purchase price of AVs, manufacturers might tend to seek insurance coverage for car fleets in order to mitigate their liability for accidents. With regard to product liability policies in the context of autonomous driving, product liability insurance may cover the liability of car fleets of AVs of a certain manufacturer or service provider. With regard to product recall policies in the context of autonomous driving, as technology for autonomous vehicles is new and expensive, product recall policies are of increased importance. They might be even more relevant due to the shift of responsibility for accidents from drivers to manufacturers. With regard to business interruption policies in the context of autonomous driving, as manufacturers and service providers might also be responsible for business interruption damages, business interruption policies might be of increased interest.

6.2

Transport Policies

AVs might also be used to transport goods. Thus, transport policies might also be of increased interest. It might be possible that hackers can change the destination of AVs transporting goods in order to perpetrate theft. In that regard, a combination with a cyber-policy may be useful.

6.3

Cyber Policies, Data-Related Insurance, Data Protection, and Data Security

In general, AVs will increase automobile safety significantly. In addition, smart access to AVs will eliminate the risk that a car key will be stolen or lost. However, there is a new risk due to cyber risks. Manufacturers would need to ensure that there is proper prevention of cyberattacks on their products. Cybersecurity insurance is another nontraditional insurance product that is likely to grow as a result of AVs. Cyber insurance coverage becomes of increased importance and is a growing market

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

163

due to the increased risk of cyberattacks and the increased digitalization, interconnection, and relevance of smart products, such as smart homes or connected homes. In general, there is concern that hackers might intentionally cause accidents or perpetrate theft of autonomous vehicles and, potentially, of goods transported.

6.4

AVs and Data

Future legal regulations will likely require that AVs record data. An indication of that is the current draft legislation for highly and fully automated motor vehicles, which includes a requirement to record whether the automation was used when the technology has asked the driver to take control. Recording would also be of increased relevance with regard to technical failures. Technology permits the sending of automatic messages to the manufacturer, which is liable for controlling its products. It may be considered that automatic messages of insured events and possibly data about the defect are also sent to the insurer. Additional facts could be provided shortly thereafter by the policyholder, e.g., to which policy the automated insurer notification related. Other issues are who owns the collected data of the AV and whether and to what the extent the insurer can use such data in the event of an insured event.

6.5

New Players as New Policyholders

AVs and connected driving also introduce new players into the automobile industry, in particular service providers that will seek out insurance in connection with mobility, including for consequences of technical failures and cyber risks. Motor vehicles not only have safety electronics, but vehicles will also communicate constantly, e.g., with digital mapping providers, through mobile communication, and by means of entertainment features. AVs will also communicate with other vehicles. Many data are collected and used. Thus, there is an increased relevance for nontraditional suppliers and service providers, such as technology companies, software developers, or start-ups in the sensor, mapping, or similar industry.86

86

For example, HERE mapping business, a motor vehicle navigation supplier, was sold by Nokia to a consortium of car manufacturers including BMW, Audi, and Daimler in 2015. Microsoft has extended its partnership with HERE at the end of 2016 and also entered into a new partnership with TomTom. Most recently Intel has agreed to purchase a 15 percent ownership stake in HERE. For the testing part of the A9 Autobahn, it is intended that 5g Internet will be available and the telecommunications providers will also test their infrastructure, which is in particular relevant for connected driving. In addition, via the 5g Internet, the autonomous vehicle may even communicate with a smart home and open the garage door for the autonomous vehicle; Henkel et al. (2017).

164

S. Landini and K. Noussia

AVs may also communicate via dedicated short-range communication (DSRC), which is a set of protocols and standards for dedicated vehicle-to-vehicle and roadside communications using wireless technology. Examples are communication with other vehicles and traffic lights, warnings from other vehicles or roadside transmitters, and platooning (organizing vehicles into closely spaced formations with synchronized controls). In case of ambiguous DSRC messages and misunderstanding with regard to DSRC messages, the liability system for manufacturers set out above would apply likewise to the senders of DSRC messages. The protocols and the recordings of the DSRC messages received by autonomous vehicles would be relevant evidence. Cybersecurity is also a particular concern when it comes to DSRC. DSRC needs very low latency, and it even allows messages to be connected without the basic handshaking protocols to verify the other party. Thus, there is a high risk of hacking in the case of DSRC. AVs will create opportunities for existing players to create new products, obtain additional policyholders, gain new expertise, and serve their customers in new ways. Cybersecurity and the collection and use of data will also be of increased importance.87

7 Predictivity Versus Liability Even if, as has been stated before, the use of automated machines can cause damage, they represent an important risk reduction tool.88 A regulatory intervention that introduces the strict liability of users and/or owners of automated machines, where strict liability means a responsibility that gives relevance neither to the guilt nor to the causal link between wrongdoing and losses, risks nonincentivizing the use of automation. This consideration is valid not only with respect to road accidents. Many industrial environments exist where direct material handling would also subject human resources to danger or abnormal stress. Automated work, which also increases quality and productivity, can also be a solution to hazard prevention in work environments. Most of the literature and European institutions dealing with compensation for damages caused in the event of automation have raised the question of the possible responsibility or coresponsibility of producers and/or programmers.89 Hence, efforts are focused on the reform of the directive on manufacturer liability and cybersecurity. Scholars have been also concerned about a review of the concept of guilt of the

87

Henkel et al. (2017). Eastwood et al. (2013), pp. 1–6. 89 See e.g. Hubbard (2015), p. 1803; Chopra and White (2011); Gless and Seelmann (2016). In particular, these authors have rightly placed the attention on the concept of defect in view of what may be the “defects” in the case of artificial intelligence and of a reasonable duty of safety and care. 88

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

165

owner and/or user of the automated product, for example, by raising the level of diligence required.90 In seeking a solution, perhaps we need to focus our attention on the importance of compensation and prevention, which usually find an answer in civil liability. In the event of damage concerning an automated machine, prevention will be more easily guaranteed by the collection of additional data relating to cases wherein default of the machine has been determined—in order to improve the state of knowledge and reduce the possibility of future damage.91 Under these terms, we can say that predictivity is more important than liability and sanctions. In order to prevent damages caused by automated vehicles, the deterrent function of civil liability is not enough. It is more important to give the right information to the artificial intelligence system to be able to make predictions in advance and avoid damages. The term predictivity is proper for statistical sciences and indicates the characteristic of understanding known elements that can make it possible to predict future developments. We also talk about predictive analysis (predictive analytics) to indicate the use of methods that allow us to predict future events based on known elements, for example, to plan: production, cash flows, or stocks. Predictive data analysis includes statistical techniques that, by extracting information from data, are able to make predictions about trends and behavior patterns, establishing relationships between independent variables and dependent variables involving past events and using these relationships to make predictions. It therefore appears that the objectives of compensation and prevention are better achieved by a system that allows for the proper compensation of damages, the acquisition of data relating to the claims, the processing of data to provide new knowledge, and the management of risks of default in the future. The person that is

Vladeck (2014), p. 130: “it is useful to pause to consider whether the standard of care to be applied to driver-less cars will be different than the standard applied to cars driven by humans. There is every reason to think that the answer will be ‘yes,’ and that fact may bear on the analysis that follows”. With regard to the industry, the author considers the role played by the industry with regard to consumer expectations. “Manufacturers, through advertising and other communications with consumers, play a key role in shaping consumer expectations. Unless the manufacturer makes inflated and unjustified representations about its product’s performance, consumers are likely to expect that their products will perform in a way that is consistent with prevailing standards as articulated by the products’ manufacturers, even if better and safer products are achievable at a nominal cost” (p. 137). 91 Bostrom (2003), pp. 759, 763. Artificial intelligence theorists use the term “singularity” or “technical singularity” to describe the moment in time, purely hypothetical at this point, when machines exceed human intelligence. He noted that it is not essential that the machine has the capacity to actually choose to break a “rule”; it is enough that the machine’s programming does not necessarily determine how the machine will act in all situations, leaving the machine to “learn” how to make decisions when confronted with a situation not within the contemplation of the machine’s programmers. See e.g., Bostrom and Cirkovic (2008); Kurzweil (2005), pp. 135–136; Moravec (1999), p. 61. Ray Kurzweil predicts that “singularity” is now within reach, and will be achieved within fifteen years. See Rossington (2014), http://www.mirror.co.uk/news/technology-science/ technology/ray-kurzweil-robots-smarterhumans-3178027. 90

166

S. Landini and K. Noussia

most likely to perform these functions is an insurance company, which could, at the time of the settlement of claims, acquire data and process them. These activities have already been carrying out by insurers for some time creating knowledge in risk management. This does not mean completely overcoming the hypotheses of civil responsibility and creating a completely no-fault system.92 We believe that civil responsibility can still play a useful role in the artificial intelligence system, provided that, as noted by the doctrine, the concepts on which cases of civil responsibility are based are innovated: for example, negligence, defect in production, the duty not to harm, etc. In order to allow the victim to be promptly compensated, the intervention of the insurers who cover the damages caused by the machine, working in full automation, on the basis of an obligatory insurance for the owners remains an important option to consider, which does not exclude civil liability. The important thing is that the insurer, by law or contract, has the right to be subrogated to the victim’s compensation rights against the person responsible, if that person is different from the owner/insured. The doctrine of subrogation provides that if an insurer pays a loss to its insured due to the wrongful act of another, the insurer is subrogated to the rights of the insured and may prosecute a suit against the wrongdoer for the recovery of its outlay. The right to subrogation is typically based upon the terms of the insurance policy or the right of equitable subrogation, i.e., by operation of law. So in case of damage caused by a machine working in full automation, the insurer of the owner of the machine will pay the loss, and it will be subrogated to the rights of the insured and may prosecute a suit against the wrongdoer, which could be the producer, programmer, etc., for the recovery of its outlay. The concept of subrogation of an insurer to the rights of its insured was designed to place ultimate responsibility for loss upon the wrongdoer, i.e., on whom in good conscience it should fall, and to reimburse the innocent party that is compelled to pay. We must say that as a general rule, an insurer does not have a right of subrogation or indemnification against its own insured. If the insurer had the right 92

On strict liability see Vladeck (2014), p. 146.“My proposal is to construct a system of strict liability, completely uncoupled from notions of fault for this select group of cases. A strict liability regime cannot be based here on the argument that the vehicles are “ultra-hazardous” or “unreasonably risky” for the simple reason that driverless vehicles are likely to be far less hazardous or risky than the products they replace. Indeed, it is precisely because these machines are so technologically advanced that we expect them not to fail. For these reasons, a true strict liability regime will be needed; one that does not resort to a risk-utility test or the re-institution of a negligence standard for the simple fact that those tests will be difficult, if not impossible, for the injured party to overcome”. The Author says also “Lest there be any doubt, my argument is not based on notions of a “no-fault” liability system, that is, a system that substitutes mandatory insurance and eliminates access to the judicial system. My proposal is a strict liability regime implemented by the courts. Although the idea of “no fault” systems took hold in the 1970s and 1980s and was expected to drive down insurance costs by limiting the transaction costs related to litigation, it is by now apparent that those systems have not worked as envisioned. It is likely, however, that the introduction of driverless cars will shift liability from the “driver” to the manufacturer, and that shift may trigger a resurgence of interest in “no fault” insurance regimes” (fn 91). See, e.g., Anderson et al. (2010), p. xiii available at http://www.rand.org/pubs/monographs/MG860.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

167

of subrogation against its own insured for claims arising from the very risk for which the insured was covered, the insurance contract would lose its proper function. However, in the case of property insurance, where an insured is guilty of fraud or deceit and where an insurer has paid a claim to an innocent coinsured, the insurer may, as subrogee and contrary to the general rules of law, seek to recover from the tortfeasor-insured an amount equivalent to that paid by the innocent coinsured.93 In this way, it is possible to compensate the victim and keep the cost of the accident on the wrongdoer, in case there is a wrongdoer that is not the automated machine.

8 Critical Analysis What should a reasonable solution regarding the growing flood of data in modern vehicles try to achieve? It should be the balance between economic innovational potential on one hand and appropriate consideration of the protection of fundamental rights—especially the right of informational self-determination—on the other hand. The law has already made initial attempts by considering the possibility of anonymization and pseudonymization, and it is particularly important to take into account procedures established in accordance with the current state of the art. The principle “Privacy by Design” could serve as a superior approach over specific legal approaches. According to this principle, data protection should already be considered in the initial stages of the development of new technology in order to emphasize its importance. “Privacy by Design” is closely linked to the concept of “Privacy by Default,” where a high level of privacy settings is implemented in new technological services. Subsequently, the user shall be able to decide for themselves about additional data transfers. The inclusion of both approaches in broad discussions would provide potential for good problem-solving. The automotive industry has ultimately arrived in the digital age and is currently at crossroads. How can one use the economic opportunities of big data without taking too many risks regarding data protection? It is clear that data protection, in order to justify its significance, must undergo a fair amount of discussion.94 In addition, the GDPR contains some safeguards for the data collected and used for big data applications. Hence, the GDPR retains the purpose limitation principle as one of its basic elements. Consequently, data controllers will, in the future, have to specify the purpose of the collection, which must be clearly and specifically 93 See Mitchell and Watterson (2007), paragraph 10. The book is on subrogation in general. Law and practice provide a clear and accessible account of subrogation, explaining when claimants are entitled to the remedy, how they should formulate their claims, and what practical difficulties they might encounter when attempting to enforce their subrogation rights. Although subrogation is a remedy that is frequently claimed in Chancery and commercial practice, the reasons why it is awarded and the way it works can often be misunderstood. 94 Schoenefeld (2018), p. 60.

168

S. Landini and K. Noussia

identified. At the same time, data subjects will be able to give their consent to certain areas of scientific research if ethical standards are complied with. The further processing of personal data under the GDPR will also need to be compatible with the original purpose for which the data were collected. The requirements regarding the permissibility of a change of purpose have not been loosened. Change of purpose needs to either be covered by the privileging rule under Article 5 (1) (b) GDPR or pass the compatibility test, which is now explicitly incorporated into the legal text of the Regulation, namely Article 6 (4) GDPR. The further processing of personal data for scientific or statistical purposes shall be deemed in compliance with the purpose limitation principle, subject to appropriate safeguards. The latter, which should exclude or considerably reduce the risk for data subjects, remain, as was the case under the DPD, a matter to be implemented by Member States. A further limitation in such cases is that the processing at issue, including in big data scenarios, should not aim to gain information about particular individuals and/or make decisions affecting them. If it is otherwise, the full ambit of the principle of purpose limitation will again apply, and the data controller will need to ask for the data subject’s consent. The legal situation under the new GDPR remains somewhat similar to the DPD with regard to the principle that personal data should not be kept in a form that permits the identification of data subjects any longer than required by the purpose of the collection or reuse.95 Again, however, personal data may be stored for longer periods insofar as they will be used solely for privileged purposes. The data subject’s interests remain protected by the need for the data controller to satisfy the provisions of Article 6 (4), as well as those of Article 5 (1) (b) GDPR in conjunction with Article 89 (1) GDPR. The legal situation of data controllers wishing to process personal data in big data applications will remain a core issue, particularly in terms of how to specify the purpose of the collection and the further use of the personal data prior to, or at least no later than, the time of collection. Data controllers wanting to further use personal data for big data analysis in order to gain information about particular individuals and/or make decisions affecting them do indeed face larger obstacles to further process the personal data in compliance with the purpose limitation principle. Privacy, which data protection regulations, including the purpose limitation principle, seek to realize, may not only be seen as a hindering factor for economy and science. Involved stakeholders should work together in addressing the challenges and highlight privacy as a core value and necessity when it comes to big data. Technology should be used as a support tool to achieve this aim.96 Undoubtedly, the transformation toward autonomous driving is already well underway, thanks to several features of automated driving. Over the next few years, a car as we know it will transform from a simple mode of transport to a personalized mobile information hub, fully connected to the outside world. One of

95 96

Article 5 (1) (e) DPD. Forgo et al. (2017), pp. 39–40.

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

169

the biggest changes brought about by autonomous driving will be the shift from car ownership to a share/rental model. Cars will be able to be booked in advance from a provider or be available on demand via smartphone (or wearable) apps. In this context, it will be important to ensure that only the approved driver has access to the AV and that the looming risk of data being mistakenly shared between users will be mitigated, if not eliminated.97 The AV sharing schemes of tomorrow will use collected data about users to enhance their experience. These data awaken the interests of many further parties, such as insurance companies or providers of commercial products and services. Securing and protecting these personal data will be vital to maintaining consumer trust, and any security risks must be guarded against in order to prevent access by hackers and other potential threats. To do this, firstly, the quality and integrity of data have to be ensured. So mechanisms need to be integrated that can detect bad data, remove them from the communication circuit, or destroy them entirely. Automotive solutions will encrypt, authenticate, and secure data at a chip level. Using a set of security keys, the car can determine if the data really originated from a specific, trustworthy vehicle. The same principle applies to other devices and services that the vehicle may interact with. Maintaining a secure connection will be essential to safeguarding the reputations of both the vendor and the car manufacturer. Service providers as well as consumers will not buy into a system unless they are confident it is secure and privacy preserving.98

9 Conclusions If motor vehicles are to be truly autonomous and able to operate responsibly on our roads, they will need to replicate, or do better than, the human decision-making process. However, some decisions are more than just a mechanical application of traffic laws and plotting a safe path. They seem to require a sense of ethics, and this is a notoriously difficult capability to reduce into algorithms for a computer to follow.99 The larger challenge, though, is not just about thinking through ethical dilemmas. It is also about setting accurate expectations with users and the general public, which might find themselves surprised in bad ways by autonomous cars, and expectations matter for market acceptance and adoption. Whatever answer to an ethical dilemma that industry might lean toward will not be satisfying to everyone. Ethics and expectations are challenges common to all automotive manufacturers and tier-one suppliers that want to play in this emerging field, not just particular companies.100

97

Pype et al. (2017), pp. 21–23. Pype et al. (2017). 99 Lin (2017), p. 69. 100 Lin (2017). 98

170

S. Landini and K. Noussia

Automated cars promise great benefits and unintended effects that are difficult to predict, and the technology is coming either way. Change is inescapable and not necessarily a bad thing in itself. But major disruptions and new harms should be anticipated and avoided where possible. That is the role of ethics in innovation policy: it can pave the way for a better future while enabling beneficial technologies. Without looking at ethics, we are driving with one eye closed.101

References Acharya A (2014) Are we ready for driver-less vehicles? Security vs. privacy - a social perspective. https://arxiv.org/abs/1412.5207 Acosta AJ (2018) Policy paper on autonomous vehicles a smart move? 24 essentials of a SWOT analysis policymakers need to consider. Berkman Klein Center for Internet and Society at Harvard University, https://cyber.harvard.edu/sites/default/files/2018-07/2018-07_AVs02_0. pdf Anderson KM et al (2010) The US experience with no fault automobile insurance: a retrospective, at xiii, available at http://www.rand.org/pubs/monographs/MG860 Anderson J, Kalra N, Stanley K, Sorensen P, Samaras C, Oluwatola T (eds) (2014) Autonomous vehicle technology: a guide for policymakers. Rand Corporation, Santa Monica, CA Barron JH (1979) Warren and Brandies, the right to privacy, 4 Harv. L. Rev. 193 (1890): demystifying a landmark citation. Suffolk Univ Law Rev 13(4):875–922 Bauman Z (2000) Liquid modernity. Polity Press Beiker SA (2012) Legal aspects of autonomous driving. Santa Clara Law Rev 52(4):1145–1156 Bonnefon J-F, Shariff A, Rahwan I (2016) Ethics: the social dilemma of autonomous vehicles. Science 352(6293):1573–1576 Bostrom N (2003) When machines outsmart humans. FUTURES 35:759, 763 N. Bostrom, M. Cirkovic (2008) Global catastrophic risks Business insider, The 3 biggest ways self-driving cars will improve our lives (June 2016), http:// www.businessinsider.com/advantages-of-driverless-cars-2016-6/#traffic-and-fuel-efficiencywill-greatly-improve-2 Cabena P, Hadjinian P, Stadler R, Verhees J, Zanasi A (1997) Discovering data mining from concept to implementation. Prentice Hall PTR Calabresi G, Melamed AD (1972) Property rules, liability rules, and inalienability: one view of the cathedral. Harv Law Rev 85:1089–1092 Chopra S, White LF (2011) A legal theory for autonomous artificial agents. Univ. of Michigan Press Consumer Privacy Protection Principles for Vehicle Technologies and Services, www.pdpjournals. com/docs/88463 Das S (2008) High-level data fusion. Artech House Publishers, Norwood de Bruin R (2016) Autonomous intelligent cars on the European intersection of liability and privacy. EJRR 7(3):485–501 Dulli S, Furini S, Peron E (2009) Data mining. Springer Verlag Eastwood R, Kelly TP, Alexander RD, Landre E (2013) Towards a safety case for runtime risk and uncertainty management in safety-critical systems. In: System safety conference incorporating the cyber security conference [2013] 8th IET International 1–6

101

Lin (2017).

Big Data, Privacy, and Protection of the User of Autonomous Vehicles:. . .

171

Finn RL, Wright D, Friedewald M (2013) Seven types of privacy. In: Gutwirth S, Leenes R, de Hert P, Poullet Y (eds) European data protection: coming of age. Springer, Dordrecht. https:// doi.org/10.1007/978-94-007-5170-5_1 Forgo N, Haenold S, Schuetze B (2017) The principle of purpose limitation and big data. In: Corales M, Fenwick M, Forgo N (eds) New technology, big data and the law, perspectives in law, business and innovation series. Springer, pp 17–42 Freshfields, Automated driving law passed in Germany, June 21, 2017, Automated Driving, https:// www.freshfields.com/de/our-thinking/campaigns/digital/internet-of-things/connected-cars/auto mated-driving-law-passed-in-germany/ Funkhouser K (2013) Paving the road ahead: autonomous vehicles, products liability, and the need for a new approach. Utah Law Rev 1:437–462 Garza AP (2012) Look Ma, No Hands: wrinkles and wrecks in the age of autonomous vehicles. N Engl Law Rev 46(3):581–616 Glancy D (2012) Privacy in autonomous vehicles. Santa Clara Law Rev 52:1171–1239 Gless S, Seelmann K (eds) (2016) _Intelligente Agenten und das Recht_ Nomos Gurney JK (2013) Note, Sue My Car Not Me: products liability and accidents involving autonomous vehicles. J Law Technol Policy 2:247–277 P. Hacker (2017) Autonomous vehicles meet the internet of things Hacker P (2018) Lessons from IP markets for data markets: on moral rights, property rules, and resale royalties. I.P.Q. 1:45–67 Hall D, McMullen S (2004) Mathematical techniques in multisensor data fusion, 2nd edn. Artech House, Inc., Norwood Helberger N (2016) Profiling and targeting consumers in the internet of things. In: Schultze R, Staudenmayer D (eds) Digital revolution: challenges for contract law in practice. Hart Publishing, p 135 Henkel F et al (2017) Autonomous vehicles: the legal landscape of DSRC in Germany. NortonRoseFulbright, July 2017, http://www.nortonrosefulbright.com/knowledge/publica tions/154716/autonomous-vehicles-the-legal-landscape-of-dsrc-in-germany Hubbard FP (2015) “Sophisticated robots”: balancing liability, regulation, and innovation. Florida Law Rev 66:1803 Jeffcott O, Inglis R (2017) Driverless cars: ethical and legal dilemmas. JPI Law 1:19–25 Kulk S, Zuiderveen Borgesius F (2015) Freedom of expression and ‘right to be forgotten’ cases in the Netherlands after Google Spain. Eur Data Prot Law Rev 1(2):113–125 Kurzweil R (2005) The singularity is near; when humans transcend biology, pp 135–36 Legal Voice, Is artificial intelligence the key to unlocking innovation in your law firm? (12 November 2015), http://www.legalweek.com/sites/legalweek/2015/11/12/is-artificial-intel ligence-the-key-to-unlocking-innovation-in-your-law-firm/?slreturn¼20160914110454 Lin P (2017) Why ethics matters for autonomous cars. In: Maurer M, Gerdes JC, Lenz B, Winner H (eds) Autonomous driving: technical, legal and social aspects. Springer Open, pp 69–82 Mahmood S, Sayers S (2015) Privacy and data protection. P. & D.P. 15(8):3–5 Mitchell HB (2007) Multi-sensor data fusion – an introduction. Springer-Verlag, Berlin Mitchell C, Watterson S (2007) Subrogation, 1st edn. Oxford University Press Moravec H (1999) Robot: mere machine to transcendent mind, 61 Motoring.com.au, Save the driver, says Benz (5 October 2016), http://www.motoring.com.au/killthe-rest-says-benz-104114/ Mullan J (2014) Re-emerging technologies: what’s hot and what’s not! L.I.M. 14(3):168–173 Pike GH (2016) Legal issues: congress explores the internet of things. Inf Today 33:13 Pype P, Daalderop G, Schulz-Kamm E, Walters E, von Grafenstein M (2017) Privacy and security in autonomous vehicles. In: Watzenig D, Horn M (eds) Automated driving. Springer, pp 17–27 Reidenberg J (1995) Setting standards for fair information practice in the U.S. private sector. Iowa Law Rev 80(3):497–552

172

S. Landini and K. Noussia

Rossington B (2014) Robots ‘smarter than humans within 15 years,’ Predicts Google’s Artificial Intelligence Chief, MIRROR NEWS (Feb. 2, 2014), http://www.mirror.co.uk/news/technologyscience/technology/ray-kurzweil-robots-smarterhumans-3178027 Schoenefeld M (2018) Big data and automotive, a legal approach: legal, social and technological insights. In: Hoeren T, Kolany-Raiser B (eds) Big data in context, Springer Open, Springer briefs in law, pp 55–60 Schwartz PM (1999) Privacy and democracy in cyberspace. Vanderbilt Law Rev 52:1609–1702 Shallow C, Iliev R, Medin D (2011) Trolley problems in context. Judgm Decis Mak 6(7):593–601 Smith BW (2014) Proximity-driven liability. Georgetown Law J 102(6):1777–1820 Solove D (2010) Understanding privacy. Harvard University Press, Cambridge Telegraph, Watch: Uber launches driverless car service (14.9.2016), https://www.telegraph.co.uk/ business/2016/09/14/watch-uber-launches-driverless-car-service/ Towse R (2006) Copyright and artists: a view from cultural economics. J Econ Surv 20:567 van der Schaft P (2018) Germany creates ethics rules for autonomous vehicles. https://www. roboticsbusinessreview.com/unmanned/germany-creates-ethics-rules-autonomous-vehicles/ Vladeck DC (2014) Machines without principals: liability rules and artificial intelligence. Wash Law Rev 89:117 Warren S, Brandeis L (1890) The right to privacy. Harv Law Rev 4

GDPR and the Processing of Health Data in Insurance Contracts: Opening a Can of Worms? Jeffrey Amankwah and Nele Stroobants

Abstract The processing of personal data in insurance contracts has been a very topical issue, especially since the entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018. This chapter focuses on one of the most pressing challenges faced by insurance companies in implementing the GDPR, namely the processing of health data. The GDPR only provides ten different legal bases that allow the processing of health data. Consequently, an insurance company can only process the health data of the policyholder, insured or others by invoking one of those ten legal grounds. A thorough analysis of the different legal grounds makes it clear that this issue remains rather turbid.

1 Introduction and Legal Framework 1.1

Introduction

Personal data are a very important asset to the insurance sector. It will come as no surprise that insurers collect and use vast amounts of personal data about customers or others. Some of that data might even be very sensitive in nature (as will be discussed below). After all, insurers need data for risk management, underwriting, claim management, fraud prevention and detection, and marketing purposes. Although insurance companies are already familiar with the processing of huge The authors have published various contributions concerning this topic and related aspects, see Amankwah (2018); Amankwah (2019); Amankwah (2021); Amankwah and Van Schoubroeck (2021); Stroobants (2019); Stroobants (2021); Stroobants and Van Schoubroeck (2021). The authors acknowledge support from the KU Leuven’s Research Council (project COMPACT C24/15/001). For more information about data protection in insurance see Amankwah (2018); Stroobants (2019); Viola de Azevedo Cunha (2010); Mezzetti (2016); and De Bot (2016). J. Amankwah · N. Stroobants (*) Institute of Insurance Law KU Leuven, Leuven, Belgium e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_7

173

174

J. Amankwah and N. Stroobants

amounts of data, it comes as no surprise that the General Data Protection Regulation (GDPR) provides numerous challenges for the insurance sector. Moreover, in recent years, insurers have been able to draw on increasingly sophisticated datasets and techniques for predicting risk through the emergence of new technologies. However, the benefits to be derived from big data analysis can be obtained only under the condition that the corresponding privacy expectations of users are appropriately met and their data protection rights are respected. Health data are considered a special category of personal data. Health data are, by nature, particularly sensitive as their processing could create significant risks to fundamental rights and freedoms. The GDPR provides that special categories of personal data, including health data, can only be processed under strict conditions. An insurance company can only process the health data of policyholders, insured persons or others by invoking one of the ten legal bases provided under the GDPR. As insurers need to process health data for certain types of insurance coverage, the insurance industry is in dire need of a solution to this problem. Therefore, this chapter will assess the legal options to process health data with respect to the insurance sector. In order to answer this main research question, a thorough study of the current legal framework and case law is essential. In addition, soft law, such as authoritative advice or opinions, will be taken into careful consideration. As the regulation builds on the previous directive, also the jurisprudence and legal doctrine interpreting the directive are taken into account in this analysis. Moreover, research on Member States implementing the GDPR in their legislation will be paramount to our quest for a general answer to our research question. Due to limited resources and language barriers, this comparative legal research is not extensive and is limited to the legislative texts concerning the implementation of the GDPR available at the time of publication. First, this chapter will analyze the scope and key concepts of the processing of personal data in an insurance context. Throughout the analysis, particular emphasis will be placed on the processing of health data. In a subsequent phase, this chapter will analyze the lawfulness of health data processing in an insurance context in light of the current legal framework. The scope of this chapter will be limited to the processing of health data in private health insurance. However, the processing of health data in public health insurance/social security systems will also be touched upon. Throughout this chapter, reference will be made to issues related to the adoption of new technologies and the processing of (sensitive) personal data. The results of this chapter are still kept under review, taking into consideration ongoing research and new developments at the legislative level and in case law.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

1.2

175

Legal Framework

One could argue that the GDPR1 is one of the most significant European legislative achievements of this decade. Its promulgation has massively raised public consciousness concerning the right to privacy and the protection of personal data. Moreover, its broad material and territorial scope of application2 has ensured the global cognizance of the protection of personal data. Be that as it may, the protection of personal data has been a fundamental right in the European Union (EU) for some time now. The origin of the development and expansion of the right to the protection of private life can be found in the European Convention on Human Rights3 (ECHR). Article 8 of the ECHR introduces the basic human right to respect for private and family life, home and communications. Nevertheless, Article 8 of the ECHR does not affirm personal data protection as a distinct fundamental right. Rather, personal data protection forms part of the rights protected under the right to respect for private life.4 Therefore, not every operation involving the processing of personal data could fall under the scope of Article 8 ECHR. In fact, to trigger Article 8 ECHR, it first has to be determined whether a private interest, or a person’s private life, could be compromised. In any case, the European Court of Human Rights (ECtHR) has given the notion of ‘private life’ a broad interpretation and ruled that the protection of personal data is an important aspect of the right to respect for private life. Article 8 requires justification for any interference with privacy based on a general prohibition of interference with the right to privacy. Article 8.2 ECHR stipulates that there shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. Still, the development of information technology in the 1970s and the increased use of computerbased record keeping by governments, banks and other institutions raised fears of

1

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, Pb.L 119, 4 May 2016. 2 The GDPR has a very wide territorial scope of application (Articles 2 and 3 GDPR). The GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU or not. It also applies to the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union. 3 Convention for the protection of Human Rights and Fundamental Freedoms, Rome, 4.XI.1950 as amended by Protocols Nos. 11 and 14, supplemented by Protocols Nos. 1, 4, 6, 7, 12 and 13. 4 European Union Agency for Fundamental Rights and Council of Europe (2018), pp. 18–21.

176

J. Amankwah and N. Stroobants

misuse of personal data, unfairness and lack of transparency.5 This development led to a growing need for more detailed rules safeguarding individuals by protecting their personal data.6 This, in turn, gave rise to the Council of Europe Convention 108 for the protection of individuals with regard to the processing of personal data.7 It marked the first legally binding international instrument in the field of data protection.8 Under Convention 108, the parties9 are required to take the necessary steps in their domestic legislation to apply the principles it lays down in order to ensure respect in their territory for the fundamental human rights of all individuals regarding the processing of personal data. Convention 108 has been amended on two occasions: first time on 15 June 1999 to allow the accession of the European Communities10 and the second time in 2001, when the requirement was introduced for parties to the Convention to set up supervisory authorities, exercising their functions in complete independence.11 Convention 108 had the greatest impact within the EU, as evidenced by the EU Member States taking the necessary steps to apply the principles laid down in the Convention in their national legislation. However, differences in the application of the Convention had a negative impact on the EU internal market, resulting in an increasing demand for the creation of a harmonized framework on data protection within the EU. Subsequently, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data12 (hereinafter ‘Data Protection Directive’) was adopted in 1995. The Data Protection Directive guarantees effective protection of the fundamental right to data protection.13

5

Strandburg (2014), p. 2. Viola de Azevedo Cunha (2013), pp. 3–4. 7 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Council of Europe, CETS No. 108, 1981; opened for signature in 1981. 8 Explanatory Report to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, European Treaty Series No. 108, Strasbourg, 28 Jan 1981. https://rm. coe.int/16800ca434. Accessed 25 Jan 2019. 9 For a list of all the Parties to Convention 108, consult https://www.coe.int/en/web/data-protection/ convention108/parties. 10 The amendments to the Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108), allowing the European Communities to accede, were adopted by the Committee of Ministers on 15 Jun 1999, in Strasbourg. https://www.coe.int/en/web/ data-protection/convention108/amendments. Accessed 25 Jan 2019. 11 Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows, Strasbourg, 8 Nov 2001. https://rm.coe.int/1680080626. Accessed 25 Jan 2019. 12 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Pb. L. 23 Nov 1995, no. 281, 31. 13 European Commission Working Paper Evaluation of the implementation of the Data Protection Directive, Annex 2 of the Impact Assessment to the Commission’s data protection reform package, (SEC(2012)72 final), 13. 6

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

177

Moreover, the EU Charter of Fundamental Rights14 (hereafter called ‘Charter’) acknowledges the protection of personal data as a fundamental right. The Charter became legally binding as primary EU law with the coming into force of the Lisbon Treaty on 1 December 2009. Article 8 of the Charter establishes the right to data protection, explicitly raising the level of this protection to that of a fundamental right in EU law. As personal data protection is a distinct and stand-alone fundamental right in the EU legal order, protected under Article 8 of the Charter, any processing of personal data by itself constitutes an interference with this right. It is immaterial whether the personal data in question relate to an individual’s private life, whether they are sensitive, or whether the data subjects have been inconvenienced in any way.15 The fundamental right to the protection of personal data under Article 8 of the Charter is not an absolute right and must be considered in relation to its function in society.16 As such, Article 52.1 Charter states that any limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others. How can we qualify the relationship between the Charter and the ECHR? Article 52.3 of the Charter states that in so far as this Charter contains rights which correspond to rights guaranteed by the Convention for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention. However, the ECHR and the Charter do use the same language. In any case, the conditions for lawful limitations set out in Article 52.1 Charter are reminiscent of Article 8.2 ECHR. Therefore, according to the European Data Protection Supervisor, the main reference when assessing the necessity of measures that limit the exercise of the rights guaranteed under Article 8 of the Charter is Article 52.1 and the case law of the Court of Justice of the European Union (CJEU). In addition, the criteria in Article 8.2 ECHR and specifically the condition for a limitation to be necessary in a democratic society, as interpreted in the case law of the ECtHR, should also be taken into account in the analysis.17 Once more, differences in the way each Member State implemented the Data Protection Directive led to inconsistencies, creating complexity,18 legal uncertainty and administrative costs. Consequently, in January 2012, the European Commission

14

EU Charter of Fundamental Rights OJ 2012/C 326/02. European Union Agency for Fundamental Rights and Council of Europe (2018), p. 43. 16 Consequently, the CJEU examines the right to data protection taking into account other rights guaranteed by the Charter. For more information, consult CJEU, C-92/09, C-93/09, 9 November 2010, Volker und Markus Schecke, CML Rev. 2011 2005; Pb C 15 January 2011, 6; Rec.CJCE 2010, I, 11063, concl. SHARPSTON, E.; SEW 2011, 32; SEW 2011, 141. 17 European Data Protection Supervisor (2017), p. 6. 18 Mezzetti (2016), pp. 228–230. 15

178

J. Amankwah and N. Stroobants

proposed a comprehensive reform19 of data protection rules in the EU to strengthen online privacy rights and boost Europe’s digital economy.20 As a result, the European Parliament adopted the GDPR. While the GDPR has entered into force on 24 May 2016, it applied as from 25 May 2018 (Article 99(2) GDPR). The GDPR lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data (Article 1.1 GDPR). Furthermore, the GDPR repeals the aforementioned Data Protection Directive, thus eliminating fragmentation due to the implementation of the Data Protection Directive.21 In this manner, the GDPR sets out to harmonize EU data protection law, enhance the rights for individuals, strengthen the obligations for companies and dramatically increase sanctions in case of non-compliance.22 Moreover, the GDPR introduces new concepts, such as the right to be forgotten (Article 17 GDPR) and the right to data portability (Article 20 GDPR). In addition, the objectives and key principles of the Data Protection Directive remain sound. In that light, it should be noted that the opinions issued by the Article 29 Data Protection Working Party (hereafter ‘Article 29 Working Party’)23 concerning the Data Protection Directive remain valid and applicable to the GDPR. As mentioned above, the introduction of the GDPR has had a significant impact on every business that processes personal data as a part of its operation. It goes without saying that the introduction of the GDPR has called into question the way the insurance sector deals with the processing of personal data.

19

The European Commission data protection reform package includes (1) the General Data Protection Regulation and (2) the General Data Protection Directive for the police and criminal justice sector. 20 For more information, consult European Commission, Fact Sheet, Questions and Answers—Data protection reform, 21 December 2015 (MEMO/15/6385) and the European Commission Communication, A comprehensive approach on personal data protection in the European Union, COM (2010) 609 final, 2–5. 21 Hornung (2012), pp. 66–69; Viola de Azevedo Cunha (2012), p. 269. 22 Van Canneyt and Goossens (2016), p. 1. 23 Article 29 Working Party was introduced in 1999 in the execution of Article 29 of the Data Protection Directive. Article 29 Working Party has an advisory role and, in particular, aims to contribute to the uniform application of the national rules adopted pursuant to the Data Protection Directive (Recital 65 Data Protection Directive). While the Article 29 Working Party, in its function, issues solely non-binding opinions, they are of great value to legal practitioners (such as judges, lawyers, etc.) and national supervisory authorities; see Poullet and Gutwirth (2008). It is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission. As of 25 May 2018, the Article 29 Working Party has ceased to exist and has been replaced by the European Data Protection Board (EDPB). The EDPB is an independent European body that contributes to the consistent application of data protection rules throughout the EU and promotes cooperation between the EU’s data protection authorities. For more information, consult https://edpb.europa.eu/about-edpb/aboutedpb_en. Accessed 18 May 2021. The Article 29 Working Party and the EDPB will be used interchangeably.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

179

2 Concepts and Definitions24 Before entering into more detail about the potential legal grounds for processing health data in insurance, it is necessary to explain some of the concepts mentioned in the GDPR and their application to insurance.

2.1

Personal Data

The GDPR aims to protect the processing of personal data. It applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data that form part of a filing system or are intended to form part of a filing system.25 ‘Processing’ is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.26 The term ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is defined as a person who can be identified, directly or indirectly, in particular or by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.27 The GDPR places specific attention on the so-called ‘special categories of personal data’, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.28 The processing of these ‘special categories of personal data’ shall be prohibited, unless one of the exemptions listed in Article 9.2 GDPR applies (see infra Sect. 3).

24 For more information about the GDPR, see Feiler et al. (2018), Lambert (2016), and Bensoussan et al. (2017). 25 Article 2. 1 GDPR. 26 Article 4. (2) GDPR. 27 Article 4. (1) GDPR. 28 Article 9.1 GDPR.

180

2.1.1

J. Amankwah and N. Stroobants

Health Data29

The GDPR defines ‘health data’ as personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.30 The Article 29 Working Party already recognized under the application of the Data Protection Directive, which did not include a definition of health data, that health data are the most complex category of personal data.31 For the sake of greater legal certainty, recital 35 GDPR clarifies: personal data concerning health should include all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject. This includes information about the natural person collected in the course of the registration for, or the provision of health care services as referred to in Directive 2011/24/EU of the European Parliament and of the Council to that natural person: a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes; information derived from the testing or examination of a body part or bodily substance, including from genetic data and biological samples; and any information on, for example, a disease, disability, disease risk, medical history, clinical treatment or the physiological or biomedical stat of the data subject independent of its source, for example from a physician or other health professional, a hospital, a medical device or an in vitro diagnostic test. The word ‘includes’ seems to suggest that the list in this recital is not exhaustive.32 While preparing its Green Paper on Mobile Health (or ‘mHealth’),33 the European Commission in 2014 asked the Article 29 Working Party to clarify the scope of ‘data concerning health’ of the former Article 8.1 Data Protection Directive with regard to lifestyle and well-being apps. In its response, the Article 29 Working Party distinguishes three categories of health data:34,35 – Data that are inherently/clearly medical data – Data that are raw sensor data that can be used in itself or in combination with other data to draw a conclusion about the actual health status or health risk of a person

29

For more information about the protection of data concerning health in Europe see Mulder (2019). Article 4. (15) GDPR. 31 Article 29 Working Party (2011a), p. 10. 32 Mulder (2019), p. 216. 33 See European Commission (2014). 34 Letter from the Chairwoman on behalf of the Article 29 Working Party (2015), p. 5. 35 The Working Party did not use the term ‘data concerning health’ from the GDPR but chose to use the term ‘health data’ instead, which leads to thinking that the Working Party considers ‘data concerning health’ and ‘medical data’ to be the same; see Mulder (2019), p. 217. 30

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

181

– Conclusions that are drawn about a person’s health status or health risk (irrespective of whether these conclusions are accurate or inaccurate, legitimate or illegitimate, or otherwise adequate or inadequate). The first category of health data considered by the Article 29 Working Party is data that clearly/inherently can be considered medical data. This category includes medical data, i.e., data about the physical or mental health status of a person that are generated in a professional, medical context. It includes all data related to contacts with individuals and their diagnosis and/or treatment by (professional) providers of health services and any related information on diseases, disabilities, medical history and clinical treatment. Moreover, information such as the fact that someone has broken his/her leg,36 the fact that a person is wearing glasses or contact lenses, data about a person’s intellectual and emotional capacity, information about smoking and drinking habits, data on allergies, membership of a patient support group, etc. are also considered to be health data. This category also includes data generated by devices or apps that are used in this context, such as apps measuring blood pressure or heart rate or a glucose metering app. The first category of health data includes not only the current health status but also the disease risk. The term ‘disease risk’ refers to data concerning the potential future health status of a data subject, like a person’s obesity, high or low blood pressure, genetic predisposition, etc.37 Due to technological developments, a grey area of personal data has emerged. By means of so-called health apps and wearables, a lot of raw sensor data are being processed, for example steps, consumed calories, sleeping habits, etc. According to the Article 29 Working Party, not all raw data that can be collected by the use of an app or a wearable qualify as personal data. For example, in the case of an app that only counts the number of steps without combining those data with other data from the same data subject, and in the absence of specific medical context, the collected data are not likely to have an impact on the privacy of the data subject and are not considered to be health data.38 However, if these raw sensor data are being combined with other data (for example if they are transferred to other parties that have access to additional complementary datasets), serious privacy risks may arise. Therefore, these seemingly innocuous data need to be considered as health data. For example, when the number of steps per day and the amount of calorie intake are combined in the risk assessment, the insurance company may conclude that the potential insured runs a higher risk of developing certain diseases and decide to exclude the potential insured from insurance coverage. The information resulting from the combination of these data needs to be considered as data concerning health.39 As a consequence, the insurance company needs to abide by the stricter rules of Article 9.2 GDPR.

36

See Lindqvist, C-101/01 [2003] ECLI:EU:C:2003:596, paragraph 51. Letter from the Chairwoman on behalf of the Article 29 Working Party (2015), p. 2. 38 Letter from the Chairwoman on behalf of the Article 29 Working Party (2015), p. 2. 39 Letter from the Chairwoman on behalf of the Article 29 Working Party (2015), p. 3. 37

182

J. Amankwah and N. Stroobants

In conclusion, the notion ‘health data’ should be interpreted broadly, which implies that insurance companies should be extremely careful when processing data. Even raw sensor data collected by apps and wearables can easily change into health data if they can be used to analyze a person’s health status. To assess this, it does not suffice to look at the character of the data. Their intended use, on their own or in combination with other data, must be taken into account. If conclusions are drawn about a person’s health, regardless of their reliability, these conclusions need to be treated as health data.40

2.2

Privacy and Data Protection Challenges for the Insurance Sector

The GDPR imposes certain challenges upon insurance companies when processing data from their clients. This chapter will outline the most significant ones and will also touch upon the emergence of new technologies and their consequences for the insurance sector when processing data.

2.2.1

The Role and Liabilities of the Actors Involved41

The GDPR provides for a number of actors that are involved in data processing, namely data controllers, data processors, third parties and recipients. Each of them has certain responsibilities. In this part, the role and responsibilities of each of these actors will be analyzed. A first challenge is to determine who can be considered data processor(s) or data controller(s). The data controller has the obligation to implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with the GDPR.42 This implies that the data controller is responsible for compliance with the principles relating to the processing of personal data,43 for the presence of a legal basis to process data and for compliance with the rights of the data subject.44 The data controller is also the one that will be held liable for the damages caused by processing in cases where it infringes the regulation.45 A processor, on the other hand, is only liable for the damages caused by

40

Letter from the Chairwoman on behalf of the Article 29 Working Party (2015); Mulder (2019), p. 217. 41 For more detailed information about the roles and liabilities of processors and controllers see Van Alsenoy (2019). 42 Article 24.1 GDPR. 43 Article 5.1-2 GDPR. 44 Article 29 Working Party (2010), p. 1. 45 Article 82.2 GDPR.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

183

processing where it has not complied with the obligations of the regulation specifically directed to processors or where it has acted outside or contrary to the lawful instructions of the controller.46 Therefore, it is important for insurers, and other actors involved in the insurance process, to know which role they are playing. The GDPR defines ‘controller’ as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.47 According to the Article 29 Working Party, the concept of controller is a functional rather than a formal concept.48 Control can stem from an explicit legal competence, an implicit competence49 or a factual influence.50 Moreover, whoever decides the purpose of the processing (see infra Sect. 2.2.2) and the means (how long data shall be stored, who shall have access to the data processed) is considered to be a controller.51 The CJEU has always interpreted the concept of ‘controller’ very broadly, in order to ensure effective and complete protection of data subjects.52 The ‘processor’ is any legal person, public authority, agency or body which processes data on behalf of the controller.53 According to the Article 29 Working Party, two basic conditions are important for qualifying as a processor: being a separate legal entity with respect to the controller on the one hand and processing data on behalf of the controller on the other hand. ‘Acting on behalf of the processor’ needs to be understood as serving someone else’s interest.54 When processing personal data, the processor is called to implement the instructions given by the controller, at least with regard to the purpose of the processing and the essential elements of the means.55 Furthermore, when determining whether a certain entity has to be regarded as a processor, one has to look at its concrete activities in a specific context. This means that the same entity may simultaneously act as a controller for certain processing operations and as a processor for other processing operations.56

46

Article 82.2 GDPR. Article 4. (7) GDPR. 48 Article 29 Working Party (2010), p. 9. 49 This is the case where the capacity to determine the purpose of the processing is not explicitly laid down by law, nor the direct consequence of explicit legal provisions, but still stems from common legal provisions or established legal practice pertaining to different areas, e.g. the employer in relation to data on his employees, see Article 29 Working Party (2010), pp. 10–11. 50 Article 29 Working Party (2010), pp. 10–12. 51 Article 29 Working Party (2010), pp. 12–14. 52 Google Spain, C-131/12 [2014] EU:C:2014:317, paragraph 34; Wirtschaftsakademie, C-210/16 [2018] EU:C:2018:388, paragraphs 27–28; Jehovah’s witnesses, C-25/17 [2018] EU:C:2018:551, paragraph 66; Van Alsenoy (2019), p. 421. 53 Article 4(8) GDPR. 54 Article 29 Working Party (2010), p. 25. 55 Article 29 Working Party (2010), p. 25; Van Alsenoy (2019), p. 53. 56 Article 29 Working Party (2010), p. 25. 47

184

J. Amankwah and N. Stroobants

If the data controller makes an appeal to one or more processors, the processing by the processor(s) needs to be governed by a contract or other legal act that sets out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller.57 Moreover, the GDPR introduces the possibility of ‘joint controllers’. This is the case when two or more controllers jointly determine the purposes and means of processing.58 According to recent case law of the CJEU, the existence of joint responsibility does not necessarily imply equal responsibility among the various operators involved in the processing of personal data. On the contrary, those operators may be involved at different stages of the processing of personal data and in different degrees.59 Article 26 GDPR provides that the joint controllers need to determine their respective responsibilities for compliance with the obligations provided by the Regulation by means of an arrangement between them. This arrangement needs to reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangements needs to be made available to the data subject.60 An example of joint control in insurance might be co-insurance. However, a distinction should be made between joint controllers and multiple controllers that exchange data without shared purposes and means. The latter should be considered only as a transfer between separate controllers.61 This is, for example, the case where the legal assistance insurer receives data from the liability insurer when handling a claim for the insured. When purchasing an insurance product, insurance intermediaries are often involved to facilitate the process. While assisting the potential policyholder to conclude the insurance contract, insurance intermediaries also process health data. Insurance Europe mentions the classification of insurance intermediaries as either controller or processor as one of the main issues in complying with the GDPR.62 Article 2.1 (3) of the Insurance Distribution Directive63 (IDD) defines the concept ‘insurance intermediary’ as any natural or legal person, other than an insurance or reinsurance undertaking or their employees and other than an ancillary insurance intermediary, who, for remuneration, takes up or pursues the activity of insurance distribution.64 Traditionally, insurance intermediaries have been categorized as 57

Article 28.3 GDPR. Article 26.1 GDPR. 59 Wirtschaftsakademie, C-210/16 [2018] EU:C:2018:388, paragraph 43; Jehovah’s witnesses, C-25/17 [2018] EU:C:2018:551, paragraph 66; Van Alsenoy (2019), p. 73. 60 Article 26.2 GDPR. 61 Article 29 Working Party (2010), p. 19. 62 Insurance Europe (2019), p. 1. 63 Directive (EU) 2016/97 of the European Parliament and of the Council, 20 January 2016 on insurance distribution, O.J. 2 February 2016, L. 26, 19. 64 ‘Insurance distribution’ is defined as the activities of advising on, proposing, or carrying out other work preparatory to the conclusion of contracts of insurance, of concluding such contracts, or of assisting in the administration and performance of such contracts, in particular in the event of 58

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

185

either insurance agents or insurance brokers. Insurance agents generally conduct business on behalf of one or more insurance companies. Agents represent the insurance companies in the insurance process and usually operate under the terms of an agency agreement. Agents can be either employed or self-employed.65 Insurance brokers help potential policyholders in assessing their insurance needs and their choice of insurance by presenting them with alternatives in terms of insurers and products. Contrary to agents, brokers usually work with multiple insurance companies and do not have a direct contractual relationship with insurance companies to place business on an exclusive basis.66 On the basis of the definitions provided by the GDPR, it can be argued that insurance brokers can be considered data controllers, whereas insurance agents can be considered data processors. As explained above, insurance agents usually work on behalf of the insurance company they are associated with, whereas an insurance broker acts independently from any insurance company.67 However, as highlighted above, the definitions of processor and controller are functional. This means that the legal status of an actor as either ‘controller’ or ‘processor’ must be determined by its actual activities in a specific context.68 Hence, the legal status of an insurance intermediary will depend on the role it plays in processing operations.69 In other words, the insurance intermediary needs to examine, for every single processing operation involving personal data, whether it is a processor or controller.70 In some cases, an insurance intermediary will be processing personal data on its own behalf, for example, when it processes personal data about its employees, retains data about clients for its own records, etc. In other cases, the insurance intermediary acts under clear processing instructions from the insurance company, for instance, where the intermediary is appointed by the insurance company to act as an administrator for the insurance company.71,72 In conclusion, it is rather difficult to determine if an insurance intermediary has to be considered a data controller or processor as the definitions provided by the GDPR are functional in nature and the insurance intermediary has to make this assessment for every single processing operation in which it is involved. As the role of data controller comes with a lot of obligations and strict sanctions in case of

a claim, including the provision of information concerning one or more insurance contracts in accordance with criteria selected by customers through a website or other media and the compilation of an insurance product ranking list, including price and product comparison, or a discount on the price of an insurance contract, when the customer is able to directly or indirectly conclude an insurance contract using a website or other media; see Article 2.1 (1) IDD. 65 EIOPA (2018), p. 11. 66 EIOPA (2018), p. 12. 67 Henrotte and Coton (2018), p. 108. 68 Article 29 Working Party (2010), p. 25. 69 BIPAR (2016), p. 14. 70 Henrotte and Coton (2018), p. 109. 71 For example, where the insurance intermediary collects the insured’s billing details or the answers to (medical) questionnaires. 72 BIPAR (2016), p. 15.

186

J. Amankwah and N. Stroobants

non-compliance, insurance intermediaries have to cope with a lot of legal uncertainties. Therefore, these entities tend to categorize themselves by default as data controllers.73 In Spain, the Draft Law on Insurance Distribution tries to solve this legal uncertainty by stipulating that the insurance broker is a data controller and the insurance agent is a data processor. Other actors named by the GDPR are third parties and recipients. A ‘third party’ is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor are authorized to process personal data.74 ‘Third parties’ should be regarded as the residual category, meaning that the term refers to any party that is not part of the ‘inner circle’ of a particular instance of data processing, which includes only the data subject, processor, controller and their employees.75 The Article 29 Working Party clarifies that, in the data processing context, ‘third party’ should be interpreted as referring to any subject that has no specific legitimacy or authorization—which could stem, for example, from its role as controller or processor, or their employee—in processing personal data.76 This means that, for example, an employee of an insurance company who, when carrying out his tasks, gains knowledge of personal data to which he or she is not authorized to have access shall be regarded as a ‘third party’ vis-à-vis his/her employer.77 According to the Article 29 Working Party, any third party receiving personal data—either lawfully or unlawfully—would in principle be a new controller, provided that the other conditions for the qualification of this party as controller and the application of the GDPR are met.78 A ‘recipient’ is a natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.79

2.2.2

Purpose Limitation

The principle of purpose limitation sets limits on the way in which data can be used. The concept of purpose limitation has two key components. First, personal data must be collected for ‘specified, explicit and legitimate’ purposes (purpose specification). The purpose has to be specified, which means that it is sufficiently defined to enable the implementation of any necessary data

73

Insurance Europe (2019), p. 8. Article 4.(10) GDPR. 75 Van Alsenoy (2019), p. 130. 76 Article 29 Working Party (2010), p. 31. 77 Article 29 Working Party (2010), p. 31; BIPAR (2016), p. 15. 78 Article 29 Working Party (2010), p. 31. 79 Article 4.(9) GDPR. 74

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

187

protection safeguards and to delimit the scope of the processing. To be explicit, the purpose must be sufficiently unambiguous and clearly expressed. The purpose also needs to be legitimate. The term ‘legitimate’ goes beyond the legal grounds for processing stated in Article 6 GDPR and also refers to broader legal principles of law, such as non-discrimination.80 Furthermore, the purpose must be specified no later than at the time of the collection of the data.81 The second component of purpose limitation is ‘compatible use’. This means that once the personal data are collected, they must not be ‘further processed in a way incompatible’ with those purposes.82 The prohibition of ‘incompatibility’ does not altogether rule out new, different uses of the data. Moreover, compatibility needs to be assessed on a case-by-case basis, and all relevant circumstances need to be taken into account.83 Thus, insurers need to specify the purpose for which they collect and process data, and they cannot process these data in a way that is incompatible with this purpose. Examples of purposes for processing data in insurance are risk and premium calculation, claim handling, marketing, communication, etc. Moreover, insurers need to communicate this purpose to the policyholder in a clear and understandable manner. If it appears that the data may also be useful for other purposes, for example through the application of new technologies, the insurer has to check whether this purpose is compatible with the original purpose for which the data are being processed. If not, the insurer needs to inform the data subject about the fact that his or her data are being processed for a new purpose.84

2.2.3

Rights of the Data Subject

The GDPR grants certain rights to data subjects.85 In the context of insurance, these can be the policyholder, insureds, beneficiaries or victims. Below, a brief explanation of the most relevant rights will be given. A first right protecting the data subject is the right to transparent information. Following the requirements laid down by Article 13 GDPR, insurers need to explain to policyholders in a simple and understandable way (1) what personal data are being collected, (2) who is using their personal data, (3) how these data are processed (this includes, for example, concerns of data security and confidentiality) and (4) what their rights regarding their personal data are.86 The insurer has to make sure that the required information relating to processing is communicated in a concise,

80

Article 29 Working Party (2013), p. 12. Article 29 Working Party (2013), p. 9. 82 Article 5.1 (b) GDPR. 83 Article 29 Working Party (2013), p. 21. 84 Article 29 Working Party (2013), p. 21. 85 Articles 12–22 GDPR. 86 Recital 39 GDPR. 81

188

J. Amankwah and N. Stroobants

transparent, intelligible and easily accessible form, using clear and plain language.87 Due to the technical and complex nature of insurance, compliance with this right might be challenging for the insurer, especially when new technologies like algorithms are used. A second important right of the data subject is the right to erasure or the so-called right to be forgotten. Under this right, the policyholder, insureds, beneficiaries and victims have the possibility to obtain from the insurer the erasure of personal data concerning themselves without undue delay.88 Third, Article 20 GDPR creates a right to data portability. It allows for insureds to receive the personal data that they have provided to an insurer, in a structured, commonly used and machine-readable format, and to transmit those data to another data controller.89 The right to data portability only applies when processing operations are based on consent (see infra Sect. 3) or when the processing is necessary for the performance of the contract.90 Last, Article 22.1 GDPR grants the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.91 Following the wording of Article 22.1 GDPR, the strict requirements of this article only apply to ‘solely’ automated individual decision-making, including profiling. Solely automated individual decision-making, including profiling, is the ability to make decisions by technological means without any human involvement.92 The difference between ‘solely’ automated individual decision-making, including profiling, and general automated individual decision-making is thus determined by the absence or existence of human involvement in the process. This human involvement cannot be merely symbolic and has to be carried out by someone who has the authority and competence to actively review and change the decision, rather than being blindly steered by the process.93 As a consequence, if the algorithm is just a support tool and the decision made by it is only considered a recommendation, Article 22 GDPR will not apply.94 Instead, the general framework of the GDPR will apply, such as the rules on the legal grounds of processing (Article 6 and Article 9 GDPR), the data protection principles (Article 5 GDPR) and the rights of data subjects (Chapter III GDPR).

87

Article 12 GDPR; Article 29 Working Party (2017b), p. 7. Article 17.1 GDPR. 89 Article 20 GDPR. 90 Article 29 Working Party (2016), p. 8. 91 For more information on profiling in insurance and related aspects see McGurk (2019), Regout (2018), Drechsler and Benito Sánchez (2018), BEUC (2020), Stroobants (2021), and Amankwah (2021). 92 Article 29 Working Party (2018b), p. 8; Kamenjasevic (2017), p. 2. 93 Article 29 Working Party (2018b), pp. 20–21; Mendoza and Bygrave (2017), p. 87; Stroobants (2021). 94 Mendoza and Bygrave (2017), p. 87; Goetghebuer (2020), p. 151. 88

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

189

The GDPR does not define what has to be understood by ‘legal effects concerning him or her or similarly significantly affects him or her’. According to the Article 29 Working Party, a legal effect requires something that affects a person’s legal status or his or her rights under a contract.95 This could be, for example, the cancellation of an (insurance) contract. Even if an automated individual decision-making process does not have an effect on the data subject’s legal rights, it could still fall within the scope of Article 22 GDPR if it produces an effect that ‘similarly significantly affects him or her’. According to the Article 29 Working Party, this means that the decision must (1) have the potential to significantly affect the circumstances, behaviour or choices of the individuals concerned; (2) have a prolonged or permanent impact on the data subject; (3) lead to the exclusion or discrimination of individuals.96 Thus, if a solely automated individual decision-making process, including profiling, leads to the exclusion of a person from an insurance contract or the refusal to provide cover for a specific insurance claim, the decision-making process has to be considered as producing an effect that ‘similarly significantly affects him or her’. ‘Profiling’ is defined as any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.97 Profiling processes are often used in insurance underwriting to determine the premium policyholders should pay according to the risk they represent. As mentioned above, insurers will assess the risk and calculate the premium on the basis of a risk profile. Moreover, profiling is also used by insurers to identify fraudulent activities.98 The use of profiling with solely automated means in the insurance sector is still quite limited. However, many insurance companies are currently experimenting and planning to implement it within 3 years.99 Insurers can only apply solely automated individual decision-making, including profiling, if they can rely on one of the following legal bases: (1) the decision is necessary for entering into, or the performance of, a contract between the data subject and a data controller; (2) the decision is authorized by Union or Member State law; and (3) the decision is based on the data subject’s explicit consent.100 With regard to special categories of personal data, including health data, insurers can only apply solely automated individual decision-making, including profiling, if Article 9.2 (a) or 9.2 (g) GDPR applies (see infra Sect. 3).101 Insurers should pay special attention when profiling as profiling can create special category data by inference

95

Article 29 Working Party (2018b), p. 21. Article 29 Working Party (2018b), pp. 1–22. 97 Article 4.(4) GDPR. 98 Insurance Europe (2017a), p. 3; Amankwah and Van Schoubroeck (2021); Stroobants (2021). 99 EIOPA (2019), p. 15. 100 Article 22.2 GDPR. 101 Article 22.4 GDPR. 96

190

J. Amankwah and N. Stroobants

from data that are not special category data in their own right but become so when combined with other data.102 This is the case when, for example, the insurer attempts to estimate the health status of the insured by combining the number of steps with the amount of calories consumed a day. In this case, although only seemingly innocuous data are being processed, the insurer has to rely on a legal basis stated in Article 9.2 GDPR. Apart from the requirement of having a lawful basis, insurers need to respect certain rights of the insured granted by the GDPR when applying solely automated individual decision-making, including profiling. First, insurers need to be transparent about the existence of the application of solely automated individual decisionmaking and profiling. The complex techniques involved in those profiling and automated decision-making processes have to be converted into concise, transparent, intelligible and easily accessible information. The policyholder and insureds need to be informed about the logic involved, as well as the significance and the envisaged consequences of such processing.103 The GDPR does not require a complex explanation of the algorithms used or the disclosure of the full algorithm. The information provided should, however, be sufficiently comprehensive for the data subject to understand the reason for the decision.104 Second, solely automated individual decision-making and profiling need to be fair. For example, automated decisionmaking and profiling may not lead to discriminatory practices like charging higher premiums or denying people access to insurance. Third, the policyholder and insureds have the right to obtain human intervention,105 to express their point of view and to contest the decision.106

102

Article 29 Working Party (2018b), p. 15. Article 13.2 (f) GDPR. 104 Insurance Europe expressed the concern that this kind of information could also be useful for their competitors as it includes complex mathematical and actuarial methods of calculating and pooling risk. According to Insurance Europe, publishing the risk factors used to make such an assessment, for example age, health status, could suffice to give consumers an overall view of the most important criteria that influence the insurer’s assessment in an understandable manner, without revealing complex information about the underlying algorithm, see Insurance Europe (2017a). 105 According to the Article 29 Working Party, human intervention is a key element. Any review must be carried out by someone who has the appropriate authority and capability to change the decision made on the basis of automated individual decision-making, including profiling. The reviewer should undertake a thorough assessment of all the relevant data, including any additional information provided by the data subject, see Article 29 Working Party (2018b); Stroobants (2021). 106 Article 22.3 GDPR; Article 29 Working Party (2018b), pp. 27–28. 103

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

191

3 Lawfulness of Health Data Processing 3.1

Significance of Health Data for the Insurance Sector and Nature of the Processed Data

Insurers often need to process sensitive data (especially health data) of the policyholder, insured, beneficiary and the victim to fulfil their (pre-)contractual obligations. Insurance is based on risk analysis. For a number of insurance products, e.g. health insurance, the processing of health data is inevitable. Before entering into a contract, the insurer checks the probability of a person developing diseases or dying. Then the insurer classifies the potential client among the categories of risk and calculates the premium or rejects the risk. Moreover, the insurer may have to process health data in the implementation of the agreement, for example, when settling claims for the benefit of insured parties. In other types of insurance, such as liability insurance and legal expense insurance, the insurer will likely have to process health data as well. In these types of insurance, the insurer might also have to process the health data of injured parties who are not parties to the agreement.

3.2

Potential Legal Grounds for Processing Health Data in Insurance

The principles of the fundamental right to data protection require, inter alia, that personal data are processed lawfully with a legitimate purpose in mind. The lawful processing of personal data requires a legitimate ground. With regard to health data, the particular sensitive nature of the data makes processing even more challenging for the insurer. Data concerning health belong to the ‘special categories of personal data’. These are personal data that are, by their nature, particularly sensitive in relation to fundamental rights and freedoms. This kind of data merits specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms of the data subject.107 Generally, Article 9 GDPR states that the processing of special categories of personal data, among which data concerning health, shall be prohibited. However, Article 9.2 GDPR provides an exhaustive list of ten legal grounds on which to process special categories of personal data, such as health data. Of these ten possible legal grounds, only a few may be eligible for the processing of health data for insurance purposes. In addition, when selecting one of these legal grounds, it is important to keep in mind the purpose of the processing operation. Not every legal ground will be equally suitable for each purpose. For instance, some legal grounds are more suitable for purposes of premium calculation and risk assessment, while

107

Recital 51 GDPR.

192

J. Amankwah and N. Stroobants

others are more suitable for claim handling. This holds equally true for the diverse insurance products. For example, a health insurer might be able to invoke other legal grounds when processing health data than a liability insurer or a legal expense insurer. The following legal grounds could possibly be invoked by an insurer: – Article 9.2, a) GDPR: the data subject has given explicit consent to the processing of those personal data for one or more specified purposes. – Article 9.2, b) GDPR: processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or data subject in the field of employment and social security and social protection law in so far as it is authorized by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject. – Article 9.2, f) GDPR: processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. – Article 9.2, g) GDPR: processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject. – Article 9.2, h) GDPR: processing is necessary for the purposes of preventive or occupational medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to a contract with a health professional and when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies. – Article 9.2, i) GDPR: processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy. This part will assess each legal ground’s merits and demerits. In addition, each legal ground’s eligibility for certain purposes or insurance products will be assessed. Also, throughout the analysis, the possibility to apply profiling with solely automated means will be discussed. This is a crucial aspect for insurers as insurance companies can make use of these technologies to set premiums, handle claims, prevent insurance fraud or market insurance products to customers, for instance (see supra Sect. 2.2.3). Moreover, this part will examine whether Member States of the EU have opted to implement national legislation allowing the processing of

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

193

health data for insurance purposes on one or more specific legal grounds. Unfortunately, due to language barriers, this part will not assess each Member State’s data protection authority’s guidelines, opinions or rulings on this matter.

3.2.1

Explicit Consent (Article 9.2, a) GDPR)

According to Article 9.2, a) GDPR, the processing of health data is possible if the insurer acquires, prior to processing,108 the explicit consent of the data subject. Article 4. 11) GDPR defines consent as any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. The GDPR raises the bar for valid consent to a higher standard compared to the consent requirement in the Data Protection Directive.109,110 ‘Explicit’ consent is understood as having the same meaning as express consent. It encompasses all situations where individuals are presented with a proposal to agree or disagree to a particular use or disclosure of their personal information and they respond actively to the question, orally or in writing.111 Individuals may give explicit consent, orally and also in writing, by engaging in an affirmative action to express their desire to accept a form of data processing. Explicit consent could prove to be a useful legal ground for every purpose and every category of insurance product. Every insurer, regardless of the product, could use explicit consent as a means to process health data for a number of purposes, such as underwriting, claim handling, etcetera. Importantly and as mentioned previously, explicit consent could also legitimize decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect the data subject with respect to health data (Article 22.4 GDPR). Therefore, explicit consent seems a viable option. Unfortunately, the viability of this legal ground is negatively affected by several significant challenges. These challenges will be discussed after the conditions for valid consent have been clarified.

3.2.1.1

Conditions

To obtain valid explicit consent, the following five cumulative conditions need to be met:

108

Article 29 Working Party (2018a), p. 17. In comparison, Article 2, h) Data Protection Directive defines consent as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.” 110 EDPB (2020), p. 16. 111 Article 29 Working Party (2011b), p. 25. 109

194

1. 2. 3. 4. 5.

J. Amankwah and N. Stroobants

Consent must be given freely. Consent must be specific. Consent must be informed. Consent must be unambiguous. Consent must be explicit. This condition must only be met in the case of processing of special categories of personal data, such as health data.

First, consent should be given freely. Thus, consent can only be valid if the data subject is able to exercise a real choice, and there is no risk of deception, intimidation, coercion or significant negative consequences (e.g. substantial extra costs) if the data subject does not consent.112 On the contrary, consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.113 Furthermore, recital 43 GDPR specifies that in order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation. The Article 29 Working Party and the EDPB emphasize that an imbalance of power is not limited to public authorities and employers and may also occur in other situations.114 Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance. Second, consent must be specific. This condition is closely related to the principle of purpose limitation contained in Article 5.1, b) GDPR. It means that personal data have to be collected for specified, explicit and legitimate purposes and cannot be further processed in a manner that is incompatible with those purposes. The requirement that consent must be ‘specific’ aims to ensure a degree of user control and transparency for the data subject.115 To be specific, consent must be intelligible. In other words, it should refer clearly and precisely to the scope and consequences of the data processing.116 Furthermore, consent should refer to the processing that is reasonable and necessary in relation to the purpose.117 It includes mention of which data are processed and for which purposes. Third, consent must be informed. This condition is closely related to the principle of transparency contained in Article 5.1, a) GDPR. It means that personal data must

112

EDPB (2020), pp. 43–51. Recital 42 GDPR. 114 EDPB (2020), p. 7. 115 Article 29 Working Party (2018a), p. 11. 116 EDPB (2020), p. 16. 117 EDPB (2020), p. 4. 113

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

195

be processed lawfully, fairly and in a transparent manner in relation to the data subject. For consent to be informed, the data subject should be aware at least of the identity of the insurer and the purposes of the processing for which the personal data are intended.118 According to the Article 29 Working Party, at least the following information is required for obtaining valid informed consent: (1) the controller’s identity,119 (2) the purpose of each of the processing operations for which consent is sought, (3) what (type of) data will be collected and used, (4) the existence of the right to withdraw consent, (5) information about the use of the data for automated decision-making and (6) the possible risks of data transfers due to the absence of an adequacy decision and appropriate safeguards.120 Fourth, consent must be unambiguous. In comparison with the Data Protection Directive, the GDPR adds the unambiguity condition to the definition of consent. However, Article 7. a) Data Protection Directive already introduced unambiguous consent as a legitimate ground to process personal data by stating that Member States will provide that personal data may only be processed if the data subject has unambiguously given his consent. Consent is unambiguous whenever there is either a statement from the data subject or a clear affirmative act, which means that it must always be given through an active motion or declaration. It must be obvious that the data subject has consented to the processing.121 Currently, the EPDB adopts a stricter interpretation of the term unambiguous consent in light of the GDPR than it previously did in light of the Data Protection Directive. For instance, in light of the GDPR, the EPDB states that consent requires a deliberate action to consent to the particular processing,122 while previously, regarding the Data Protection Directive, the Article 29 Working Party stated that in some circumstances, unambiguous consent may be inferred from certain actions.123 Last, consent must be explicit. ‘Explicit’ consent is specifically required for the processing of sensitive data, such as health data.124 Article 8.2, a) Data Protection Directive contained the same requirement. According to the Article 29 Working Party, the term ‘explicit’ refers to the way consent is expressed by the data subject. It means that the data subject must give an express statement of consent. This goes beyond the requirement of an unambiguous indication of wishes. An obvious way to make sure consent is explicit would be to expressly confirm consent in a written statement. Where appropriate, the insurer could make sure the written statement is

118

Recital 42 GDPR. Recital 42 GDPR states: “[. . .] For consent to be informed, the data subject should be aware at least of the identity of the controller and the purposes of the processing for which the personal data are intended. [. . .].” 120 Article 29 Working Party (2018a), p. 13. 121 EDPB (2020), p. 18. 122 EDPB (2020), p. 8. 123 Article 29 Working Party (2011b), p. 23. 124 “Explicit” consent is not required when processing other categories of personal data (Article 6.1, a) GDPR). 119

196

J. Amankwah and N. Stroobants

signed by the data subject in order to remove all possible doubt and potential lack of evidence in the future. However, the Article 29 Working Party adds that such a signed statement is not the only way to obtain explicit consent, and it cannot be said that the GDPR prescribes written and signed statements in all circumstances that require valid explicit consent.125,126

3.2.1.2

Challenges

The processing of health data on the basis of explicit consent could prove to be challenging for the insurance sector. First of all, according to the principle of accountability, the insurer needs to be able to demonstrate that the data subject has consented to the processing of his or her personal data.127 Although the GDPR does not require consent to be written, it is highly recommended, whenever possible and applicable, to obtain written consent.128 In its GDPR consent guidance, the UK Information Commissioner’s Office (ICO) recommends that the controller (in casu the insurer) keep good records that demonstrate the following: (1) who consented, (2) when they consented, (3) what they were told at the time, (4) how they consented and (5) whether they have withdrawn consent. The Association of British Insurers (ABI) has responded to this guidance and states that ICO’s interpretation of consent would render the processing of health data on the basis of consent inappropriate.129 Furthermore, it begs the question of whether given consent remains valid indefinitely. The EDPB argues that the expiration date of consent depends on the context and reasonable expectations of the data subject.130 Consequently, the EDPB advises to periodically renew acquired consent. This could create a considerable administrative strain on the insurer and could, according to Insurance Europe, lead to several practical issues, for instance if the data subject neglects to reply to the insurer’s request to renew the consent and does not withdraw the consent either.131 A second issue that could arise relates to the practicalities of actually obtaining written consent. Obtaining the consent of the policyholder should prove to be more straightforward than obtaining the consent of persons that are not directly part of the 125 For example, in the digital or online context, a data subject may be able to issue the required statement by filling in an electronic form, by sending an email, by uploading a scanned document carrying the signature of the data subject, or by using an electronic signature. In theory, the use of oral statements can also be sufficiently express to obtain valid explicit consent, however, it may be difficult to prove for the controller that all conditions for valid explicit consent were met when the statement was recorded. 126 Sydow (2018), p. 479. 127 Article 7.1 GDPR. 128 Jay (2017), p. 90. 129 Association of British Insurers (2017), p. 1. 130 EDPB (2020), p. 23. 131 Insurance Europe (2017a, b), p. 4.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

197

insurance contract (referred to as ‘third persons’132). The policyholder’s consent can be acquired at the time of the conclusion of the insurance contract. In practice, the insurers currently put general disclaimers (or policy notices) for the collection and processing of personal data on their websites or in the general terms and conditions attached to the insurance policy. However, it is highly doubtful that these disclaimers or policy notices are sufficient. Most notably, the GDPR requires consent to be specific and informed. This means that the insurer needs to clearly inform the policyholder of the purpose of the processing. Blanket consent without determination of the exact purposes does not meet the threshold set by the GDPR. Rather than inserting the information in the general conditions of the contract, the EDPB calls for the use of specific consent clauses, separated from the general terms and conditions.133 In the same vein, Bruyndonckx134 clarifies that insurers can no longer validly obtain consent through the use of the general terms and conditions attached to an insurance policy. He also calls for the use of specific consent clauses, separated from the insurance policy. Therefore, the insurers should assess whether the wording of their current disclaimers or policy notices fulfils the requirements outlined by the GDPR. The insurer should also strive to obtain the consent of any third person whose health data will potentially be processed. As mentioned above, the validity of the consent is dependent on the awareness of the data subject of the identity of the insurance company and the purposes of the processing for which the personal data are intended. In practical terms, the insurer should therefore address the third person, providing clear information135 concerning the insurer’s identity and purpose136 and, finally, asking the potential data subject to unambiguously and explicitly state his or her agreement with the processing of his/her personal data. It could be argued that this puts a considerable strain on the administration of the insurer. Insurance Europe considers that insurers face difficulties in obtaining consent from data subjects who did not conclude a contract with the insurance company (for instance an insured benefiting from an insurance policy in the context of group insurance, an injured party in a contract of third-party liability insurance, etc.).137 A third issue is related to the condition that consent should be given ‘freely’. In assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the

This term is not to be confused with the term “third parties” defined in Article 4 (10) GDPR (see supra Sect. 2.2.1). 133 EDPB (2020), p. 7. 134 Bruyndonckx (2017), p. 55. 135 The provision of such information does not seem to be impossible or to involve a disproportionate effort as the insurer has to address the potential data subject anyway in order to obtain his consent. Therefore, it could be argued that Article 14.5 (b) GDPR does not apply in this situation. 136 Also see Article 14 GDPR. 137 Insurance Europe (2019), pp. 4–5. 132

198

J. Amankwah and N. Stroobants

performance of that contract (Article 7.4 GDPR). No undue influence or pressure (which can be of an economic or other nature), whether direct or indirect, may be exercised on the data subject, and consent should not be regarded as freely given where the data subject has no genuine choice or is unable to refuse or withdraw consent without prejudice.138 In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data if there is a clear imbalance between the data subject and the insurer. In that case, it is therefore unlikely that consent was freely given in all the circumstances of that specific situation.139 The EDPB considers an imbalance of power to be present whenever the controller is a public authority or in the case of data processing in an employer/ employee relationship.140 The EDPB adds that imbalances of power may also occur in other situations if the data subject is not able to exercise a real choice and there is a risk of deception, intimidation, coercion or significant negative consequences (e.g. substantial extra costs) if he/she does not consent.141 In an insurance context, such an imbalance between the insurer and the (prospective) policyholder or insured could also be argued. Can a potential policyholder exercise a real choice, or will he/she face negative consequences when withholding consent? This begs the question of whether consent in such a context can be considered as freely given. The event where a policyholder or insured denies the insurer consent for the processing of his or her health data will likely result in the insurer denying any insurance coverage. In other words, consent in an insurance context has a strong connection with the performance of a contract. Insurance Europe has also addressed this problem.142 In reference to the Article 29 Working Party public consultation on draft guidelines on consent, Insurance Europe invites the Article 29 Working Party to provide the necessary clarifications, inter alia, relating to health data processing in insurance and why consent matters. Following an a contrario interpretation of Article 7.4 GDPR, Insurance Europe states that conditional consent shall be considered as freely given if the processing of the data is necessary for entering into or for the performance of the contract.143 Here, Insurance Europe recommends that in order to provide the necessary legal certainty, the guidelines should clarify that consent is deemed freely given, and thus valid, where it is given for the processing of special categories of data that are necessary for entering into or for the performance of the contract in an insurance context.144 Nevertheless, in its 2018 Guidelines on consent, the Article 29 Working Party does not adopt Insurance Europe’s recommendation. In fact, according to the Article 29 Working Party’s interpretation of Article 7.4 GDPR, consent is not the appropriate lawful basis if an insurer seeks to

138

Council of Europe (2018), p. 7. Recital 43 GDPR. 140 EDPB (2020), pp. 8–9. 141 EDPB (2020), p. 9. 142 Insurance Europe (2019), pp. 4–5. 143 Insurance Europe (2017a, b), p. 3. 144 Insurance Europe (2019). 139

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

199

process personal data that are in fact necessary for the performance of a contract.145 Moreover, the Article 29 Working Party states that Article 7.4 GDPR is only relevant where the requested data are not necessary for the performance of the contract (including the provision of a service) and the performance of that contract is made conditional on the obtaining of these data on the basis of consent. Conversely, if processing is necessary to perform the contract (including to provide a service), then Article 7.4 does not apply.146 As a result, specifically in the insurance context, consent could be regarded as being conditional for the performance of the contract. A conditional consent is by definition not freely given.147 Thus, the validity of explicit consent in the context of an insurance contract is left hanging in the balance. Finally, Article 7.3 GDPR grants the data subject the right to withdraw his or her consent at any time. While the Data Protection Directive does not have a specific provision containing the right to withdraw consent, the Article 29 Working Party considers the possibility to withdraw consent to be complicity engrained in the Data Protection Directive.148 The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In other words, decisions or processes previously taken on the basis of this information can therefore not be simply annulled. However, if there is no other legal basis justifying the further processing of the health data, it should be deleted by the insurer. It is important to note that an insurer cannot swap from consent to other lawful bases.149 This could make it impossible for insurers to continue and honour the insurance contract. Moreover, after the withdrawal by the insured of the consent for processing personal data, it becomes impossible for the insurance company to prove alleged fraud or intentional non-disclosure by the insured.150 It is clear from the foregoing that consent as a processing ground gives rise to practical and legal problems for the insurance sector. Unfortunately, due to the very nature of the insurance sector, the use of explicit consent as a legal ground for the processing of sensitive data is far from ideal. However, the concept of consent is not new and was often used as a legal basis for the processing of sensitive data during the application of the directive. So far, there is no indication that consent was not a valid legal basis for the processing of health data during the application of the directive. The European Commission only explained that, in the absence of an alternative legal basis, the use of consent in insurance often led to the use of blanket declarations by insurance companies, which might be doubtful as regards both ‘informed’ and ‘free’ consent.151 Most of the elements that are added in the GDPR were already required by the Article 29 Working Party and elaborated on in their opinions during the

145

Article 29 Working Party (2018a), p. 9. Article 29 Working Party (2018a), p. 9. 147 EDPB (2020), pp. 10–11. 148 Article 29 Working Party (2011b), p. 13. 149 EDPB (2020), p. 25. 150 Belgian Insurance Commission (2019), p. 4. 151 European Commission (2012), p. 29. 146

200

J. Amankwah and N. Stroobants

application of the directive. However, the main difference between the directive and the regulation is that the interpretations by the Article 29 Working Party are now made explicit in binding legislation, and non-compliance is strictly sanctioned.

3.2.2

Purpose in the Field of Social Security and Social Protection Law (Article 9.2, b) GDPR)

Article 9.2, b) GDPR allows the processing of health data if the processing is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or data subject in the field of employment and social security and social protection law in so far as it is authorized by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and interests of the data subject. This provision expands on Article 8.2, (b) Data Protection Directive, which provided that the processing of health data is allowed if processing is necessary for the purposes of carrying out the obligations and specific rights of the controller in the field of employment law in so far as it is authorized by national law providing for adequate safeguards.152 The GDPR adds the field of social security and social protection to the scope of application, which was previously considered a matter of substantial public interest.153,154 The eligibility of this legal ground for the processing of health data for insurance purposes is dependent on the interpretation of the term ‘social protection law’, which will be examined below. In any case, this legal basis cannot legitimize decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject with respect to health data.155

3.2.2.1

Conditions

Provided for by Law or a Collective Agreement Article 9.2, b) GDPR requires authorization by Union or Member State law or a collective agreement pursuant to Member State law. Recital 41 GDPR clarifies that a legal basis or legislative measure does not necessarily require a legislative act adopted by a parliament, without prejudice to the requirements pursuant to the constitutional order of the Member State concerned. However, such a legal basis or legislative measure should be clear and precise, and its application should be

152

Sydow (2018), p. 480. Article 8.4 of the Directive. 154 Article 29 Working Party (2007), pp. 12–13; Sydow (2018), p. 480. 155 Article 22.4 GDPR. 153

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

201

foreseeable to persons subject to it, in accordance with the case law of the CJEU and the ECtHR.156 Obligations and Rights in the Field of Employment, Social Security and Social Protection Law The GDPR does not define the terms ‘field of employment’, ‘social security’ and ‘social protection’. Therefore, the exact scope of application of Article 9.2, b) GDPR is rather unclear. Nevertheless, a broad interpretation of Recital 45 GDPR seems to indicate that social protection has a health purpose component. Recital 45 states that ‘[. . .] where it is in the public interest to do so, including for health purposes such as public health and social protection and the management of health care services, by private law, such as a professional association’. In other words, Recital 45 GDPR cites social protection as a health purpose. In order to assess the eligibility of Article 9.2, b) GDPR as a legal basis for the processing of health data in the insurance sector, it is imperative to clarify the concept of ‘social protection’. In this search for clarity, it is important to remember that Member States may have different views on the definition of ‘social protection’. Keeping that in mind, this chapter looks at definitions provided at the EU level, meaning definitions utilized by the European Commission or the European Parliament. In a briefing concerning social protection in the EU, the European Parliamentary Research Service recognizes that there are many existing definitions of the concept ‘social protection’.157 Despite their diversity, the European Parliamentary Research Service adds that they contain common features that involve all private and public initiatives that are targeted at disadvantaged or vulnerable groups with the overall aim of reducing economic and social vulnerability. The briefing also refers to a definition of the concept ‘social protection’ developed by Devereux and SebatesWheeler. According to them, social protection can be understood as ‘all public and private initiatives that provide income or consumption transfers to the poor, protect the vulnerable against livelihood risks and enhance the social status and rights of the marginalised; with the overall objective of reducing the economic and social vulnerability of poor, vulnerable and marginalised groups’.158 The European Commission considers social protection as systems designed to provide protection against the risks and needs associated with unemployment, sickness and health, invalidity, etcetera.159 Furthermore, the European Commission considers guaranteeing access to high-quality health care as a key objective of social protection systems in the 156

See for example the Advocates General opinion in Tele 2 Sverige, C-203/15 and C-698/15 [2016] ECLI:EU:C:2016:572, paragraph 137–154; Schwarz, C-291/12 [2013] ECLI:EU: C:2013:401, paragraph 43; Scarlet Extended, C-70/10 [2011], ECLI:EU:C:2011:255, paragraph 88–114. 157 European Parliamentary Research Service (2018), 2. 158 Devereux and Sebates-Wheeler (2004), p. 9. 159 For more information, consult https://ec.europa.eu/social/main.jsp?catId¼1063& langId¼en#navItem-relatedDocuments.

202

J. Amankwah and N. Stroobants

EU.160 Therefore, we can conclude that the provision of private health insurance can be considered to fall within the scope of application of ‘social protection’. Moreover, other types of insurance coverage that provide protection against the risks and needs associated with unemployment, sickness and health, and invalidity could also be considered to fall within the said scope of application (such as accident insurance, occupational pensions insurance, etcetera). Appropriate Safeguards for the Fundamental Rights and the Interests of the Data Subject The application of Article 9.2, b) GDPR calls for appropriate safeguards to protect the fundamental rights and interests of the data subject. Whether a Member State has provided the suitable safeguards needs to be examined on a case-by-case basis. Possible safeguards include anonymization, the adoption of qualified technical security measures, encryption, pseudonymization of the data and restriction of access to the data.161 The current state-of-the-art of data security methods and techniques for data processing must be considered when implementing appropriate security measures. The cost of such measures must be proportionate to the seriousness and probability of potential risks.162

3.2.2.2

Applications

At the time of publishing, there are no known clear-cut applications of this legal ground known to the authors. However, according to Insurance Europe, some Member State data protection authorities allow the processing of health data in the insurance context on the basis of Article 9.2, b) GDPR.163 Unfortunately, due to language barriers and a lack of further elaboration on the part of Insurance Europe, the authors were unable to conduct an in-depth analysis of every Member State’s data protection authority guidelines, opinions or rulings concerning the matter.

3.2.3

Establishment, Exercise or Defence of Legal Claims (Article 9.2, f) GDPR)

Article 9.2, f) GDPR allows the processing of health data if the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. This provision builds on the second part of Article 8.2, (e) Data Protection Directive, which provided that the processing of

160

For more information, consult https://ec.europa.eu/social/main.jsp?catId¼754&langId¼en. Council of Europe (2018), p. 9. 162 European Union Agency for Fundamental Rights and Council of Europe (2018), p. 133. 163 Insurance Europe (2019), p. 4. 161

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

203

health data is allowed if ‘[. . .] necessary for the establishment, exercise or defence of legal claims’. In any case, this legal basis cannot legitimize decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject with respect to health data.164 Can insurers use this legal ground for the processing of health data?

3.2.3.1

Conditions

Establishment, Exercise or Defence of Legal Claims Article 9.2, f) GDP0R only contains one specific purpose or condition, namely the purpose of the establishment, exercise or defence of legal claims. The processing must be relevant to a specific legal claim and its exercise or defence, respectively, and may be requested by any one of the disputing parties.165 According to Recital 52 GDPR, such processing should be allowed in both court proceedings and administrative or out-of-court procedures. In any case, the GDPR does seem to require some sort of ‘procedure’. This may imply that the relevant procedure must have a basis in law, including a formal, legally defined process, but is not necessarily limited to judicial or administrative procedures. Kamara and De Hert call for a strict interpretation of Article 9.2, f) GDPR.166 They suggest that, if interpreted broadly, the term ‘legal claims’ could include a broad range of cases that could leave room for misuse or abuse by data controllers. Therefore, a close link between the processing and a specific procedure167 is necessary, as well as a close relationship between the controller and the data subject. Unfortunately, the GDPR remains rather unclear on the matter, which means that various interpretations are possible. This could lead to varying Member State laws. For which processing purpose could the insurance sector rely on this legal basis? Well, Article 9.2, f) GDPR requires the presence of a ‘procedure’. It would seem that the processing purpose is limited as such. An insurer could rely on this legal basis for the sole purpose of the establishment, exercise or defence of legal claims in a procedure. Therefore, any insurer confronted with a legal claim—be it as a claimant or a defendant—in a procedure could rely on this legal ground to process health data for the purpose of establishing, exercising or defending said claim. This legal ground seems particularly useful for different types of liability insurance and legal assistance insurance where the insurer could direct the legal dispute. Such is the case in Belgium, where, for instance, a liability insurer has the right to contest the civil

164

Article 22.4 GDPR. European Union Agency for Fundamental Rights and Council of Europe (2018), p. 163. 166 Kamara and De Hert (2018), p. 18. 167 For an example, consult Opinion of Advocate General Bobek in Rigas Satiksme, C-13/16 [2017] ECLI:EU:C:2017:43, paragraph 89. 165

204

J. Amankwah and N. Stroobants

claim of the injured party, instead of the insured—to the extent that the interests of the insurer and insured coincide.168

3.2.3.2

Applications

According to Insurance Europe, some Member State data protection authorities allow the processing of health data in the insurance context on the basis of Article 9.2, f) GDPR.169 Some Member States seem to rely on this legal basis at the pre-contractual stage, as well as for the performance of the contract (e.g. handling claims). One example of the latter purpose can be found in the Finnish implementation of the GDPR. Section 6 of the Finnish Data Protection Act (known in Finland as Tietosuojalaki) features several derogations of Article 9.1 GDPR. Section 6 specifies that an insurer can process health data when the insurance undertaking handles information obtained from the insurance business concerning the health, illness or disability of the insured and the claimant or any management measures or actions taken with respect to him or her that are necessary to establish the liability of the insurance undertaking. In other words, it seems that the Finnish legislator has used Article 9.2, f) as a means to justify the processing of health data for the performance of the contract, in this case the handling of claims. Furthermore, paragraph 2 of Section 6 requires the controller and processor, when processing personal data in the situation referred to in the first paragraph, to take appropriate and specific measures to protect the rights of the data subject.

3.2.4

Reasons of Substantial Public Interest (Article 9.2, g) GDPR)

According to Article 9.2, g) GDPR, the processing of health data is allowed if the processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject. This provision expands on Article 8.4 Data Protection Directive,170 which provided that subject to the provision of suitable safeguards, Member States may, for reasons of substantial public interest, lay down exemptions in addition to those laid down in paragraph 2 either by national law or by decision of the supervisory authority. Whether this legal ground proves to be suitable for every insurance product and/or every purpose remains to be seen. The eligibility of this legal ground is dependent on the interpretation of the term ‘reasons of substantial interest’, which will be examined below. In any case, this legal basis could legitimize decisions based

168

Article 143 Wet van 4 April 2014 betreffende de verzekeringen/Loi relative aux assurances. Insurance Europe (2019), p. 4. 170 Sydow (2018), p. 485. 169

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

205

solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject with respect to health data.171

3.2.4.1

Conditions

The Article 29 Working Party underlines that for any interference with the right to private and family life to be legitimate, it must be in line with Article 8 of the ECHR.172 Article 8.2 ECHR requires that such interference is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. The European Data Protection Supervisor adds that to be lawful, any limitation on the exercise of the fundamental rights to data protection enshrined in Article 8 of the Charter must comply with the criteria laid down in Article 52.1 of the Charter.173,174 As mentioned previously, even though Article 52.1 Charter does not use the same language, these conditions for lawful limitations are reminiscent of Article 8.2 ECHR. In any case, the foregoing means that Article 8.2 ECHR, Article 52.1 of the Charter and the case law of both the CJEU and ECtHR are the main references when assessing the necessity of measures that limit the exercise of the right to data protection. In that light, this article will examine the conditions set by Article 9.2, g) GDPR. Article 9.2, g) GDPR lists the following conditions: (1) the basis of the processing must be provided for by Union or Member State law, (2) the essence of the right to data protection must be respected, (3) reasons of substantial public interest must be present, (4) the processing must be necessary to meet those reasons of substantial public interest, (5) the processing must be proportionate to the aim pursued and (6) suitable and specific measures to safeguard the fundamental rights and the interests of the data subject must be provided. It is clear that these conditions are in line with the criteria laid down in Article 8.2 ECHR and Article 52.1 of the Charter. This section will further examine the aforementioned conditions. It Must Be Provided for by Law The application of Article 9.2, g) GDPR requires Union or Member State law. Except for the collective agreements, this condition is identical to the one specified in Article 9.2, b) GDPR (see supra Sect. 3.2.2.1).

171

Article 22.4 GDPR. Article 29 Working Party (2007), p. 12. 173 The European Data Protection Supervisor has developed a toolkit intended to help assessment of compliance of proposed measures with EU law on data protection, see https://edps.europa.eu/sites/ edp/files/publication/17-06-01_necessity_toolkit_final_en_0.pdf, accessed 30 August 2019. 174 European Data Protection Supervisor (2017), p. 4. 172

206

J. Amankwah and N. Stroobants

It Must Respect the Essence of the Rights The essence of the right refers to the question of whether the right is in effect emptied of its basic content and the individual cannot exercise the right.175 In other words, limitations that are so extensive and instrusive that devoid the fundamental right to data protection of its basic content cannot be justified.176 It Must Genuinely Meet the Objectives of Substantial Public Interest While Article 52.1 Charter requires ‘objectives of general interest’, Article 9.2, g) GDPR adopts the notion of ‘substantial public interest’. In any case, the wording used suggests that the requirement of a ‘substantial’ public interest goes beyond the notion of ‘objectives of general interest’ enshrined in Article 52.2 Charter. The objective of general interest provides the background against which the necessity of the measure may be assessed.177 The reference to general interests recognized by the Union covers both the objectives mentioned in Article 3 of the Treaty on European Union and other interests protected by specific provisions of the treaties.178 Article 23 GDPR also contains a list of objectives of general interest considered legitimate for limiting the rights of individuals, provided that the limitation respects the essence of the right to personal data protection and is necessary and proportionate.179 Another example can be found in the CJEU case Schwarz v. Stadt

175

Sydow (2018), p. 485. For examples in the case-law of the CJEU, see Schrems, C-362/14 [2015] ECLI:EU:C:2015:650, paragraph 50; Digital Rights Ireland and Seitlinger and Others, C-293/12 and C-594/12 [2014] ECLI:EU:C:2014:238, paragraph 39–40. 177 European Union Agency for Fundamental Rights and Council of Europe (2018), p. 36. 178 Explanations relating to the Charter of Fundamental Rights 2007, OJ.C. 303, 14 December 2007, 32. These explanations were originally prepared under the authority of the Praesidium of the Convention which drafted the Charter of Fundamental Rights of the European Union. They have been updated under the responsibility of the Praesidium of the European Convention, in the light of the drafting adjustments made to the text of the Charter by that Convention (notably to Articles 51 and 52) and of further developments of Union law. Although they do not as such have the status of law, they are a valuable tool of interpretation intended to clarify the provisions of the Charter. 179 Article 23.1 GDPR states: “Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard: (a) national security; (b) defence; (c) public security; (d) the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; (e) other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation matters, public health and social security; (f) the protection of judicial independence and judicial proceedings; (g) the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions; (h) a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority 176

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

207

Bochum.180 This case pertains to limitations on the right to respect for private life and the right to personal data protection resulting from the taking and storing of fingerprints when Member State authorities issue passports. The CJEU found that the limitation from the taking and storing of fingerprints, which was provided for by law, was designed to prevent the falsification of passports and their fraudulent use. Therefore, the CJEU ruled that the limitation is in place to prevent, among others, illegal entry into the EU, and so pursues an objective of general interest recognized by the Union. So what constitutes a ‘substantial’ public interest? The word ‘substantial’ does not appear in the European Commission’s Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.181 The Proposal only used the wording ‘public interest’. The European Data Protection Board Supervisor (EDPS) criticized the broad use of the notion of ‘public interest’ in the Proposal. According to the EDPS, the notion of ‘public interest’ should be further refined in each provision of the Proposal where it is mentioned.182 The word ‘substantial’ was added on the Article 29 Working Party’s suggestion. In its Opinion 01/2012 on the data protection reform proposals, the Article 29 Working Party advised to limit the exception of Article 9.2, g) GDPR ‘. . .for reasons of substantial interest’.183 When providing further input on the data protection reform discussions, the Article 29 Working Party considers the following: It would make sense that the controller makes the judgement whether or not the exemption can be used, subject always to supervision, enforcement and judicial review. However, the exemption would benefit from some further guidance to ensure harmonisation in application and consistency on the European level. In view of the wide diversity of situations under which a data processing may be allowed based on the exemption for tasks carried out in the public interest, a delegated act does not seem to be the appropriate instrument. A more flexible instrument would be more useful to provide guidance to the controller on when, despite of the general prohibition, it can process personal data based on this exemption. Furthermore and following the Article 29 Working Party opinion on the proposals it should be identified per article as much as possible what the specific public interests could be. Considering the above, the specific public

in the cases referred to in points (a) to (e) and (g); (i) the protection of the data subject or the rights and freedoms of others; (j) the enforcement of civil law claims.” 180 For more information, consult CJEU Schwarz v. Stadt Bochum, C-291/12 [2013] ECLI:EU: C:2013:670, paragraphs 27–80. 181 European Commission Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, COM/2012/011 final—2012/0011 (COD) (General Data Protection Regulation) (2012) (hereinafter: ‘Proposal’). 182 EDPS (2012), p. 14. 183 Article 29 Working Party (2012), p. 12.

208

J. Amankwah and N. Stroobants

interests foreseen in Article 9(2)(g) should be further clarified in the text of the Regulation itself and possibly further explained in a recital.184 Unfortunately, despite the Article 29 Working Party’s recommendation, the GDPR does not make explicit (nor did the Data Protection Directive for that matter) what is meant by ‘substantial public interest’. Recital 34 of the Data Protection Directive did, however, provide an indication of areas where cases of substantial public interest are particularly likely to be found. These include areas such as public health and social protection—especially in order to ensure the quality and costeffectiveness of the procedures used for settling claims for benefits and services in the health insurance system—scientific research and government statistics. In addition, the Article 29 Working Party has published a working document on the processing of personal data relating to health in electronic health records,185 in which it notes that the arguments for introducing electronic health record systems may involve substantial public interest as they are an instrument fundamentally intended to guarantee adequate medical assistance to patients.186 However, the GDPR does not include anything similar to recital 34 of the Data Protection Directive. As mentioned previously, Article 23 GDPR could provide guidance as to what could constitute a ‘substantial public interest’, even more so, considering that the EDPS recommended that Article 9.2, g) refers to Article 21 Proposal—which correlates to Article 23 GDPR.187 Can the insurance sector rely on this legal basis for every insurance product or processing purpose? It could be argued that the coverage of health risks by (private) health insurance is ‘an overriding public interest’. Private health insurance policies are becoming increasingly prominent in health care financing due to a trend of rising out-of-pocket costs for patients. This is in line with the position of the Committee of Ministers of the Council of Europe, which states: Bearing in mind the significant expansion of private insurance contracts covering risks related to an individual’s health, physical integrity, age or death (. . .) Convinced of the social importance in each country of appropriate coverage for certain risks related to health, physical integrity, age or death (. . .)Aware of the role that voluntary private insurance can play in supplementing (and occasionally replacing) coverage for these risks by the social security scheme or other public or compulsory insurance.188 However, it remains difficult to determine whether the processing of health data for other types of insurance coverage can still be qualified as a substantial public interest. In other words, do other processing purposes (except private health insurance) fall within the 184

Article 29 Working Party (2012), pp. 16–17. Such systems permit health data, collected by health care providers in the course of treating a patient, to be made available to other health care providers of this patient on a large scale, usually nationwide. 186 Article 29 Working Party (2007), p. 13. 187 EDPS (2015), p. 48. 188 Recommendation CM/Rec(2016)8 of the Committee of Ministers to the Member States on the processing of personal health-related data for insurance purposes, including data resulting from genetic tests. 185

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

209

scope of the ‘substantial public interest’? Recital 34 Data Protection Directive could provide some clarity on the matter as it also lists the following purposes as an important public interest: [. . .] ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system [. . .]. It could be argued that Recital 34 Data Protection Directive includes a wide scope of processing purposes that could be labelled as having an important public interest aspect. The quoted fragment of the aforementioned recital can be found in Recital 52 GDPR. However, at this point, it remains unclear whether that recital refers to Article 9.2, g) GDPR. In any case, Member States can, as far as necessary for coherence and for making the national provisions comprehensible to the persons to whom they apply, incorporate elements of the GDPR into their national law.189 This allows Member States to determine more precisely specific requirements for the processing and other measures to ensure lawful and fair processing. The substantial public interest must be presented by the Member State for each case in the entire scope of the processing exempted, and the processing must be necessary in the light of that substantial public interest.190 Therefore, it is up to each Member State to establish whether the provision of (health) insurance constitutes a substantial public interest. This margin of manoeuvrability is a major source of discrepancy among national legislations.191 Notwithstanding awareness thereof, the GDPR does not address or fix this issue.192 It Must Be Necessary Necessity refers to the need to adopt measures for the public interest objective pursued.193 Necessity implies the need for a combined, fact-based assessment of the effectiveness of the measures for the objective pursued and whether it is less intrusive compared to other options for achieving the same goal.194 This condition is linked to the principle of data quality enshrined in Articles 6.1, c) and 7 Data Protection Directive and Articles 5.1, c) and 6.1 GDPR.195 The case law of the

189

Recital 8 GDPR. Article 29 Working Party (2007), p. 12. 191 This problem has been raised by the European Commission in its Communication from the Commission to the European Parliament and the Council on the follow-up of the Work Programme for better implementation of the Data Protection Directive, COM(2007) 87 final. 192 Insurance Europe (2019), pp. 4–5. 193 European Union Agency for Fundamental Rights and Council of Europe (2018), p. 46. 194 EDPS (2017), 5. 195 Recital 49 contains the strict necessity test with respect to the processing of personal data for the purposes of ensuring network and information security of the systems of the controller. 190

210

J. Amankwah and N. Stroobants

CJEU196 and ECtHR197 apply a strict necessity test for any limitations on the exercise of the rights to personal data protection and respect for private life with regard to the processing of personal data. The strict necessity test takes into account the context and all circumstances at hand. When applying the ECtHR case law, the Article 29 Working Party states that the ‘necessity’ condition should not be interpreted too broadly as this would make it easier for the fundamental rights to be circumvented. Nevertheless, the Article 29 Working Party adds that the ‘necessity’ condition should not be interpreted too literally either. This could set too high a standard and make it unduly difficult for otherwise legitimate activities, which may justifiably interfere with fundamental rights, to take place.198 It Must Be Proportional For a measure to meet the principle of proportionality, the advantages resulting from the measure should not be outweighed by the disadvantages the measure causes with respect to the exercise of the fundamental rights.199,200 In other words, the proportionality of a measure requires that a measure that interferes with a fundamental right does not go further than needed to fulfil the legitimate aim being pursued.201,202 It Must Provide for Suitable and Specific Measures to Safeguard the Fundamental Rights and Interests of the Data Subject Member States are under the obligation to provide specific and suitable safeguards so as to protect the fundamental rights and the privacy of individuals in that context. This requirement is not contained in either Article 8.2 ECHR or Article 52.1 of the Charter. Article 8.4 Data Protection Directive contained a somewhat brief reference to the provision of suitable safeguards. Therefore, the GDPR clearly expands on this condition. Whether a Member State has provided the suitable safeguards needs to be

196

For instance, case CJEU Tele2 Sverige, C-203/15 and C-698/15 [2016] ECLI:EU:C:2016:970, paragraph 96; Schrems, C-362/14 [2015] ECLI:EU:C:2015:650, paragraph 92; Rynes, C-212/13 [2014] ECLI:EU:C:2014:2428, paragraph 28; Digital Rights Ireland and Seitlinger and Others, C-293/12 and C-594/12 [2014] ECLI:EU:C:2014:238, paragraph 52; IPI, C-473/12 [2013] ECLI: EU:C:2013:715, paragraph 39; Volker und Markus Schecke, C-92/09 and C-93/09 [2009] ECLI: EU:C:2010:662, paragraph 77; Satakunnan Markkinapörssi and Satamedia, C-73/07 [2007] ECLI: EU:C:2008:727, paragraph 56. 197 For instance, ECtHR Szabo and Vissy v. Hungary, no. 37138/14 [2016]. 198 Article 29 Working Party (2014), p. 6. 199 For instance, CJEU CHEZ Razpredelenie Bulgaria, C-83/14 [2015] ECLI:EU:C:2015:480, paragraph 123. 200 European Data Protection Supervisor (2017), p. 5. 201 For instance, ECtHR S & Marper v United Kingdom, No. 30562/04 and 30566/04 [2008]; Z v Finland, No. 22009/93 [1997]. 202 Article 29 Working Party (2014), p. 7.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

211

examined on a case-by-case basis. With respect to electronic health records,203 the Article 29 Working Party discussed such possible safeguards and the suitable legal framework for electronic health record systems in its Working Document on the processing of personal data relating to health in electronic health records (EHR).204,205

3.2.4.2

Applications

It is clear from the foregoing that Member States are able to issue legislation on data processing specifically tailored to the peculiarity of the insurance sector, as long as the aforementioned conditions are met. In a way, the GDPR provides Member States a base on which to build their own system. This chapter will further examine the way in which Member States have filled in the concept of ‘substantial public interest’ with regard to the insurance sector. Several Member States have already opted to incorporate elements of the GDPR into their national law. However, at the time of publication, only two countries are known that have opted to qualify the provision of insurance as a substantial public interest. The first example is the implementation of the GDPR in the Republic of Ireland. The Irish Data Protection Act 2018,206 giving effect to the limited areas of flexibility permitted under the GPDR, entered into force on 25 May 2018. The Irish legislator has introduced a legal basis for processing health data for insurance purposes. Article 50 of the Irish Data Protection Act 2018 provides that in the context of insurance and pensions, the processing of health information is lawful where the processing is necessary and proportionate for the purposes of the following: (1) a policy of insurance or life assurance; (2) a policy of health insurance or healthrelated insurance; (3) an occupational pension, a retirement annuity contract or any other pension arrangement; or (4) the mortgaging of property. It is important to note that Article 50 of the Irish Data Protection Act 2018 limits the scope of the

203

Electronic Health Records (‘EHR documents’) are defined by the Article 29 Working Party as: “A comprehensive medical record or similar documentation of the past and present physical and mental state of health of an individual in electronic form and providing for ready availability of these data for medical treatment and other closely related purposes”, see Article 29 Working Party (2007), p. 4. 204 The Article 29 Working Party provides details on the following topics where special safeguards within EHR systems seem particularly necessary in order to guarantee the data protection rights of patients: respecting self-determination, identification and authentication of patients and health care professionals, authorization for accessing EHR in order to read and write in EHR, use of EHR for other purposes, organizational structure of an EHR system, categories of data stored in EHR and modes of their presentation, international transfer of medical records, data security, transparency, liability issues, control mechanisms for processing data in EHR. 205 Article 29 Working Party (2007), pp. 13–21. 206 Access the Irish Data Protection Act 2018 through the following link: http:// crimepreventiondirectory.justice.ie/en/JELR/Data_Protection_Act_2018.pdf/Files/Data_Protec tion_Act_2018.pdf.

212

J. Amankwah and N. Stroobants

processing to health information—and includes no other special categories of personal data. Nevertheless, it presents insurers offering insurance to consumers in Ireland with an alternative legal basis. As Article 50 of the Irish Data Protection Act does not specifically refer to the GDPR, it remains unclear on which specific legal ground the Irish legislator based its option to allow the processing activities. In any case, Article 60.7, (k), (i) Irish Data Protection Act 2018 refers to the provision of insurance as an important objective of general public interest. More specifically, it provides that protecting members of the public against financial loss or detriment due to the dishonesty, malpractice or other improper conduct of, or the unfitness or incompetence of, persons concerned in the provision of banking, insurance, investment or other financial services or in the management of bodies corporate or other entities’ should be regarded as an important objective of general public interest. Article 60.7, (k), (i) of the Irish Data Protection Act 2018 refers to the restrictions on the scope of the obligations and rights set out in Article 23 GDPR. Therefore, Article 60.7 (k), (i) Irish Data Protection Act 2018 adds to the indicative list of Article 23 GDPR, which contains objectives of general interest considered legitimate for limiting the rights of individuals, provided that the limitation respects the essence of the right to personal data protection and is necessary and proportionate. This could indicate that the Irish legislator considers the provision of insurance as an ‘important objective of general public interest’. However, it remains unclear whether this can be equated with the concept of ‘substantial public interest’. Nevertheless, it might be argued that the Irish legislator has opted to determine the provision of insurance as a substantial public interest in accordance with Article 9.2, g) GDPR. Furthermore, according to Article 50 of the Irish Data Protection Act 2018, the processing of health data for insurance and pension purposes is subject to suitable and specific measures being taken to safeguard the fundamental rights and freedoms of data subjects. Article 36 Irish Data Protection Act 2018 contains a toolbox of suitable and specific measures for processing. Where a requirement that suitable and specific measures be taken to safeguard the fundamental rights and freedoms of data subjects in the processing of the personal data of those subjects, as imposed by the Irish Data Protection Act 2018 or regulations made under that Act, those measures may include, in particular, the following: (a) explicit consent of the data subject for the processing of his or her personal data for one or more specified purposes; (b) limitations on access to the personal data undergoing processing within a workplace in order to prevent the unauthorized consultation, alteration, disclosure or erasure of personal data; (c) strict time limits for the erasure of personal data and mechanisms to ensure that such limits are observed; (d) specific targeted training for those involved in processing operations; and (e) regard to the state of the art, context, nature, scope and purposes of data processing and the likelihood of risk to, and the severity of any risk to, the rights and freedoms of data subjects—(1) logging mechanisms to permit verification of whether and by whom the personal data have been consulted, altered, disclosed or erased; (2) in cases in which it is not mandatory under the Data Protection Regulation, designation of a data protection officer; (3) where the processing involves data relating to the health of a data subject, a

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

213

requirement that the processing is undertaken by a person referred to in Section 52 (2); (4) pseudonymization of the personal data; and (5) encryption of the personal data. A second example is the United Kingdom (UK). The UK Data Protection Act 2018,207 which entered into force on 25 May 2018 also introduces a legal basis other than consent for the processing of health data for insurance purposes. Just like the Irish Data Protection Act 2018, the UK Data Protection Act 2018 determines the provision of insurance as a substantial public interest (paragraph 20, Schedule 1). In accordance with the UK Data Protection Act 2018, the term ‘insurance purposes’ means (1) advising on, arranging, underwriting or administering an insurance contract; (2) administering a claim under an insurance contract; or (3) exercising a right or complying with an obligation arising in connection with an insurance contract, including a right or obligation arising under an enactment or rule of law. In that case, the UK Data Protection Act 2018 also provides specific safeguards for certain parties that have no rights or obligations with regard to the insurance contract or the insured person, on the one hand, and for whom the processing does not give rise to a decision that actually concerns that person, on the other hand. Furthermore, the UK Data Protection Act 2018 provides a wider array of personal data that can be processed for reasons of substantial public interest than the Irish Data Protection Act 2018. In addition to health data, the UK Data Protection Act 2018 allows the processing of personal data revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership and genetic data. As a safeguard, Section 38 and following of the UK Data Protection Act 2018 require the controller to have an appropriate policy document in place in relation to the processing of personal data. The policy document explains the controller’s (a) procedures for securing compliance with the principles in Article 5 of the GDPR (principles relating to the processing of personal data) in connection with the processing of personal data in reliance on the condition in question and (b) policies as regards the retention and erasure of personal data processed in reliance on the condition, giving an indication of how long such personal data are likely to be retained.

3.2.5

Management of Health or Social Care Systems and Services (Article 9.2, h) GDPR)

Article 9.2, h) GDPR stipulates that the processing of health data is allowed if it is necessary for the purposes of preventive or occupational medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to a contract with a health professional. Moreover, Article 9.3 GDPR requires that the processing of

207

http://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf.

214

J. Amankwah and N. Stroobants

personal data for the purposes referred to in Article 9.2 h) GDPR should take place by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies. Whether this legal ground proves to be suitable for every insurance product and/or purpose remains to be seen. A further examination follows below. In any case, this legal basis cannot be used to legitimize decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject with respect to health data.208

3.2.5.1

Conditions

Provided for by Law The application of Article 9.2, h) GDPR requires Union or Member State law. This condition is identical to the one specified in Article 9.2, b) GDPR (see supra Sect. 3.2.2.1). Management of Health or Social Care Systems and Services Article 9.2, h) GDPR lists several purposes, such as preventive or occupational medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services. But what exactly are the services envisaged by Article 9.2, h) GDPR? Does it include insurance services? To answer that question, let us first look at its predecessor in the Data Protection Directive. Article 8.3 Data Protection Directive allowed the processing of sensitive data where processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy. As is clear, Article 8.3 Data Protection Directive and Article 9.2, h) GDPR both address the processing of sensitive data for health purposes. However, the provisions are worded differently. While both provisions refer to ‘the management of health-care services’, Article 9.2, h) GDPR adds the words ‘social’ and ‘social care systems and services’. Therefore, the scope of application of Article 9.2, h) GDPR seems to be wider as it includes the management of health or social care systems and services.

208

Article 22.4 GDPR.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

215

In reference to Article 8.3 Data Protection Directive, the Article 29 Working Party opted for a strict interpretation of the purposes listed.209 According to the Article 29 Working Party, Article 8.3 Data Protection Directive does not cover further processing which is not required for the direct provision of such services, such as medical research, the subsequent reimbursement of costs by a sickness insurance scheme or the pursuit of pecuniary.210 Importantly, the Article 29 Working Party also considers other processing operations in areas such as public health and social protection in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system, as examples of reasons to invoke Article 8.4 Data Protection Directive (now Article 9.2 g) GDPR).211 These examples are listed in Recital 34 Data Protection Directive. Is the Article 29 Working Party’s interpretation still valid with respect to the GDPR? Article 9.2, h) GDPR does seem to have a broader scope of application than Article 8.3 Data Protection Directive. As mentioned previously, Article 9.2, h) GDPR allows processing not only for health care services but also for social services in relation to health care. Moreover, in its Proposal, the European Commission drafted an Article 81 relating to the processing of personal data concerning health. Article 81 Proposal referred to Article 9.2, h) and allowed the processing of personal data concerning health for the following purposes: (a) the purposes of preventive or occupational medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject to the obligation of professional secrecy or another person also subject to an equivalent obligation of confidentiality under Member State law or rules established by national competent bodies; or (b) reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety, inter alia for medicinal products or medical devices; or (c) other reasons of public interest in areas such as social protection, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system. However, Article 81 was not included in the Council’s general approach.212 The approach of listing specific grounds for the processing of health data in a separate

209

Article 29 Working Party (2007), p. 10. Article 29 Working Party (2007), p. 10. 211 Article 29 Working Party (2007), p. 10. 212 Council of the European Union (2015), preparation of a general approach on the Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), No. 9565/15. The link between Article 9 and Article 81 had been criticized by the EDPS. According to the EDPB, the relation between Article 9 and Article 81 was confusing and did not address all the obstacles which had arisen under Article 8 of the Data Protection Directive, see EDPS (2012), p. 48. 210

216

J. Amankwah and N. Stroobants

Article 81 was abandoned. Instead, all the grounds for the processing of special categories of data were listed in Article 9.2 GDPR. In search of a clear-cut interpretation, it could be interesting to examine the resemblance between the current Article 9.2 GDPR and Article 81 Proposal. It seems that the proposed Article 81.1, a) could correspond to the current Article 9.2, h) GDPR, while the proposed Article 81.1, b) could correspond to Article 9.2, i) GDPR. Moreover, it seems that the final version of the GDPR does not contain a provision in Article 9.2 that directly corresponds to Article 81.1 c) Proposal. At the same time, it seems that the provisions of Article 81.1 Proposal can be found in Recital 52 GDPR, which states (emphasis added): Derogating from the prohibition on processing special categories of personal data should also be allowed when provided for in Union or Member State law and subject to suitable safeguards, so as to protect personal data and other fundamental rights, where it is in the public interest to do so, in particular processing personal data in the field of employment law, social protection law including pensions and for health security, monitoring and alert purposes, the prevention or control of communicable diseases and other serious threats to health. Such a derogation may be made for health purposes, including public health and the management of health-care services, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes [. . .]. Whereas Article 81.1, c) Proposal referred to services in the health insurance system as an example of ‘social protection’213 (reasons of public interest in areas such as social protection, especially [. . .] in the health insurance system), Recital 52 GDPR considers it an example of ‘the management of health-care service’ ([. . .] management of health-care services, especially in the health insurance system [. . .]). Therefore, it could be argued that the term ‘health-care services’ could refer to services in the health insurance system. Furthermore, with respect to the purpose of processing, Article 9.2, h) refers to the management of health-care services, which is a very broad purpose and could possibly include a wide range of purposes. Contrarily, it seems highly unlikely that insurers offering other products unrelated to health care or social care systems (such as legal assistance insurance) can rely on this legal ground for the processing of health data. In any case, the GDPR considers the processing of health data for, inter alia, ensuring continuity of health or social care as benefitting natural persons and society as a whole.214 The question still remains whether ‘private health insurance systems’ could fall under the scope of Article 9.2, h) GDPR’s ‘management of health-care services’. The World Health Organization defines a health system as all organizations, people

213

Article 9.2, b) GDPR now contains a specific provision for the processing of special categories of personal data if the processing is necessary for purposes of carrying out the obligations and exercising the specific rights of the controller or the data subject in the field of employment and social security and social protection law. 214 Recital 53 GDPR.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

217

and actions whose primary intent is to promote, restore or maintain health. This includes efforts to influence determinants of health as well as more direct healthimproving activities. A health system is therefore more than the pyramid of publicly owned facilities that deliver personal health services. It includes, for example, a mother caring for a sick child at home; private providers; behaviour change programmes; vector-control campaigns; health insurance organizations; occupational health and safety legislation. It includes inter-sectoral action by health staff, for example, encouraging the ministry of education to promote female education, a well known determinant of better health.215 On the basis of that definition, health insurance services are a part of a health care system. Health insurance organizations are a way of financing health systems. Health care in the EU systems is either financed through general taxation or by contributions to health insurance funds. Generally speaking, there are mainly two types of health insurance systems: (1) public compulsory social insurance and (2) private voluntary insurance. It could be argued that ‘health insurance systems’ should be interpreted as such. In consideration of the scope of Article 9.2, h) GDPR, it does not seem relevant whether the health insurance is either public and compulsory or private and voluntary.216 Neither Article 9.2, h) nor Recital 52 GDPR seems to make a distinction between the different types of health insurance. As a result, it could be argued that health insurers can invoke Article 9.2, h) GDPR for the processing of health data for the purpose of providing health insurance services. The financing of health systems contributes to the continuity of health or social care. On the contrary, insurers that process health data regarding other types of coverage that have no or barely any relation to health care or social care systems (such as gap insurance, property insurance, D&O, etcetera) are unlikely to legitimately invoke Article 9.2, h) GDPR. It could be concluded that this legal ground is aimed at health or social care systems and services. A broad interpretation of said systems could open up this legal ground to insurers that provide services related to or contributing to the continuity of health or social care. It seems that the Member States have some leeway when determining the scope of this legal term, as long as they stay within the confines determined by the GDPR. Professional Secrecy Article 9.3 GDPR adds that the processing of health data for this purpose is allowed when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an

215

World Health Organization (2007), p. 2. Nevertheless, this question could be relevant in defining the scope of application of Article 9.2, b) GDPR. More specifically, it begs the question of whether a public and compulsory health insurance scheme could fall within Article 9.2, b)’s scope of application. For more information, cf. supra.

216

218

J. Amankwah and N. Stroobants

obligation of secrecy under Union or Member State law or rules established by national competent bodies. Furthermore, Recital 53 GDPR states that this Regulation should provide for harmonised conditions for the processing of special categories of personal data concerning health, in respect of specific needs, in particular where the processing of such data is carried out for certain health-related purposes by persons subject to a legal obligation of professional secrecy. Union or Member State law should provide for specific and suitable measures so as to protect the fundamental rights and the personal data of natural persons. Member States should be allowed to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when those conditions apply to cross-border processing of such data. Professional secrecy can be understood as a special ethical duty that incurs a legal obligation inherent in certain professions and functions that are based on faith and trust.217 Professional secrecy most notably applies to the medical profession and the lawyerclient privilege. However, Member States’ jurisdictions may also acknowledge a professional secrecy obligation in the financial and insurance sector. The Article 29 Working Party points out that the special obligation of professional secrecy must be established either in the national law of the Member States or by national competent professional bodies with the power to adopt binding rules on the profession. In addition, these national rules on professional secrecy must provide for corresponding effective sanctions in case of breach.218 Therefore, if insurers are to process health data on the basis of Article 9.2, h) GDPR, the insurer’s staff must be made subject to binding rules that ensure at least an equivalent level of confidentiality and protection. However, even if all the prerequisites are fulfilled, it should be noted that, in reality, it could happen that health data are processed for different purposes and can be transferred from one department to another. The process flow could mean that the data are handled by numerous different people (quite possibly bound by rules of confidentiality) within an insurance company. There is no direct relationship between an individual and the insurer. The health data will most likely be accessible over an open network or an intranet, which increases possible data interception. As a result, the question remains whether Article 9.2, h) GDPR can be relied on, even if an obligation of professional secrecy exists.

3.2.5.2

Applications

Despite uncertainty concerning the validity and legitimacy of processing health data in insurance on the basis of Article 9.2, h) GDPR, several Member States have opted to issue legislation allowing insurers to process health data (or other special categories of personal data for that matter) on this basis.

217 218

European Union Agency for Fundamental Rights and Council of Europe (2018), p. 69. Article 29 Working Party (2007), p. 11.

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

219

The first example is the Dutch Uitvoeringswet AVG.219 Explicitly referring to Article 9.2, h) GDPR, Article 30.3, b) Uitvoeringswet AVG allows the processing of health data if the processing is done by insurers and insofar as the processing is necessary for (1) the assessment of the risk to be insured by the insurer and the person concerned has not objected or (2) the implementation of the insurance contract or assistance with the management and implementation of the insurance. In addition, Article 30.4 Uitvoeringswet AVG stipulates that health data may only be processed by persons who are obliged to observe secrecy by virtue of office, profession or legal regulation or by virtue of an agreement. If the controller is processing personal data and does not already have a duty of confidentiality on account of his or her office, profession or legal provision, he/she is obliged to maintain the confidentiality of the data, except insofar as the law requires him/her to communicate this or if his/her duties necessitate that the data are communicated to others who are authorized to process it pursuant to the first, second or third paragraph. A second example concerns the Spanish implementation of the GDPR. Article 9 of the Spanish Data Protection Act220 (SDPA) deals with special categories of personal data. It refers to Article 9.2 g), h) and i) GDPR as a legal basis for the processing of special categories of data, without specifying which legal ground is applicable to which purpose of data processing. The last paragraph of Article 9.2 SDÄ sets out the requirement to allow the processing of health personal data by insurance companies in order to perform an insurance contract as well as to manage public and private health care systems. In particular, this law may cover the processing of data in the field of health when required by the management of systems and services of health and social care, public and private, or the performance of an insurance contract of which the affected is part. Furthermore, the SDPA recognizes the specific insurance personal data processing rules and assures they are covered and in line with the GDPR. In doing so, the SDPA refers to a series of specific legislation that all contain data protection requirements, such as Spanish Law 20/2015 of July 14 on the management, supervision and solvency of Insurance and Reinsurance Companies221 (hereinafter ‘Spanish Insurance Supervision Law’). Article 99.2 of the Spanish Insurance Supervision Law states that insurers may process health data without the consent of the data subject in the following cases: (1) for the determination of the health care that should have been provided to the

219 Wet van 16 mei 2018, houdende regels ter uitvoering van Verordening (EU) 2016/679 van het Europees Parlement en de Raad van 27 april 2016 betreffende de bescherming van natuurlijke personen in verband met de verwerking van persoonsgegevens en betreffende het vrije verkeer van die gegevens en tot intrekking van Richtlijn 95/46/EG (algemene verordening gegevensbescherming) (PbEU 2016, L 119) (Uitvoeringswet Algemene verordening gegevensbescherming, Staatsblad 2018, 144). 220 Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales. 221 Ley 20/2015, de 14 de julio, de ordenación, supervisión y solvencia de las entidades aseguradoras y reaseguradoras.

220

J. Amankwah and N. Stroobants

injured party, as well as the compensation that may be applicable when they have to be paid by the entity, and (2) for the adequate payment to health care providers or the reimbursement to the insured or his or her beneficiaries of the health care expenses that had been carried out within the scope of a health care insurance contract. The processing of the data will be limited in these cases to those that are essential for the payment of the indemnity or the benefit derived from the insurance contract. The data cannot be processed for any other purpose, without prejudice to the information obligations established in the Spanish Insurance Supervision Law. A third example concerns the Slovakian implementation of the GDPR222 (hereinafter ‘Slovakian Act on Protection of Personal Data’). Section 14 of the Slovakian Act on Protection of Personal Data provides further derogations from the prohibition relating to the processing of special categories of personal data. Section 14, f) provides that the processing of sensitive data is allowed as long as the processing is performed for the purposes of providing health care and effecting public health insurance, provided that these data are processed by a provider of the health care, a health insurance company, a person exercising services related to providing health care or a person exercising supervision of health care and, on his or her behalf, an expertly skilled entitled person that is bounded by the obligation to maintain secrecy over matters that are part of professional secret and obligation to maintain the etiquette of the profession. With regard to insurance, the scope of the derogation is limited to processing for purposes of providing public health insurance, which seems sensible as Slovakia operates under a public health care system. On the basis of the wording and scope of application, Section 14 f) of the Slovakian Act on Protection of Personal Data could be regarded as an application of Article 9.2, h) or, quite possibly, Article 9.2, b) GDPR. In Belgium, the Belgian Insurance Commission223 prepared a draft legal text with the purpose of introducing an alternative legal basis for the processing of health data in insurance in Belgian law on the basis of Article 9.2 h) GDPR. The draft legal text allows (re)insurance companies to process health data for the following purposes: management of the (re)insurance contract, including risk assessment during the course of the contract, and execution of the contract and for archiving the (re)insurance contract during the legally required period. Moreover, the draft legal text allows the processing of health data by insurance intermediaries for the following purposes: management of pre-contractual contracts, management of the (re)insurance contract, and execution of the (re)insurance contract and archiving the (re)insurance contract during the legally required period. However, for the

222 Act No. 122/2013 Coll. on Protection of Personal Data and on Changing and Amending of other acts, resulting from amendments and additions executed by the Act. No. 84/2014 Coll. 223 The Insurance Commission is an advisory commission established by law with the instruction to consult on all questions submitted to it by the Minister or by the Financial Services and Markets Authority (‘FSMA’). The Commission may also, on its own initiative, provide advice on all issues relating to insurance that fall within the competence of the FSMA (Article 301 Wet van 4 April 2014 betreffende de verzekeringen/Loi relative aux assurances).

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

221

processing of health data by means of medical questionnaires by insurance intermediaries, consent of the insured is required.224

3.2.6

Reasons of Public Interest in the Area of Public Health (Article 9.2, i) GDPR)

According to Article 9.2, i) GDPR, the processing of health data is allowed if the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy. The Data Protection Directive did not contain a similar provision. However, it could be argued that reasons of public interest in the area of public health were also envisaged by Article 8.4 Data Protection Directive. This argument finds support in Recital 34 Data Protection Directive, which refers to important reasons of public interest, such as public health and social protection. Whether this legal ground proves to be suitable for every insurance product and/or purpose remains to be seen. This legal ground is aimed at public health. Therefore, it begs the question of whether this processing ground will only be a potential ground for health insurance products and not for the processing of health data in other sorts of insurance products. A further examination follows below. In any case, this legal basis cannot be used to legitimize decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject with respect to health data.225

3.2.6.1

Conditions

It Must Be Provided for by Law The application of Article 9.2, i) GDPR requires Union or Member State law. This condition is identical to the one specified in Article 9.2, b) GDPR (see supra Sect. 3.2.2.1). Public Health Article 9.2, i) GDPR allows the processing of health data if the processing is necessary for reasons of public interest in the area of public health. Recital

224 225

Insurance Commission (2019), 10. Article 22.4 GDPR.

222

J. Amankwah and N. Stroobants

54 GDPR clarifies that the term ‘public health’ should be interpreted as defined in Regulation (EC) No 1338/2008 of the European Parliament and of the Council, namely all elements related to health, more specifically health status, including morbidity and disability; the determinants having an effect on that health status; health care needs; resources allocated to health care; the provision of, and universal access to, health care as well as health care expenditure and financing; and the causes of mortality.226 Recital 54 GDPR further clarifies that such processing of data concerning health for reasons of public interest should not result in the personal data being processed for other purposes by third parties, such as employers or insurance and banking companies. Does the aforementioned sentence mean that Article 9.2, i) cannot be used for the processing of health data for insurance purposes? The exact meaning of Recital 54 GDPR remains unclear. Recital 54 could imply that insurance companies can process health data for reasons of public interest but are, contrarily, not allowed to process health data for other purposes. This argument could be valid as the definition of ‘public health’—as referred to in Recital 54—also includes health care expenditure and financing. As mentioned previously, health insurance (be it public or private) is a form of public health financing. However, Recital 54 could also be interpreted in the sense that the processing of health data by insurers is always considered as another purpose than a purpose of public interest such as public health. The use of the term ‘other purposes’ could mean that in processing health data, insurance companies never do so for public interest in the area of public health. After all, it seems that the provision of Article 9.2, i) is mainly directed towards the Member States as the mentioned purposes focus on public health in a broad sense (such as serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices). Therefore, it is unclear whether Article 9.2, i) GDPR allows the processing of health data for (health) insurance purposes. Suitable and Specific Measures to Safeguard Professional Secrecy Article 9.2, i) requires suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy. Article 9.2, i) does not refer to Article 9.3—which contains the professional secrecy condition for the processing of data on the basis of Article 9.2, h)—but lists professional secrecy as a safeguard to protect the rights and freedoms of the data subject. Whereas the processing of health data on the basis of Article 9.2, h) requires professional secrecy or a similar obligation of secrecy based on Member State or Union law or established by national competent bodies (see supra Sect. 3.2.5.1), the professional secrecy

226

Article 3, c) Regulation (EC) No 1338/2008 of the European Parliament and of the Council of 16 December 2008 on Community statistics on public health and health and safety at work (OJ L 354, 31.12.2008, p. 70).

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

223

requirement in Article 9.2, i) is stricter as it does not refer to a similar obligation of secrecy or cannot be established by a national competent body.

3.2.6.2

Applications

At the time of publication, there are no known Member States that specifically refer to Article 9.2, i) as a legal basis for the processing of health data by insurance companies. While the SDPA does mention Article 9.2, i) as a legal basis with respect to insurance companies and health data, it does also mention Article 9.2, h) in the same breath.

4 Conclusion As was outlined in the Introduction, the purpose of this chapter is to assess the legal options to process health data with respect to the insurance sector. The processing of health data by insurers is challenged by the fundamental right to privacy and data protection of the data subject. Recent changes in the legal framework concerning privacy and data protection coupled with the rise of technological advances in the insurance and finance sector have stirred the proverbial pot. The introduction of the GDPR has highlighted the need to protect individuals from the undue processing of their personal data. Undoubtedly, this has a severe impact on the insurance sector, which is heavily dependent on personal data. As such, insurers have to strike the right balance between conducting their business and respecting the fundamental right to the privacy and data protection of the data subject. While this balancing consists of several acts, this chapter focuses on the legality of the processing operation. The GDPR only allows the processing of personal data in a few limited cases. It is up to Member States to further implement these into the internal legal order. If Member States do not provide any derogations, the insurance sector is left with the GDPR itself. On the basis of the GDPR, there seem to be six potential legal bases on which an insurer could rely to process health data. Each legal basis has its merits and demerits. While one legal basis might allow profiling with solely automated means, another one might be more suitable for a specific insurance purpose. This, coupled with the fact that Member States have some leeway concerning the implementation of the GDPR, makes it difficult to come up with a one-stop-shop solution. This chapter outlines several different solutions to the same problem. Where possible, examples of Member State applications were examined to demonstrate the possibilities. However, the remaining uncertainty concerning the interpretation, application and implementation of the GDPR prevents a final position on a preferable legal ground. If a conclusion should be drawn, it should be that the introduction of the GDPR has left the insurance sector with little clarity on the matter of processing health data.

224

J. Amankwah and N. Stroobants

References Literature Amankwah J (2018) Nieuwe technologische ontwikkelingen in verzekeringen. In: Van Schoubroeck C, Samoy I (eds) Themis 106 – Aansprakelijkheids- en verzekeringsrecht, pp 77–106 Amankwah J (2019) In het licht van de AVG: het verwerken van bijzondere categorieën van persoonsgegevens in de verzekeringssector. TBH 2:245–254 Amankwah J (2021) Chapter 15. Insurance underwriting on the basis of telematcs: segmentation and profiling. In: Vanleenhove C, De Bruyne J (eds) Artificial intelligence and the law. Antwerpen, Intersentia, pp 405–428 Amankwah J, Van Schoubroeck C (2021) Fraud detection in motor insurance: privacy and data protection concerns under EU law (not yet published) Bensoussan A et al (2017) General Data Protection Regulation. Texts, commentaries and practical guidelines. Wolters Kluwer, Mechelen Bruyndonckx B (2017) De verwerking van bijzondere categorieën van persoonsgegevens en de toestemming. T. Verz. Special issue June 2017 De Bot D (2016) De gevolgen van de Algemene Verordening Gegevensbescherming voor de verzekeringssector – Enkele kritische bedenkingen. T. Verz. 2:127–152 Devereux S, Sabates-Wheeler R (2004) Transformative social protection. IDS Working Paper 232 Drechsler L, Benito Sánchez JC (2018) The price is (not) right: data protection and discrimination in the age of pricing algorithms. EJLT 9(3):1–23 European Union Agency for Fundamental Rights and Council of Europe (2018). Handbook on European data protection law, Publications Office of the European Union, Luxembourg Feiler L et al (2018) The EU General Data Protection Regulation (GDPR): a commentary. Globe Law and Business, London Goetghebuer J (2020) De invloed van artikel 22 AVG op het gebruik van robo-advies binnen de beleggingssector. Met de rug tegen de muur? TBH 2:135–164 Henrotte J-F, Coton F (2018) L’impact du R.G.P.D. dans le secteur des assurances: comment s’y conformer? Forum de l’assurance 185:107–111 Hornung G (2012) A General Data Protection Regulation for Europe? Light and shade in the Commission’s draft of 25 January 2012. SCRIPTed 9:64–81 Jay R (2017) Guide to the General Data Protection Regulation. Sweet & Maxwell, London Kamara I, De Hert P (2018) Understanding the balancing act behind the legitimate interest of the controller ground: a pragmatic approach. Brussels Privacy Hub Working Paper 2018, vol 4, pp 1–33 Lambert P (2016) A user’s guide to data protection. Boomsburry Professional, Abingdon McGurk B (2019) Data profiling and the law. Hart, Oxford Mendoza I, Bygrave LA (2017) The right not to be subject to automated decisions based on profiling. In: Synodinou TE et al (eds) EU internet law: regulation and enforcement. Springer, Cham, pp 77–98 Mezzetti CE (2016) Data protection in the insurance sector under EU law. In: Marano P, Rokas I, Kochenburger P (eds) The “dematerialized” insurance. Distance selling and cyber risks from an international perspective. Springer, Cham, pp 225–238 Mulder M (2019) The protection of data concerning health in Europe. EDPL 5:209–220 Poullet Y, Gutwirth S (2008) The contribution of the Article 29 Working Party to the construction of a harmonised European data protection system: an illustration of ‘reflexive governance’? In: Verónica Pérez Asinari M, Palazzi P (eds) Challenges of privacy and data protection law – perspectives of European and North American law. Bruylant, Brussels, pp 570–610

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

225

Regout G (2018) Assurances: le profilage et autres traitements automatisés de données à caractère personnel, à l’épreuve du nouveau règlement general sur la protection des données. TBH 3:307–318 Strandburg K (2014) Monitoring, datafication and consent: legal approaches to privacy in the big data context. In: Lane J, Stodden V, Bender S, Nissenbaum H (eds) Privacy, big data, and public goods. Frameworks for engagement. Cambridge Press University, Cambridge, pp 5–43 Stroobants N (2019) GDPR en het verwerken van gezondheidsgegevens in private ziekteverzekeringen. DCCR 122–123:231–272 Stroobants N (2021) Profiling in private health insurance. In: Bourguignon M, Hick T, Royer S, Yperman W (eds) Technology and society: the evolution of the legal landscape. Gompel&Svacina, Antwerp, pp 331–373 Stroobants N, Van Schoubroeck C (2021) Telematics insurance: legal concerns and challenges in the EU insurance market (not yet published) Sydow G (2018) Europäische Datenschutzgrundverordnung: Handkommentar. Nomos, BadenBaden Van Alsenoy B (2019) Data protection law in the EU: roles, responsibilities and liability. Intersentia, Cambridge Van Canneyt T, Goossens G (2016) The General Data Protection Regulation: 10 things company lawyers should know. CJ 1:1–11 Viola de Azevedo Cunha M (2010) Data Protection and Insurance: the limits on the collection and use of personal data on insurance contracts in EU law. Global Jurist 10: Article 6 Viola de Azevedo Cunha M (2012) Review of the Data Protection Directive: is there need (and room) for a new concept of personal data? In: Gutwirth S, Leenes R, De Hert P, Poullet Y (eds) European data protection: in good health? Springer, Dordrecht, pp 267–284 Viola de Azevedo Cunha M (2013) Market integration through data protection. An analysis of the insurance sector and financial industries in Europe. Springer, Rio de Janeiro

Others Association of British Insurers (2017) ABI response to ICO consultation on GDPR consent guidance. https://service.betterregulation.com/document/273249. Accessed 18 May 2021 BEUC (2020) The use of Big Data and Artificial Intelligence in Insurance. https://www.beuc.eu/ publications/beuc-x-2020-039_beuc_position_paper_big_data_and_ai_in_insurances.pdf. Accessed 18 May 2021 Bipar (2016) Commentary on the General Data Protection Regulation (GDPR) by Steptoe & Johnson LLP for Bipar: The GDPR from an Insurance and Financial mediation perspective. https://www.bipar.eu/en/page/gdpr-commentary. Accessed 18 May 2021 EIOPA (2018) Insurance Distribution Directive – evaluation of the structure of insurance intermediaries markets in Europe. https://register.eiopa.europa.eu/Publications/Reports/IDD%20Evalu ation%20of%20intermediary%20markets.pdf. Accessed 18 May 2021 EIOPA (2019) Big Data Analytics in Motor and Health Insurance: a thematic review. https://www. eiopa.europa.eu/content/big-data-analytics-motor-and-health-insurance_en. Accessed 18 May 2021 Insurance Europe (2017a) Comments on the Article 29 Working Party’s draft guidelines on automated individual decision-making and profiling. https://www.insuranceeurope.eu/publica tions/1845/comments-on-the-article-29-working-party-039-s-draft-guidelines-on-automatedindividual-decision-making-profiling/Comments%20on%20the%20Article%2029%20Work ing%20Partys%20draft%20guidelines%20on%20automated%20individual%20decision-mak ing%20profiling.pdf. Accessed 18 May 2021

226

J. Amankwah and N. Stroobants

Insurance Europe (2017b) Comments on the Article 29 Working Party’s draft guidelines on consent. https://www.insuranceeurope.eu/publications/1872/comments-on-the-use-of-consentin-insurance-in-view-of-the-gdpr-guidelines/Comments%20on%20consent.pdf. Accessed 18 May 2021 Insurance Europe (2019) Response to EC stocktaking exercise on application of GDPR. https:// www.insuranceeurope.eu/publications/1770/response-to-ec-stocktaking-exercise-on-applica tion-of-gdpr/Response%20to%20EC%20stocktaking%20exercise%20on%20application%20of %20GDPR.pdf. Accessed 18 May 2021 Kamenjasevic E (2017) Profiling in the financial sector under the GDPR. https://www.law. kuleuven.be/citip/blog/profiling-in-the-financial-sector-under-the-gdpr-part-i/. Accessed 18 May 2021 World Health Organization (2007) Everybody’s business. Strengthening health systems to improve health outcomes: WHO’s framework for action. https://www.who.int/healthsystems/strategy/ everybodys_business.pdf. Accessed 18 May 2021

Authoritative Decisions, Guidelines, Opinions, Working Documents (Soft Law) Article 29 Working Party (2018a), Guidelines on consent under regulation 2016/679. nr. 17/ENWP259 rev.01. Article 29 Working Party (2018b), Guidelines on Automated individual decision making and Profiling for the purposes of Regulation 2016/679, nr.17/EN WP251rev.01. Article 29 Working Party (2017a), Guidelines on consent under regulation 2016/679. nr. 17/EN-WP259. Article 29 Working Party (2017b), Guidelines on transparency under Regulation 2016/679, nr. 17/EN WP260rev.01. Article 29 Working Party (2016), Guidelines on the right to data portability, nr. 16/EN WP242rev.01. Article 29 Working Party (2014), Opinion 01/2014 on the application of necessity and proportionality concepts and data protection within the law enforcement sector. Nr. 536/14/EN-WP211. Article 29 Working Party (2013), Opinion 03/2013 on purpose limitation, nr. 00569/13/EN-WP 203. Article 29 Working Party (2012), Opinion 01/2012 on the data protection reform proposals. Nr. 00530/12/EN-WP191. Article 29 Working Party (2011a), Advice paper on special categories of data (“sensitive data”), Ref. Ares(2011)444105. Article 29 Working Party (2011b), Opinion 15/2011 on the definition of consent. nr. 01197/11/ENWP187. Article 29 Working party (2010), Opinion 1/2010 on the concepts of “controller” and “processor”, 00264/10/EN WP169. Article 29 Working Party (2007), Working document on the processing of personal data relating to health in electronic health records (EHR). nr. 00323/07/EN-WP131. Belgian Insurance Commission (2019), Advise concerning the processing of health data in the context of EU 2016/679 General Data Protection Regulation, DOC/C2019/1. Council of Europe (1981), Explanatory Report to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, European Treaty Series No. 108. Council of Europe (2018), Explanatory Report to the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. European Data Protection Board (2020), Guidelines 05/2020 on consent under regulation 2016/679, version 1.1

GDPR and the Processing of Health Data in Insurance Contracts: Opening a. . .

227

European Data Protection Supervisor (2017), Assessing the necessity of measures that limit the fundamental right to the protection of personal data: a toolkit. European Data Protection Supervisor (2015), Opinion 3/2015 of the European Data Protection Supervisor on the data protection reform package (including the Annex). European Data Protection Supervisor (2012), Opinion of the European Data Protection Supervisor on the data protection reform package. European Commission (2014), Green paper on mobile Health (“mHealth”), COM(2014) 219 final. European Commission (2012), Commission Staff Working Paper, Impact assessment accompanying the document Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Sec(2012), annex 2. Letter from the Chairwoman on behalf of the Article 29 Working Party (2015), Annex—health data in apps and devices.

CJEU Case Law Wirtschaftsakademie, C-210/16 [2018] EU:C:2018:388, paragraphs 27–28 Jehovah’s witnesses, C-25/17 [2018] EU:C:2018:551, paragraph 66 Tele 2 Sverige, C-2013/15 and C-698/15 [2016] ECLI:EU:C:2016:572, paragraph 96, 137–154 Schrems, C-362/14 [2015] ECLI:EU:C:2015:650, paragraph 50, 92 Google Spain, C-131/12 [2014]EU:C:2014:317, paragraph 34 Rynes, C-212/13 [2014] ECLI:EU:C:2014:2428, paragraph 28 Digital Rights Ireland and Seitlinger and Others, C-293/12 and C-594/12 [2014] ECLI:EU: C:2014:238, paragraph 39–40, 52 Schwarz, C-291/12 [2013] ECLI:EU:C:2013:401, paragraph 27–45 IPI, C-473/12 [2013] ECLI:EU:C:2013:715, paragraph 39 Scarlet Extended, C-70/10 [2011], ECLI:EU:C:2011:255, paragraph 88–114 Volker und Markus Schecke, C-92/09 and C-93/09 [2009] ECLI:EU:C:2010:662, paragraph 77 Satakunnan Markkinapörssi and Satamedia, C-73/07 [2007] ECLI:EU:C:2008:727, paragraph 56

ECtHR Case Law ECtHR Szabo and Vissy v. Hungary, no. 37138/14 [2016] S & Marper v United Kingdom, No. 30562/04 and 30566/04 [2008] Z v Finland, No. 22009/93 [1997]

Part IV

Insurance and the Right to Life

Gambling on My Life and My Right to Live Mahfuz

Abstract In this modern world, financial benefit is often considered to be more important than human life, whilst money has no value if there is no existence of humans. This essay identifies that gambling in the guise of insurance creates a threat to the life of the insured, with the potential of violating the ‘right to life’ where the insured life is terminated by a policyholder or beneficiary for financial gain. It is argued that the ‘right to life’ is absolute where the state fails to protect life or where the state fails to take reasonable steps to preserve life. Some academics argue that having adequate criminal legislation and police forces is enough for the protection of life. This is comparable to the scenario that the state is encouraging people to leave the door of their house open to thieves and looters, only relying on criminal law and police force, which is not an ideal choice. Australia and New Zealand are allowing gambling on the life of the insured as third parties may insure a life without the insured’s knowledge or consent, whilst countries like the UK and the USA impose a requirement of insurable interest— believing that it is a strong instrument to stop such gambling. This chapter holds that this approach is proved to be a failure due to the contingency nature of life insurance. The doctrine of insurable interest also fails to serve its purpose due to the possibility of the assignment of a life policy to a third party who does not have an insurable interest in the life insured. The passing of data to a stranger through the assignment of a life policy violates the right to privacy. In order to tackle the aim of gambling and to protect the right to life and right to privacy, the chapter recommends the

Associate Professor and Vice Dean of College of Law, University of Business and Technology (UBT), Saudi Arabia; PhD, University of Manchester; Barrister of law of England and Wales. I am indebted to Dr. Sariah Normah Alqasim, Assistant Professor of UBT, for her review and comments. I am also grateful to Mr. Ali Basher, Barrister of Law, and Mr. Mostafa Hosain, Assistant Professor of Law, for their kind support with resources. Mahfuz (*) College of Law, University of Business and Technology, Dahban, Saudi Arabia e-mail: [email protected] © The Author(s), under exclusive license to Springer Nature Switzerland AG 2022 M. Lima Rego, B. Kuschke (eds.), Insurance and Human Rights, AIDA Europe Research Series on Insurance Law and Regulation 5, https://doi.org/10.1007/978-3-030-82704-5_8

231

232

Mahfuz

application of the decision of Godsall v Boldero, which considered life insurance policy as indemnity policy, in order to address these issues.

1 Introduction Where there is no human, there is no importance of money, where there is no money, there is still importance of human life.

In recent years, betting on life has become a common practice.1 For the sake of money, people are not considering it to be against public interest even if their lives are used as a gambling instrument by the gambler and gambling house.2 The insurance industry is becoming more of a gambling industry as there is an increasing demand for that.3 Australia, where investment increased in the insurance industry after removing the restriction of insurable interest in taking up insurance policies, serves as an example.4 Countries like the UK and USA are still requiring insurable interest for a valid policy, yet the contingency nature of their life policies opens the gate for wagering or gambling on the life insured. Such gambling on life creates a threat to that life since the gambler can earn a large amount of money following the death of the person insured. On the other hand, if the person insured survives, the gambler loses his investment. It is a certainty changing the nature of life insurance policies from contingency to indemnity that would reduce investment in this sector.5 As a person’s life now has an economic value and holds an economic benefit to a policyholder, an alleged threat to ending a life has the potential to violate the right to life6 of the insured. In most countries, many people pass away due to unforeseen events or accidents.7 In order to claim the insured amount on the loss of the life of the person insured, the possibility exists that some policyholder might intentionally cause the insured event, namely the profitable death of the insured.8 Furthermore, the contingent nature of a life policy creates the opportunity for multiple assignments (transfers or cessions, for example) of a life policy. The person whose life is insured may remain unaware of the identity of the policyholder that 1

See, Curran (12 April 2010). See, Indiviglio (May 18, 2011); Alborn (2007), p. 1. 3 See, Brunau (2012), p. 210; Chandia (2018), p. 9; Gajjar (2014), p. 1. 4 The 2018 KPMG report shows that in Australia the revenue from the insurance industry increased by 6.6% to $24.7bn—equating to 1.4% of Australia’s GDP. See, KPMG, ‘Life Insurance sector revenues on the rise, KPMG study shows’ (15 August 2018) https://home.kpmg/au/en/home/media/ press-releases/2018/08/life-insurance-sector-revenues-on-the-rise-kpmg-study-shows-16-august2018.html. accessed 26/9/2019. 5 In 2017 the tax contributions of the insurance sector in the UK were over £72 billion. This was ‘the largest contribution of any sector within the country’. See, Cherowbrier (Feb 11, 2019). 6 The right to life is one of the human rights that is discussed in this chapter. 7 See, https://www.who.int/violence_injury_prevention/road_safety_status/2018/GSRRS2018_ Summary_EN.pdf. accessed 28/9/2019. 8 See, Swisher (2005), p. 528. 2

Gambling on My Life and My Right to Live

233

holds the interest in the life insured. Disclosing personal or confidential information of the person insured by a policyholder to a third party violates the right to privacy.9 Such a violation of the right to privacy is more prevalent in Australia and New Zealand since these countries allow anyone to take a policy on another person’s life.10 It is moot that every state should consider the human rights of its citizens when developing its insurance law. In this chapter, the laws of England are used to show how these two human rights, namely the right to life and the right to privacy, are violated in the insurance sector, and some recommendations are made to develop insurance law in such a manner as to protect these fundamental rights.

2 The Right to Life ‘If there is a human right at all, then it must surely be the right to life, and if there is no right to life, then there is no human right.’11 Article 3 of the Universal Declaration of Human Rights states that ‘everyone has the right to life, liberty and security of person’. Approximately 77% of the world’s constitutions include this fundamental right.12 In interpreting Article 3, Antônio Cançado Trindade, the then President of the Inter-American Court of Human Rights, wrote that ‘the arbitrary deprivation of life is not limited to the illicit act of homicide; it extends itself to the deprivation of the right to live with dignity’.13 The European Court of Human Rights (ECtHR) stated in the case of Osman v UK14 that the duty of a state is to take preventative measures to protect an individual from a real and imminent threat to life that the state knows about or ought to know. According to the UN Human Rights Committee, a state is required to ‘enact law or other measures to protect life from all “foreseeable

9

This is the second human right that is discussed in this chapter. See, Bainbridge and Clar (24 January 2019). 11 Tiedemann (2012), p. 345. The European Court of Human Rights (ECtHR) stated in McCann v United Kingdom A 324 (1995); 21 EHRR 97 [147] that right to life, Article 2 of European Convention of Human Rights (ECHR), ‘ranks as one of the most fundamental provisions in the Convention’. This provision, along with Article 3, states that ‘no one shall be subjected to torture or to inhuman or degrading treatment or punishment'. Tiedemann supports that as it ‘enshrines one of the basic values of the democratic societies making up the Council of Europe’, its provisions must always be strictly construed. 12 The Office of the High Commissioner for Human Rights, ‘The Universal Declaration of Human Rights at 70: Still Working to Ensure Freedom, Equality and Dignity for All’ page 1 https://un.by/ en/un-news/human-rights/246-30-articles/3987-article-3-right-to-life accessed 26/9/2019. 13 See, The Office of the High Commissioner for Human Rights, ‘The Universal Declaration of Human Rights at 70: Still Working to Ensure Freedom, Equality and Dignity for All’ page 1 https:// un.by/en/un-news/human-rights/246-30-articles/3987-article-3-right-to-life accessed 26/9/2019. 14 (2000) 29 E.H.R.R. 245. 10

234

Mahfuz

threats”’. A state may be in violation of this right ‘even if such threats and situations do not result in loss of life’.15 Article 2 of the European Convention on Human Rights (ECHR) also enshrines the right to life. The ECtHR imposed three categories of obligations on a state for the preservation of the right to life: (1) prohibition on killing except in the case of death resulting from the use of force that is no more than absolutely necessary, (2) effective official investigation into deaths resulting from the state’s use of force or where the state fails to protect life and (3) taking reasonable steps to preserve life.16 The third category imposes three obligations on a state: (a) enacting effective criminal legislation and properly enforcing it, (b) creating an appropriate legal and administrative framework to prevent accidental deaths and to provide effective deterrence against threats to the right to life and (c) requiring the police to take reasonable steps to protect life where they know or ought to know that there is a real and immediate risk to a person’s life.17 The ECHR requires human life to be respected by the avoidance of death where possible and the investigation of its cause where not possible.18 The court found that the right to life can be violated even where there has been no loss of life at all. In Makaratzis v Greece,19 the applicant was pursued by the police in a manner that posed a risk or threat to his life, although he was not killed nor was there an intention to kill. The court found that the Greek authorities had failed to comply with the positive obligation to put an adequate legislative and administrative framework in place and had not done all that could reasonably be expected of them to afford to citizens the level of safeguards required by Article 2 of the ECHR. The court in Budayeva v Russia20 concurred that a state’s primary duty is ‘to put in place a legislative and administrative framework designed to provide effective deterrence against threats to the right to life’. The approaches of the ECtHR evidence that the threat to kill someone already constitutes a violation of that person’s ‘right to life’.21

15

Human Rights Committee (2018), paras 7, 18. ibid [161]. 17 The National Council for Civil Liberties (2010), p. 19. 18 Osman v United Kingdom 1998-VIII; 29 EHRR 245 at para 115. The Court has enforced this principle in cases such as Öneryildiz v Turkey 2004-XII; 41 EHRR 20 and Budayeva and others v Russia Application Nos 15339/02, 21166/02, 20058/02, 11673/02 and 15343/02, Merits, 20 March 2008. 19 2004-XI; 41 EHRR 49. 20 Application Nos 15339/02, 21166/02, 20058/02, 11673/02 and 15343/02, Merits, 20 March 2008 [129]. See also, The National Council for Civil Liberties (2010), p. 19. 21 However, Tiedemann P commented that the right to life does not exist, since a dead person does not continue to have any right to life. In his view, killing a person is a violation of his dignity as a human being since the act of killing is in violation of human dignity, and consequently violates Article 3 of ECHR. According to his view a threat to a life is also in violation of Article 3. See, Tiedemann (2012), pp. 346, 352–354. Rehbock T, on the other hand, commented that humans could be holders of rights even after their death. See, Rehbock (2008), p. 25. 16

Gambling on My Life and My Right to Live

235

3 The Right to Privacy Article 12 of the Universal Declaration of Human Rights states that ‘no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.’ Privacy has been identified as ‘essential to the development of human personality and protection of human dignity’.22 It allows a person to establish boundaries to limit who has access to his/her body, location, things and information.23 This right includes, among others, the right to personal autonomy and physical and psychological integrity, respect for private and confidential information, respect for privacy when one has a reasonable expectation of privacy and the right to control the dissemination of information about one’s private life.24 The right to dignity is divided into three parts: (1) physical, psychological or moral integrity; (2) privacy; and (3) identity and autonomy.25 The second category is particularly relevant for the purpose of this chapter. The privacy of a person relates to his/her personal identity, which includes, for example, his/her name, photo, gender identity and so forth. A person’s right to privacy is not affected when he/she is voluntarily in a public place and is monitored by security personnel, for example via a security camera in a shopping mall.26 However, the right may be violated ‘once any systematic or permanent record comes into existence’ of a person’s identity from the public domain,27 even though the information is not sensitive and has never been consulted.28 A person’s photograph is, for example, ‘one of the chief attributes of his or her personality, as it reveals the person’s unique characteristics and distinguishes the person from his or her peers’.29 In Z v Finland, the ECtHR held that the ‘domestic law must afford

The Office of the High Commissioner for Human Rights, ‘The Universal Declaration of Human Rights at 70: Still Working to Ensure Freedom, Equality and Dignity for All’ https://un.by/en/unnews/human-rights/246-30-articles/4003-article-12-right-to-privacy accessed 25/9/2019. 23 The Office of the High Commissioner for Human Rights, ‘The Universal Declaration of Human Rights at 70: Still Working to Ensure Freedom, Equality and Dignity for All’ https://un.by/en/unnews/human-rights/246-30-articles/4003-article-12-right-to-privacy accessed 25/9/2019. 24 The National Council for Civil Liberties (2010), p. 33. 25 See, ECtHR, Guide on Article 8 of the European Convention on Human Rights (30 April 2019) para 63. 26 See, P.G. and J.H. v UK App No. 44787/98 (ECtHR, 25 September 2001) [57]. 27 Ibid. 28 Amann v. Switzerland App No. 27798/95 (ECtHR, 16 February 2000) [65-67]. In M.N. and Others v San Marino App No. 28005/12 (ECtHR, 7 July 2015) 51 the court held that banking documents ‘undoubtedly amounts to personal data concerning an individual, irrespective of it being sensitive information or not.’ 29 See, ECtHR, Guide on Article 8 of the European Convention on Human Rights (30 April 2019) para 129. 22

236

Mahfuz

appropriate safeguards to prevent any such communication or disclosure of personal health data as may be inconsistent with the guarantees in Article 8’ of ECHR.30 Finally, the UN Human Rights Committee stated that the collection of data and the holding of personal information must be regulated by law. A state has the duty ‘to ensure that information concerning a person’s private life does not reach the hands of persons who are not authorized by law to receive, process and use it’.31 Every individual should have the right to ascertain what of his or her personal data is stored and for what purposes. However, this right remains subject to proportionate and lawful restrictions.32

4 Is the Right to Life Absolute, Qualified or Limited? Some fundamental or human rights are absolute in nature. These absolute rights are those that cannot be violated in any circumstance. These include, for example, the right to a fair trial and the prohibition on slavery. ‘Infringements on absolute rights can never be justified in the public interest’.33 In contrast, qualified fundamental rights are those that depend on the circumstances that exist, independent of the human rights issue in question. These rights are required to be qualified against the backdrop of simultaneously coexisting circumstances in any given situation.34 These include, for instance, freedom of religion, freedom of expression and freedom of assembly and association. Any law limiting these rights must have a legitimate aim that is necessary for a democratic society and must be proportionate.35 The third category of fundamental rights refers to rights with built-in exceptions. This category includes the right to life.36 It is submitted that the right to life can, in fact, be divided into the categories of absolute and limited rights. The right is limited when it is claimed under the first category of State’s obligation identified by ECtHR, as stated above, i.e. the prohibition of intentional killing. There is no breach of the right to life when the killing satisfies certain conditions, such as where the force that is used in self-defense, for example, is no more than absolutely necessary. The right to life is absolute when it comes under the second or third category of State’s obligation identified by ECtHR. Under the second category, a state cannot avoid or limit its obligation of adequate

30

App No. 2209/93 (ECtHR, 25 February 1997) [95]. Human Rights Committee (1988), Para 10. 32 See, Article 2 of Data Protection Act 2018 of the UK. 33 The National Council for Civil Liberties (2010), p. 15. 34 Cali (2007), p. 251. 35 The National Council for Civil Liberties (2010), p. 16. 36 Ibid. 31

Gambling on My Life and My Right to Live

237

investigation where the death results from the use of force by the state or where the state fails to protect a life. The third category requires a state37 (a) to create effective criminal legislation and properly enforce it. A state cannot justify its failure of making this legislation or enforcing it on any ground.38 This can be compared with the prohibition of slavery, which requires a state ‘to ensure laws are in place to protect people from slavery’.39 The state is also required to (b) form a legal and administrative framework that prevents accidental deaths and creates deterrence against threats to the right to life. A state cannot limit this right by failing to develop a legal and administrative framework on the ground of public policy or any other ground.40 This can also be compared with the right to a fair trial where the right requires the state to appoint independent, impartial judges and infringements of this right cannot be justified on the ground of public interest.41 Finally, (c) a state cannot avoid or limit its responsibility in taking reasonable steps to protect an individual’s life whilst it knows or ought to know that there is a real and immediate risk of loss of life.42

5 Is Right to Privacy Absolute, Qualified or Limited? A qualified right is a right that can be limited in accordance with the law when it becomes necessary and is proportionately limited to the interests of national security, concerns of public safety, the economic well-being of a country, the prevention of disorder or crime, the protection of health, the upholding of moral standards or the protection of the rights and freedoms of others.43 The annual report of the UN High Commissioner states that interference with the right to privacy is permissible only if it is neither arbitrary nor unlawful.44 Interference will be lawful if it is done according to the law that endeavours to satisfy the aims and objectives of the Human Rights Covenant.45 This right also needs to be balanced against the right to the freedom of expression and also the public interest. 37

The third category can be divided into three parts, which has been stated above. See, Makaratzis v Greece 2004-XI; 41 EHRR 49; Budayeva v Russia Application Nos 15339/02, 21166/02, 20058/02, 11673/02 and 15343/02, Merits, (ECtHR, 20 March 2008); Angelova v Bulgaria (2008) 47 E.H.R.R. 7). 39 The National Council for Civil Liberties (2010), p. 23. 40 See, Budayeva v Russia Application Nos 15339/02, 21166/02, 20058/02, 11673/02 and 15343/ 02, Merits, (ECtHR, 20 March 2008). 41 The National Council for Civil Liberties (2010), p. 27. 42 See Öneryildiz v Turkey 2004-XII; 41 EHRR 20; App No. 48939/99 (ECtHR, 30 November 2004). 43 See The National Council for Civil Liberties (2010), p. 34. 44 Human Rights council (2014), para 21. 45 Human Rights Committee (2018) on article 6 of the International Covenant on Civil and Political Right, on the right to life (30 October 2018) 3. 38

238

Mahfuz

This balancing act depends on the fact of each case. For instance, in Z v Finland, information regarding human immunodeficiency virus (HIV) infection carried greater weight in ‘determining whether the interference was proportionate to the legitimate aim pursued’.46 On the other hand, a fair balance was struck between the competing interests of the individual and of the community as a whole where the individual complained about sound pollution caused by airplanes flying in the vicinity. Similarly, a public figure does not necessarily enjoy the same respect for his or her private life as others do, which is again decided based on a balance between personal interest and public interest.

6 Application of the Right to Life and the Right to Privacy A total of 172 countries in the world agreed to enforce human rights by signing the International Covenant on Civil and Political Rights (ICCPR).47 Article 6 of this Covenant incorporates the right to life. It states that ‘Every human being has the inherent right to life. This right shall be protected by law. No one shall be arbitrarily deprived of his life.’ Article 17 of this Covenant states that ‘no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation’. This treaty gives legal force to the Universal Declaration of Human Rights (UDHR), which in its Article 3 states that ‘everyone has the right to life, liberty and security of person’. Article 12 of UDHR contains a provision concerning the right to have a private life. The ICCPR establishes the Human Rights Committee, which oversees commitment to the ICCPR.48 The Committee reviews reports on the human rights status of Member States. It also receives complaints from individuals of the countries that signed the First Optional Protocol to the ICCPR. If the Committee finds a violation, it asks the concerned state to remediate its position.

46

Z v Finland App No. 22009/93 (ECtHR, 25 February 1997) [96]. ICCPR is part of the International Bill of Human Rights and the Universal Declaration of Human Rights. It is monitored by the United Nations Human Rights Committee. See, https://research.un. org/en/docs/humanrights/undhr access 5/8/2019. See also, Information Platform humanrights.ch https://www.humanrights.ch/en/standards/un-treaties/iccpr/ (2 May 2019) accessed 26/9/2019. 48 The Committee has 18 members made up of nationals from states parties who act as independent experts. The Committee adopts ‘General Comments’ which give guidance on how to interpret the ICCPR. states must submit reports on the steps they have taken to protect the rights and the Committee’s responsibility is to make sure that the states are making progress. See, Weller (2017) Human Rights News, Views & Info, https://rightsinfo.org/international-covenant-civilpolitical-rights/ access 22 July 2019. 47

Gambling on My Life and My Right to Live

239

An individual citizen of a country that has signed the First Optional Protocol to the ICCPR can direct complaints to the Human Rights Committee.49 A total of 116 contracting states ratified this protocol. However, countries like the UK, the USA and Australia did not sign this protocol. Consequently, the citizens of these countries cannot take their complaints to the Committee. These countries have introduced their own structures to ensure the application and enforcement of these rights. The UK, for instance, signed the ECHR in 1951 and enacted its Human Rights Act in 1998, which adopted the European Convention of Human Rights. The citizens of this country, therefore, can take complaints to the European Court of Human Rights. The citizen of Australia, on the other hand, can lodge a complaint with the Australian Human Rights Commission, an independent body that will try to conciliate the problem. If the president of this Commission is satisfied that the complaint cannot be resolved, the Commission can terminate the complaint. The individual may then direct the matter to the Federal Circuit Court or the Federal Court of Australia.50 Similarly, other countries that did not ratify the protocol have introduced their own structures governing the lodging of a complaint for resolution.

7 The Effect of Insurance Law on the Right to Life and the Right to Have a Private Life According to the preceding analysis, the right to life gives a person freedom and security to live without facing danger to his/her life. The right to have a private life allows a person to establish boundaries to limit who has access to his/her body, places, things and information. It is argued that the contingency nature of life policies in countries like the UK creates the opportunity to gamble on the life of the person insured, which in fact eventually creates a threat for that person. These countries allow the assignment of a life policy without the knowledge of the person insured, which breaches the right to have a private life. The circumstances in Australia and New Zealand are worse since a complete stranger can take a policy on anyone’s life, which is a violation of the right to have a private life and creates a possible threat to life, which potentially breaches the right to life. As an example of these issues and challenges, the insurance law of the UK is analysed in this chapter.

49

Currently 116 contracting states have ratified the Optional Protocol to the International Covenant on Civil and Political Rights of 1966. 50 See, Australian Human Rights Commission (2012) https://www.humanrights.gov.au/complaints/ information-people-and-organisations-responding-complaints-unlawful-discrimination accessed 28/9/2019.

240

7.1

Mahfuz

The Effect of English Insurance Law on the Right to Life and the Right to Private Life

A life insurance policy is taken to ensure that the beneficiary does not economically suffer after the death of the assured. Where there is no chance of economic loss due to the death of the assured, the policy can be used as a gambling instrument.51 Consequently, section 1 of the Life Assurance Act 1774 requires the existence of insurable interest for a valid life policy. The updated Draft Bill by the English Law Commission also requires its existence.52 However, common law established the presence of a deemed insurable interest in certain life-related insurance policies where the existence of pecuniary loss is not considered, for instance where insurance on one’s own life or one’s spouse’s life is taken.53 The Updated Draft Bill recommended an extension to this list to include a civil partner, cohabitant, child, grandchild and a person who is being treated as a child or grandchild.54 Following the proposal in the Draft Bill, insurable interest can be divided into the following: 1. Interest based on a pecuniary loss recognized by law (Clause 2(1)) 2. Interest based on a reasonable prospect of an economic loss (Clause 2(2)) 3. Interest based on natural affection (Clause 2(3))

7.1.1

Interest Based on a Pecuniary Loss Recognised by Law

MacGillivray defined insurable interest in the following words: ‘Where the assured is so situated that the happening of the event on which the insurance money is to become payable would, as a proximate cause, involve the assured in the loss or diminution of any right recognised by law or in any legal liability there is an insurable interest in the happening of that event to the extent of the possible loss or liability.’

Lord Blackburn gave a simple definition in Wilson v. Jones:55 ‘if the event happens, the party will gain an advantage, if it is frustrated, he will suffer a loss’. Under English law, the interest must be a legal interest and not a mere chance or

51 See Mahfuz (2013), p. 81. Preamble of the Life Assurance Act 1774; The Law Commission and the Scottish Law Commission, Insurable Interest (issues paper 4, 2008), para 4.14; Grigsby v. Russell, 222 U.S. 149, 156 (1911). 52 Law Commissions, Insurable Interest Bill, (2018) cl 2. 53 See, Griffiths v Fleming and Others [1909] 1 KB 805, 808; Wainewright v Bland 1 Moo. & R. 481; Reed v Royal Exchange Assurance Co (1795) Peake, Add. Cas. 70; Section 253 of the Civil Partnership Act 2004. 54 Clause 2(3) of Insurable Interest Bill 2018; Law Commission and Scottish Law Commission, Updated Draft Insurable Interest Bill for Review, (June 2018) paras 2.31 – 2.36. 55 L. R. 2 Ex. 139, at p. 150.

Gambling on My Life and My Right to Live

241

expectation. The legal interest must exist at the date of the contract.56 For instance, in Routh v Thompson,57 the captor had no right on the vessel except the expectation of a grant from the Crown. Consequently, there was no insurable interest. An insurance policy on the insured’s father’s property following an expectation to inherit was invalid due to the lack of insurable interest.58 A life policy effected by a creditor on the life of his or her debtor would be void if effected before the debt was legally constituted.59 The purpose of this requirement is to stop gambling in the guise of insurance. For instance, if X takes a policy on Y’s life with whom he or she does not have any legal relationship and there is no chance of losing money on Y’s death, then X will be waiting for Y’s death to make a claim, which may inspire X to do moral hazards. The law, therefore, aims to stop such gambling on a life, imposing the requirement of the existence of insurable interest. The court in Godsall v Boldero60 held that the interest must also exist at the time of peril since the chance of gambling will arise as soon as the insured loses his or her interest in the life insured. For instance, if a debtor pays back the principal debt amount owing to a creditor, the creditor should not be allowed to continue the insurance policy on the life of the debtor, otherwise, the death of the debtor within the policy period would give the creditor the chance of a double recovery. However, the decision of Godsall v Boldero61 ‘was received by the insurance world with a chorus of disapprobation, and the insurance companies did not in practice follow it but paid in full on such policies even though the debt had been paid off when the debtor died’.62 The Exchequer Chamber, in Dalby v The India and London Life Assurance Co,63 overruled the decision in Godsall v Boldero64 and held that the life policy is a contingent policy. In this case, the life of the Duke of Cambridge was insured by John Wright with Anchor Life Assurance Co. Anchor Life reinsured the life with India and London Life Assurance Co. Before the Duke’s death, the insured John Wright surrendered the policy, and as such the Anchor Life Assurance lost its interest in the life of the Duke yet continued paying premiums. After the death of the Duke, the direct insurer Anchor Life Assurance claimed the policy proceeds from the reinsurer. The court held that life insurance does not require the existence of an insurable interest at the time of loss and as such the company was entitled to claim the insured amount. Subsequently, in Gould v Curtis,65 the court

56

Griffiths v Fleming [1909] 1 K.B. 805 at 820; Sharp v Sphere Drake Insurance [1992] 2 Lloyd’s Rep. 501 at 510–511. 57 (1809) 11 East 428. See, Devaux v Steele (1840) 8 Scott 637. 58 See Birds et al. (2018), pp. 1-053. 59 See, Ibid 1-032. 60 (1807) 9 East 72. 61 Ibid. 62 Barber v Morris (1831) 1 M. & R. 62. 63 (1854) 15 C.B. 365. 64 (1807) 9 East 72. 65 [1913] 3 K.B. 84.

242

Mahfuz

made it clear that the assured may recover under a life policy without proof of loss. All the assured must prove is the event being the death of the life insured. A further chance of gambling may, however, develop following the proposed repeal of section 3 of the 1774 Act by the Law Commissions.66 Section 3 limits the amount that an insured can recover.67 Following the proposed repeal, there would not be any cap on the amount that the insured is allowed to take the policy for. In support of this, Group Risk Development argued that an ‘insurer should be free to assess the risks as presented to them’. It commented that the implication of a financial limit is unworkable since ‘an individual could simply take out multiple policies with different insurers to overcome any limit’.68 The Law Commission also did not find any clear rationale for limiting the value of life-related policies.69

7.1.1.1

Critical Analysis of the Current Law and Draft Bill 2018

The current rule, as applied in Dalby v The India and London Life Assurance Co,70 is justified by MacGillivray in that ‘an interest which may last during the whole term of the risk, an absolute promise to pay a sum of money not greater than the insured’s interest at the time of the contract is not essentially a gaming or wagering policy’.71 On the other hand, the author opines that this rule opens the gate of gambling in the guise of insurance. The following three scenarios can be used to analyse these arguments: Illustration 1 A was introduced to B in 2018 and took out a life insurance policy on B’s life for £1m on 1 January 2019. B passed away in June 2019. Illustration 2 X borrowed £1m from Y in 2018. Y insured X’s life for £1m on 1 January 2019 for 1 year. X paid the amount to Y on 2 January 2019. X subsequently passed away in June 2019.

(continued)

66

See Clause 6(1)(b) of Insurable Interest Bill (2018). Sec 3 states: ‘And in all cases where the insured hath interest in such life or lives, event or events, no greater sum shall be recovered or received from the insurer or insurers than the amount of value of the interest of the insured in such life or lives, or other event or events.’. 68 The Law Commission and Scottish Law Commission (2016), Para 3.22. 69 See, The Law Commission and Scottish Law Commission (2018b) 2.74(3). 70 Dalby v The India and London Life Assurance Co (1854) 15 C.B. 365. 71 Birds et al. (2018), p. 1-034. 67

Gambling on My Life and My Right to Live

243

Illustration 3 This illustration is very similar to the scenario in Illustration 2 above. E borrowed £1m from M in 2018. M insured E’s life for £1m on 1 January 2019 for 1 year. E paid the loan back in November 2019. E passed away 1 week before the policy expired in a road accident, for which no one could be identified as liable. M claimed £1million from the insurance company. According to the current law, the insurance policy in Illustration 1 is invalid since there was no insurable interest on the day of taking the policy. The policy taken by Y in Illustration 2 is valid since there was insurable interest on the day of the taking of the policy. The only difference between these two insurance policies is the existence of insurable interest in X’s life on the day of the taking of the policy. Based on the current law, the insurance policy taken by A is invalid and the policy taken by Y is valid, though a gambling nature exists in both policies, except for 1 day, i.e. from 1 January till 2 January when the loan of C remained unpaid. After the loan was repaid on 2nd January, both illustration 1 and illustration 2 became similar since both policyholders had the chance of gaining £1m following the death of the life insured. The policy taken by M in Illustration 3 is also valid. The difference between Illustrations 2 and 3 is the time taken by E to pay the money. In this case, M will have the chance of gambling on the life of E for only 1 week. MacGillivray suggested two scenarios: in the case of the first one, ‘the insured has an interest which may last during the whole term of the risk’.72 In Illustrations 2 and 3, there was a chance for the interest to last for the whole term of the policy since the debtor had the choice not to pay until the last day. According to his view, these are not gambling contracts since there was ‘an absolute promise to pay a sum of money not greater than the insured’s interest at the time of the contract’.73 Supporting this opinion Birds commented that in the case of Dalby,74 ‘the interest of Anchor Life would have lasted until the life dropped if the policies issued by them had not been previously surrendered’.75 Similarly, interest in the life of debtors would have continued in Illustrations 2 and 3 if they did not pay the principal debt back. In the case of the second scenario, McGillivray explains that ‘an interest lasts for a definite period only, after which there is no hope or expectation of the interest being continued or renewed’.76 Take, for example, Illustration 4. G has been employed by XYZ Company as chief manager for 1 year. G is supposed to retire after 1 year, yet XYZ has taken an insurance policy on G’s life for 2 years.

72

Ibid 1-034. Ibid. 74 (1854) 15 C.B. 365. 75 Birds et al. (2018), p. 1-034. 76 Ibid. MacGillivray did not provide any example of this scenario. 73

244

Mahfuz

MacGillivray opined that ‘a contract containing a promise to pay in the event of loss after the cessation of interest might well be deemed a contract pro tanto by way of gaming or wagering’.77 Consequently, the policy under Illustration 4 is a pro tanto gambling contract. According to this view, it is argued that the contract in the case of Dalby is also a pro tanto gambling contract since there was no hope or expectation of the interest to be continued or renewed after the insured surrendered the policy. Similarly, the contracts of Y and M of Illustrations 2 and 3 are also gambling contracts since there is no hope or expectation of the interest to be continued or renewed after the payment of the debt. Consequently, it is submitted that the division created by MacGillivray is self-contradictory. Further difficulties can be found in the judgment delivered in Law v London Indisputable Life Policy.78 In this case, the insured had an insurable interest of 20 months on the life insured whilst he took the policy for a 24-month term. The person insured passed away after the expiry of 20 months, i.e. after the expiry of the insurable interest but before the expiry of 24 months. It is submitted that this scenario falls under the second category, as identified by MacGillivray above, since it was obvious at the date of taking the policy that interest would last for 20 months only. Consequently, 20 months after the date of taking the policy, there was no hope or expectation of the interest being continued or renewed. Accordingly, this should be identified as a gambling contract. MacGillivray, on the other hand, opined that the policy was not pro tanto a gaming contract even though there was no chance of interest to continue or renew after the expiry of 20 months. MacGillivray defended the applicant stating that there was some uncertainty as to B’s age and as such there was no gambling in the policy.79 He suggested that ‘there must be some reasonable expectation of the interest being continued to the date when the loss actually occurs in order to legalise the promise to pay’.80 There was always a reasonable expectation in the case of Dalby that the policy would not be surrendered before the expiry of the policy period, but there was no such expectation in the case of Law v London Indisputable Life Policy.81 However, in the case Law v London Indisputable Life Policy the insured took the policy for 24 months since there was no policy available for 20 months. MacGillivray commented that ‘the extension of the term beyond the term of the interest must be bona fide’ to receive the insured amount.82 On the other hand, in Law v London, Page Wood VC held83 that the policy would have turned into fraud if the risk had been only for 1 day and the insurance had been for the whole duration of life. It is argued that such criterion under the second category is similar to the rules

77

Ibid. MacGillivray did not provide any example of this scenario. (1855) 1 K. & J. 223. 79 Birds et al. (2018), p. 1-035. 80 Ibid. 81 (1855) 1 K. & J. 223. 82 Birds et al. (2018), p. 1-035. 83 Law v London Indisputable Life Policy (1855) 1 K. & J. 223, 442. 78

Gambling on My Life and My Right to Live

245

relating to the amount that a policy can be taken for. The law does not allow one to insure for more than the amount that the assured has an interest in the life insured. Similarly, the second criterion does not allow to insure for longer than the actual time of interest. For instance, the company XYZ, in Illustration 4, can insure the life of G only for 1 year. It is argued that any extra period after the interest expires makes the policy a gambling instrument, no matter what justification the policyholder has.84 The chance of gambling still exists if the policy is taken for 1 year in the case of Illustration 4 and the employee resigns after 6 months. Similarly, where there is hope or expectation of the contract being extended on the day of taking the policy but the contract, in fact, is not extended, then the life of the employee would remain under threat during that extra period. For instance, Swisher illustrated the story of his student’s father, on whose life there was a key man life insurance policy. He was almost killed in two separate near-miss automobile hit-and-run incidents after he left the business, following a bitter argument with his partner.85 This coincidence clearly evidences that the beneficiaries of life insurance policies are induced to do moral hazards once the interest in the life insured is lost. Swisher commented that where the key employee left the job after the insurance policy was taken on his life, his former employer would have ‘everything to gain, and nothing to lose’ if the life insured would ‘suddenly die as a result of mysterious and unfortunate “accident”’.86 The Law Commission commented: In any event, since the requirement of insurable interest in non-indemnity insurance exists only at inception, it is possible for a life policy to have effectively become a gambling contract by the time of a claim. For example, a lender may maintain a life policy on a debtor even if there has been early repayment of the loan. A policy can be maintained in situations where the risk of moral hazard is perhaps increased. For example, a married couple may divorce in acrimonious circumstances, yet one may maintain an existing life insurance policy on the other.87

Following these arguments, it can be said that the current law requiring the presence of insurable interest only on the day of taking a policy opens the gate for gambling in the guise of insurance. Such gambling creates a threat to the life insured since the expectation of claiming a large amount of money has the potential to make a person greedy, which leads to moral hazards. For instance, Erik and Lyle Menendez killed their parents to inherit their wealth even though they grew up wanting for nothing.88 Similarly, greediness inspired Irene Seale to kill Sidney

84

(1855) 1 K. & J. 223. Swisher (2005), p. 528. 86 Ibid. See, Chantiam v Packall Packaging Inc (1998) 38 O.R. (3d) 401. 87 The Law Commission and the Scottish Law Commission (2008) para 4.15. 88 ‘Menendez brothers reunite nearly 30 years after killing parents’ https://www.theguardian.com/ us-news/2018/apr/07/menendez-brothers-reunite-nearly-30-years-after-killing-parents (Saturday 7 April 2018) The Guardian. Accessed 27 July 2019; ‘the Menendez Brothers: Murder in Beverly Hills’, https://edition.cnn.com/interactive/2017/hln/how-it-really-happened/the-menendezbrothers/ CNN (January 27, 2017). 85

246

Mahfuz

Reso89 as well as Shane Jaggarnauth to kill his parents.90 In two of these cases, Erik, Lyle and Shane suffered some loss by way of killing their parents, whilst Y from Illustration 2 and M from Illustration 3 did not suffer any loss by way of killing or creating an event for X’s or E’s death after they paid back the loan amount. Lush J stated: ‘Very great crimes may and have been committed, owing to the facilities offered by life insurance.’91 For instance, Malcolm Webster murdered his first wife in a faked car accident and tried to murder his second wife in the same manner for purposes of an insurance payout.92 Consequently, it is submitted that the current legal position relating to this issue violates the right to life. It is argued that the proposal of the Draft Insurable Interest Bill 2018 to repeal section 3 of the Life Assurance Act would increase the practice of gambling on the life insured. It is contended that all the insurance companies will not assess the risk to limit policy amounts to gain a higher premium. Since the main purpose of an insurance business is to make a profit, it is submitted that insurers will tend to assess only the possibility of the happening of the insured event. For instance, M, from Illustration 3, submits a proposal to insure E’s life for £2m. The amount of premium should be higher than the policy taken for £1m. Needless to say, the insurance company will assess whether there is any possibility of E dying within 1 year. If the possibility is low, there is no reason in the absence of section 3 for the insurance company to refuse to insure.93 For example, in Patel v Windsor Life Assurance Co Ltd,94 the insurer Virgin Direct issued a policy on Mr. Barot’s life even after it found some anomaly in the statements made in the application form. Consequently, it is argued that the repeal of section 3 will stimulate the chance of moral hazards, which breaches the right to life. Moreover, the argument of Group Risk Development, as stated above, that an ‘individual could simply take out multiple policies with different insurers to overcome any limit’ is superfluous since the limit will stop an insured from recovering more than his or her actual interest at the date of the taking of the policy. For instance, in Hebdon v West, the insured was not allowed to recover from the second insurance company since he received the amount from the first insurance company, which satisfied his interest. The next question is, do the debtors of Illustrations 2 and 3 agree to continue to have insurance policies on their lives even after they paid the debt amount back?

89

Bovsun (2010) Daily News, https://www.nydailynews.com/news/crime/ransom-bad-exxon-oilexecutive-sidney-reso-killed-kidnap-arthur-irene-seale-article-1.448931 accessed 27 July 2019. 90 Carrega-Woodby (2014) New York Post, https://nypost.com/2014/05/21/greedy-son-convictedof-parents-brutal-murder/ accessed 27 July 2019. 91 Evans v Bignold (1868-69) L.R 4 Q.B. 622. 625. ‘murders occur when the financial benefit from murder exceeds the combined losses of the risk of being caught and the loss of the intimate relationship.’ Davey (2014), p. 120. See also, Bentham (1830), p. 33. 92 http://www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-13279024 (accessed 24 August 2019). 93 See, Boodhun and Jayabalan (2018), p. 145. Manulife insurance companies in Canada offer insurance to HIV-suffering applicants through analysing survival rates. It shows that the insurers’ pure concern is the possibility of survival of the life insured. 94 [2008] EWHC 76 (Comm).

Gambling on My Life and My Right to Live

247

Keeping policies on their lives requires tracking their movements and determining when they die and how they die. It also requires keeping the debtors’ information with the insurance company even after the necessity of maintaining the policy on the debtors’ life expires.95 Due to the legal obligations under the loan contract, the debtor may give express or implied permission to take an insurance policy on his or her life. Following the repayment of the debt, the debtor will have a legitimate right to strongly disagree to his/her personal information, like photographs, date of birth, address etc., being kept by the insurance company and ex-creditor. For instance, in the case of S and Marper v UK,96 the applicants complained that the authorities had continued to retain their personal data even after their acquittal. The ECtHR held that the ‘mere storing of data relating to the private life of an individual amounts to an interference within the meaning of Article 8’.97 The court also confirmed: The protection of personal data is of fundamental importance to a person’s enjoyment of his or her right to respect for private and family life, as guaranteed by Article 8 of the Convention. The domestic law must afford appropriate safeguards to prevent any such use of personal data as may be inconsistent with the guarantees of this Article.98

In L.L. v. France,99 the applicant complained about the submission to and use by courts of documents from his medical records, in the context of divorce proceedings, without his consent. The court held that there had been a violation of Article 8 of the Convention. According to these decisions of the courts of the ECtHR, it is argued that allowing an insurer to continue with an insurance policy without the consent of the life insured breaches the right to have a private life. Moreover, under the ECtHR Guideline on Article 8, a state has positive obligations to ensure that Article 8 rights are respected between the private parties.100

7.1.2

Interest Based on a Reasonable Prospect of an Economic Loss

The current law does not recognise an interest as insurable where the loss is based on a reasonable expectation. For instance, in Halford Kaymer,101 the court held that a father’s expectation that his son would care for him or maintain him was insufficient to constitute an insurable interest in the son’s life. Similarly, the life of a key employee cannot be insured for an amount that is expected to be suffered by the company following his or her death. The English Law Commission proposed that an ‘insured has an insurable interest if there is a reasonable prospect that the insured will suffer economic loss if the 95

See, Boodhun and Jayabalan (2018), p.145; Mitchell (2019). App nos. 30562/04 and 30566/04 (ECtHR, 4 December 2008). 97 Ibid [67]. See also, L.H. v Latvia App No. 52019/07 (ECtHR, 29 April 2014). 98 App nos. 30562/04 and 30566/04 (ECtHR, 4 December 2008) 103. 99 App No. 7508/02 (ECtHR, 10 October 2006). 100 ECtHR (2019), para 3. 101 (1830) 10 B&C 724. 96

248

Mahfuz

insured event occurs’.102 The reasonable prospect of acquiring an insurable interest must exist at the time of the contract, yet its existence is not necessary at the time of the insured event. This widens the scope of taking out cover on many lives. For instance, children can take insurance cover to provide for their parents’ or grandparents’ care needs.

7.1.2.1

Critical Analysis of the Proposal

The proposed extension of insurable interest based on reasonable expectation will widen the scope of gambling. For instance, Mr. X promises Mr. Y that he will gift a sports car if Y completes his graduation. Y insures the life of X. Subsequently, X changes his mind. Y may find an alternative way of getting the car, i.e. by creating an event that kills X and claiming the insured amount from the insurance company. Following the proposal of the Law Commission to repeal section 3, Y may insure the life of X for a higher amount than the value of the car. Consequently, Y would have a higher chance of gambling on the life of X. The important question relating to the right to privacy may also come into play. For instance, according to this proposal, a company may take out a key employee insurance policy on the life of the person who has agreed to join the company. The prospective employee may not like to share his or her personal information with the insurance company. In such case, the court must strike a balance between the interest of the prospective employee’s privacy and the interest of the company as an employer. It is more probable that the interest of the employee would weigh heavier in this balance.

7.1.3

Interest Based on Natural Affection

The courts, and in one case the statute, identified some exceptional relationships where the parties have a deemed insurable interest for an unlimited amount. The reason is that these relationships are based on love and affection and as such, in the view of the court, there is no chance of gambling, which the 1774 Act aimed to prevent. The courts included only two kinds of insurance under this exceptional category. The first one is insurance on one’s own life, and the second one is insurance on the life of a spouse. For instance, Farwell LJ said in Griffiths v Fleming and Others that ‘A man does not gamble on his own life to gain a Pyrrhic victory by his own death’.103 He also said that ‘a husband is no more likely to indulge in “mischievous gaming” on his wife’s life than a wife on her husband's’.104 Section 253 of the Civil Partnership Act 2004 included civil

102

Clause 2(2) of Insurable Interest Bill 2018. [1909] 1 KB 805, 808; See, Wainewright v Bland 1 Moo. & R. 481. 104 Ibid 821. 103

Gambling on My Life and My Right to Live

249

partners under this category, placing them in the same position as a married couple. The Law Commission is keen to extend this list but confused about what other relationships should be included under this category. Initially, it considered allowing children to have a deemed insurable interest in their parents’ lives105 but subsequently changed the proposal, considering the fact that there are strong moral hazard arguments against giving an automatic insurable interest in the lives of (particularly elderly) parents or grandparents.106 However, along with the current list of individuals, own self and spouses, the Law Commission proposed to include persons who live with the insured as a spouse or civil partner, i.e. cohabitant, the person who is or is treated as a child or grandchild of the insured, and a member of a pension or other group scheme that is administered by the insured.107

7.1.3.1

Critical Analysis

In Vipul Patel v Windsor Life Assurance Company Ltd,108 Mr. Barot insured his life for £13,000,000 with five life insurance companies and assigned the benefit of the policy to Mr. Patel in December 2000. In October 2001, Mr. Patel claimed that Mr. Barot passed away in India and that he witnessed Mr. Barot’s death. The court held that Mr. Patel failed to prove that Mr. Barot died. It can be assumed that Mr. Patel and Mr. Barot intended to take advantage of the loopholes of the current law. A similar attitude can be seen in the case where a Chinese husband killed his wife for insurance money.109 The same can also be found in other cases, such as where Malcolm Webster killed his wife, as stated above, through a car accident for insurance money. Bentham argued that the weakness of insurance regulation would influence people to ‘compare the value of a loved one dead and alive, and act accordingly’.110 The unlimited nature of interest influences a person to take a policy on his or her spouse’s life for an amount that the policyholder can never earn in his/her whole life. Consequently, the policyholder may find the death of the loved one more beneficial than if he/she would remain alive. The circumstances may get worse if they are divorced or separated. Accordingly, alongside the contingency nature of a life insurance policy, the unlimited nature of insurable interest influences moral hazards. The Law Commission commented that the automatic unlimited insurable interest in a spouse’s life undermines the effectiveness of insurable interest

105

The Law Commission and the Scottish Law Commission (2008), Paras 7.62, 7.64. The Law Commission and Scottish Law Commission (2018b), para 2.40. 107 Clause 2 of Insurable Interest Bill 2018. 108 [2008] EWHC 76 (Comm). 109 See, Chinese husband bought £3.8 million life insurance for his wife months before he killed her. See, Cheng (2018). http://www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-13279024 (accessed 24 August 2019). 110 Davey (2014), pp. 120–121. 106

250

Mahfuz

since this influences a person to commit murder.111 In the Insurable Interest Bill 2018, it was proposed to extend the list of relationships to allow for an automatic unlimited insurable interest even though the proponents know that this influences the propensity to commit murder; i.e., they are proposing to enable threats on peoples’ lives, which may amount to a breach of the right to life. Once the couples are separated and married to another person, they may not agree to allow the insurance company or ex-spouse to keep their personal information and use it for their benefit. According to the aforementioned analysis, the state is obliged to protect the right of a spouse whose private life would be affected by such a continuance of the policy.

7.1.4

Assignment of Life Policy

The contingency nature of a life policy creates the opportunity to assign a life policy to a person who does not have an insurable interest in the life insured. For instance, the Law Commission, as stated above, proposed that a child should not have an insurable interest in his/her parents’ life due to the risk of moral hazards but that a parent can insure his/her life for any amount and assign the benefit to his/her child. However, to validate the assignment, two requirements must be fulfilled. Firstly, the insured must have a valid insurable interest at the time of taking out the policy. Secondly, ‘the assignment must not be used to escape the rule in Section 1 of the Life Assurance Act 1774’.112 The court established the rule that ‘a policy is void if it is taken out by a person having insurable interest with the immediate intention of assigning the policy to a specific person without insurable interest’.113 However, ‘if the assured has a general interest to assign in the future or forms an intention to assign the policy to a specific person some days after taking policy, the assignment of the policy would be valid’.114 In M‘Farlane v Royal London Friendly Society,115 the court held that an insured, with good faith, can take as many life insurance policies as he or she wants with the clear intention of assigning it to another person. However, ‘if ab initio the policy is intended for the benefit of another person only, and that fact is kept back, then the policy is void under the Life Assurance Act 1774’.116 A valid policy can be assigned several times. In Ashley v Ashley,117 A insured his life and afterwards assigned the policy to B. B’s executors sold and assigned the

111

The Law Commission and the Scottish Law Commission (2008) para 7.38. Mahfuz (2018), p. 42. 113 Merkin (2016), para 19-027. 114 Mahfuz (2018), p. 42. 115 (1886)2 TLR 755. 116 Mahfuz (2018), p. 42. 117 (1829) 3 Simons 149. 112

Gambling on My Life and My Right to Live

251

policy to D, and subsequently D’s executors sold it to E. The court held that E was entitled to stand in the place of the original assignor.

7.1.4.1

Critical Analysis

The importance of insurable interest is lost due to the possibility of assigning its benefit to a person who does not have an insurable interest in the life insured at all.118 For instance, E in the case of Ashley v Ashley above would not have been able to take a policy on A’s life. The assignment made it possible for E to take all the benefits of being an insured. E did not have any interest in A’s life, and as such A’s death did not cause any loss to E; in fact, it benefitted him. Consequently, instead of trying ‘to protect against a loss resulting from the insured person’s death’,119 an assignee like E would want the person on whose life the policy is taken, like A, to die, and the sooner, the better. Accordingly, A’s life is simply a gambling instrument in the eye of E since he is betting on the death of A,120 which then creates a threat to the life of A. It is advocated that the assignment of a life policy without the consent of the life insured breaches the right to have a private life. For instance, Z has taken a policy on his life, disclosing his certain illness. He subsequently assigned the policy to his uncle D, who subsequently sold the policy to KM Financing Company without the consent of Z. Passing the medical information to KM without the consent of Z should be a violation of his right to respect his private life, as it is confirmed by the court in Z v Finland.121

8 Does Gambling on Your Life Breach Your Human Rights? Will you feel safe if you know someone, who you may or may not know, is wishing your early death for his/her financial gain? At the same time, will you allow the policyholder and the insurance company to hold your personal information like your address, date of birth, photo, etc. without your permission? The purpose of this section is to make you, i.e. the reader, consider whether you find the gamble on your life by a person or company that will gain a big amount of money if you pass away early and lose the premiums if you survive acceptable. For instance, your ex-spouse is continuing to maintain a £5 million policy on your life, or

118

See, The Law Commission and Scottish Law Commission (2018b) para 2.43. The Law Commission proposed that a child should not have insurable interest in his/her parent's life due to the risk of moral hazard, but they are also showing the way to avoid that rule through an assignment. 119 Alt (2008), p. 610. 120 See, Curran (2010). 121 Z v Finland App No. 22009/93 (ECtHR, 25 February 1997) 95.

252

Mahfuz

you have assigned the £5 million policy to your friend, who subsequently sold it to a third party who you do not know. The insurance company will wish you to survive to the end of the policy, and your ex-spouse or the third person will want you to die sooner than that. The sooner you pass away, the better for the ex-spouse or the third party since they will no longer have to pay premiums after your death; instead, they will have financial gain. Both the insurance company and your ex-spouse or the third party are gambling on your life, considering you a gambling instrument. How will you feel if you have to leave your city, like the father of the student of Peter Nash Swisher?122 Will you feel dignified or humiliated? Will you be afraid thinking that someone wishes to kill you or some incident may be intentionally created to kill you or someone is praying for your early death? Bozanic acknowledged that ‘Profiting from death may strike one as morally offensive’, though she is in favour of the establishment of a stranger-originated life insurance market.123 The Law Commission reported that people are uncomfortable ‘at the thought that people who do not wish them well can take out policies on their lives. Taking out an insurance policy on someone’s life could be used as a threat.’124 However, the Law Commission, in the same report, commented that an assignment of a life policy to a stranger does not influence homicide rates but murder ‘is said to be most likely’ where the policy is taken on a spouse’s life.125 According to this view, the benefit of a life policy in the hand of a stranger is safer than one in the hand of a loved one. This view contradicts the view of Farwell LJ in Griffiths v Fleming and Others above, ‘a husband is no more likely to indulge in “mischievous gaming” on his wife's life than a wife on her husband's’.126 The principal defence of the supporters of a stranger-originated life insurance policy is that the homicide rate did not rise in Australia due to the withdrawal of the insurable interest requirement.127 However, it was accepted by the legislatures that this would increase gambling on people’s lives.128 Professor Davey stated that ‘murders for life insurance are rare, and even when they do occur, the insurable interest rules do little to prevent them’.129 The rise of homicide rates and facing the threat of homicide are different from each other. A person may be under threat to be killed, but he or she may have normal death anyway. The threat itself kills him/her psychologically and removes his/her peace of life. If you do not want a policy taken out on your life by certain persons or unknown persons, you are not supported by the current position in law. The law is giving full authority to an ex-spouse or third party to take a policy on your life

122

The story of the student of Peter Nash Swisher has been stated above. Bozanic (2008), p. 229. 124 The Law Commission and the Scottish Law Commission (2008), p. 7.40. 125 Ibid 7.38. 126 [1909] 1 KB 805. 821. 127 Life Insurance Act 1995 of Australia removes the requirement of insurable interest. 128 Sutton (1999), p. 6.34. 129 Quoted by Chandia (2018), p. 26. 123

Gambling on My Life and My Right to Live

253

without your consent. The question is whether you think it is fair and does not violate your right to private life without such unwanted interference.

9 Duty of a State to Preserve the Two Human Rights and the Author’s Recommendation According to the aforementioned analysis, the current law of insurance in the UK and the proposed law of insurance by the English and Scottish Law Commissions are in breach of two categories of human rights. The first one breaches the core human right to life, and the second one breaches a person’s right to dignity and respect for his/her private and family life.

9.1

State’s Duty to Protect Right to Life

It is argued above that the right to life is absolute when a state knows or ought to know that a person is at a real and immediate risk of loss of life.130 In such a case, the state carries a positive duty to take reasonable steps to preserve that life. The state cannot avoid or limit its responsibility. For instance, Turkey was liable for failing to do that which could have been expected of it to prevent the deaths of the applicant’s close relatives in an accident where the risk was known or ought to have been known by the Turkish authorities.131 There are three requirements that must be satisfied to impose the obligation to act upon a state. First, the threat has to be real. According to Weatherup J,132 a threat is real if it is objectively well founded.133 In the aforementioned analysis, it is argued that gambling on life creates a threat to that life since the gambler does not have anything to lose if the life insured dies before the policy matures. Consequently, the gambler develops a tendency to look for his or her gambling instrument to get the right result, i.e. the life insured to pass away within the policy period. If the instrument does not automatically get the right or total result, some gamblers manually try to get that number unless they are under surveillance. For instance, in New England Mutual Life Ins Co v Calvert,134 Victor Null sought and found financial backing for his invention from Ronald and James Calvert. Null and Calvert agreed to procure life insurance on Null’s life to protect the investment. After having

130

Re Officer L [2007] UKHL 36. Oneryildiz v Turkey Appl No. 48939/99 (ECtHR, 30 November 2004). 132 [2002] 1 WLR 1249. 133 Re W’s Application for Judicial Review [2004] NIQB 67 [17]; Re Officer L [2007] UKHL 36 [20] (Lord Carswell). The subjective fear is irrelevant for this purpose. 134 459 F. Supp. 979 (E.D. Mo. 1978). 131

254

Mahfuz

taken out three insurance policies on Null’s life, Null was found dead in his workshop. The incidence of murder of the person insured by the insured himself/ herself or his/her beneficiary can also be found in many other cases, like Bacon v Federal Kemper Life Assurance Co,135 Griffiths v Fleming,136 Liberty National Life Ins Co v Weldon,137 Edwards v Reginam,138 R v Higgin, R v Litchfield,139 R v Causley140 and Burton v John Hancock Mutual Life Insurance Co.141 The Times reported a case of a terminally ill insured who was thought to have arranged his own ‘contract killing’ because he was concerned that his life policy would exclude suicide.142From the perspective of criminology, a person compares the loss and profit from doing any crime. Bentham stated that ‘the profit of the crime is the force which urges a man to delinquency. The pain of the punishment is the force employed to restrain him from it. If the first of these forces is greater, the crime will be committed; if the second is greater the crime will not be committed’.143 It has been argued above that the current laws and the Draft Bill 2018 are giving all categories of policyholders an opportunity to gain profit following the early death of the person insured. Such profit tempts the policyholder to kill for money, especially when the profit is a large amount that he or she cannot imagine earning in his/her life. As state agents, the Law Commissions144 are well aware that the incidences of murder are most likely to happen in a marriage relationship where a spouse can take out an insurance policy for an unlimited amount on the other spouse’s life.145 The statistics show that the number of incidences of murder for insurance benefits is higher in the case of spousal relationships.146 The Law Commissions found that the policies in the hand of a third party or stranger also pose a threat to life.147 Consequently, it is argued that the threat to life is well founded where there is gambling on the life insured, and as such it satisfies the test of ‘real risk’ only in those cases.

135

512 N.E.2d 941 (Mass 1987). [1909] 1 KB 805. 137 100 So 2d 696 (Ala, 1957). 138 [1973] AC 648. 139 Unreported, CA, The Times, 11 August 1995. 140 [1999] Crim LR 572 (CA). 141 298 S.E.2d 575 (Ga. Ct. App. 1982). 142 The Times, 5 August 1997. Discussed by Davey (2014), p. 120. Chinese husband bought £3.8 million life insurance for his wife months before he killed her, Cheng (2018). 143 Bentham (1830), p. 33. 144 English Law Commission and Scottish Law Commission. 145 The Law Commission and the Scottish Law Commission (2008), p. 7.38. 146 See, Davey (2014). 147 The Law Commission and the Scottish Law Commission (2008), p. 7.40. 136

Gambling on My Life and My Right to Live

255

The second test that must be satisfied is that the threat to life is immediate. A threat is immediate when it is ‘present and continuing’.148 Whether a threat is immediate or not depends on the facts and degree of risk of each case.149 The alleged threat to life becomes immediate when a policy attains the nature of a gambling contract. According to the aforementioned analysis, the state, in this case the UK, knows or ought to know that gambling on life creates a threat to the life of the person insured. The threat is real and immediate. Consequently, the state has the obligation to take positive steps to protect the life insured. According to the aforementioned argument, the right to life is absolute when there is a threat against that life. The state, therefore, cannot limit its obligation. Academics may argue that gambling is no longer a crime in modern society. Consequently, there should not be any restriction on gambling or betting on a life. Following the example of Australia, where gambling in the guise of insurance has been legalised, they opine that homicide itself is an offence, the rate of which is not increasing due to the wide opportunity of gambling on a life insured.150 Accordingly, it is the duty of a state to stop crime through the adequate enforcement of criminal law and the exercise of police authority.151 However, it has been stated above that a threat to life itself breaches the right to life. A state is under the obligation to protect people from that threat instead of waiting for their death and then punishing the culprit after the incidence by the application of adequate criminal law.152 According to this analysis, the person on whose life the policy is taken faces the alleged threat to life when the policy embraces the character of gambling. For instance, a policy taken on a debtor’s life for the amount of the principal debt cannot be considered to be a gambling contract since killing the debtor will not give the insured any extra benefit. However, should the insured continue the policy after the debt amount is repaid, i.e. the interest is lost, the policy takes on the nature of a gambling contract that carries the risk of murder.153 In other words, the lack of insurable interest develops the chance of gambling, as stated in the Preamble of the 1774 Act. The best way to stop this threat is by bringing back the decision of Godsall v Boldero,154 which treated a life insurance policy as an indemnity policy. It is conceded that although this proposal is against the current flow of the market, only this can clean the muddied waters of the insurance industry. It is also acknowledged

148

Re W’s Application for Judicial Review [2004] NIQB 67 [17]; Re Officer L [2007] UKHL 36 [20] (Lord Carswell). 149 R (on the application of Bloggs) v Secretary of state for the Home Department (2003) EWCA CIV 686 [61]. 150 See, The Law Commission and the Scottish Law Commission (2008). 151 Chandia (2018), Gajjar (2014) and Loshin (2007). 152 See, Mahfuz (2013), p. 81. 153 Warnock v. Davis (1881) 104 U.S. 775, 780. 154 (1807) 9 East 72. The decision of this case has been stated above.

256

Mahfuz

that the insurance industry will lose a large investment in this sector since the more policies they sell, the greater profit they earn. It is always profitable for insurers if the policies mature, instead of paying them out before the expiry date. For instance, 20 creditors insure their debtors’ life with AB insurance company. If 15 debtors pay the debt amount before their 15 policies expire and surrender the policies, the insurance company would be deprived of premiums. If they continue the policies, the insurance company would benefit. Moreover, the insurance companies assess the mortality of the life insured before issuing a policy in order to ensure that their chance of paying the claim is low. If any creditor kills his/her debtor at an earlier time, the insurance company will not be liable to pay out the insured amount. Consequently, the chance of being obliged to pay out the claim is very low. On the other hand, there are investors that buy insurance policies from insureds who are unable to pay their premiums. They buy the policies where there is a possibility for the life insured to die within the policy period.155 Consequently, the insurance policy becomes a gambling contract where both the insurance company and the investors play using the person on whose life the policy is taken as a bet. This is a humiliation for a human being. The application of Godsall v Boldero156 will stop the investors from buying these policies and attempt to restore some form of human dignity. The principal difficulty in the application of the court’s decision in Godsall v Boldero is in the relationship between an insured’s spouse, parents and children in a life policy and in the policy that is taken on one’s own life since the economic loss of life cannot be counted in these cases. As stated above, statistics show that the majority of incidences of murder for insurance money occur between husbands and wives.157 These murders occur ‘when the financial benefit from murder exceeds the combined losses of the risk of being caught and the loss of the intimate relationship’.158 The practice of insuring a spouse’s life for a large amount goes against the spirit of insurance, which is in principle to protect the insured against suffering financial loss.159 Since the loss in this case is not quantifiable, a number of people are abusing the opportunity of insuring for an unlimited amount. Furthermore, several investors are also involved in this unethical conduct through the channel of assignment. To stop such unethical practices and protect human rights, it is necessary to reshape this rule considering the core principle of insurance to keep the insured indemnified against financial loss.

155

See, Brunau (2012) and Fleisher (2010). (1807) 9 East 72. The decision of this case has been stated above. 157 See, Davey (2014). 158 See, ibid. Malcolm Webster killed his wife for almost £1 million life insurance money. ‘Malcolm Webster: Wife Killer Jailed for 30 years’ BBC News (5 July) https://www.bbc.com/news/ukscotland-north-east-orkney-shetland-13989956 accessed 20/9/2019. Chinese husband bought £3.8 million life insurance for his wife months before he killed her. See, Cheng (2018). 159 See, The Fanti and The Padre Island [1991] 2 AC 1, 35 (Lord Goff). 156

Gambling on My Life and My Right to Live

257

If a spouse, child or parent passes away, the remaining family members often struggle to get money for their survival. If their family income is £20,000 a year, then they suffer the loss of that amount once the breadwinner passes away. If a policy is taken for £1 million, then the policy takes on the nature of gambling, which creates the threat to the insured life. However, such a calculation will be difficult where the policy is taken on the life of a wife who is a homemaker. In such case, it is required to valuate the contributions of both the husband and wife at the same scale; i.e., if the value of the husband’s work is £20,000, the value of the wife’s work is also £20,000. Consequently, the policy on the wife’s life should be taken for that particular value. However, the impact of the death of the husband or wife cannot be limited to that earning. The loss of life has a far greater impact than that financial loss that is difficult to calculate. Considering this difficult scenario, it is recommended to allow the life insurance policy to be taken out for an amount equivalent to the past 5-year income. In this case, the policy can be taken either on the wife’s life or the husband’s life for £100,000 only. Their child who is a minor can also take a policy on his/her parent’s life for the same amount since he/she will suffer the same loss in such a situation. However, this proposed rule can again be misused. For instance, a wife and her five children can take a policy on their breadwinner’s life totaling £600,000. To stop any misuse and gambling, one family should be allowed to take one policy on either breadwinner’s life or homemaker’s life. A similar approach can be used for a policy taken on one’s own life. The difficulty can also be found where both husband and wife work for living. For instance, a husband’s earning is £25,000 a year and a wife’s earning is £26,000 a year. In such a case, the higher earnings should be calculated. For instance, if a policy is taken on the husband’s life, the cap should be for £130,000. In the case of key employee insurance, the company should be allowed to insure the amount that is equivalent to the value of that employee to the company as an employer. Salary is determined according to the value of the service of each employee. Consequently, the value of a key employee for 1 month is his/her 1-month salary. If this key employee passes away, the company must look for another employee with similar qualities. The company must estimate a reasonable time necessary to find such a replacement. If, for example, it takes 6 months, the insurable interest would be the amount equivalent to the key employee’s salary for 6 months. Needless to say, the application of the proposed law will make a major change in the insurance industry yet will protect human rights, especially in countries where the crime rate and the rate of human rights violations are very high.

9.2

State’s Duty in Protecting Private Life

It has been stated above that the right to respect private life is qualified, which can be infringed upon in accordance with provisions of law or in the case of necessity for

258

Mahfuz

purposes of national security or public safety. It has been argued above that the current English insurance law is violating Article 8 of ECHR by allowing a person to continue with a policy on the life insured, without the latter’s consent, after the insurable interest is lost and also by allowing an insured to assign a policy to a stranger. The state can stop that breach by imposing the requirement of consent. Both the English and Scottish Law Commissions considered the argument that ‘it is not right in principle for someone to take out insurance dependent on another’s death without first obtaining that person’s consent’.160 In New York, every policyholder has to have consent from the life insured.161 In Texas, consent is required to assign a policy to a third party.162 In Germany, consent of the person insured is necessary where the policy is taken out for an amount exceeding the burial costs for that person.163 The English and Scottish Law Commissions initially proposed that consent is required for policies where there is no insurable interest in the life insured.164 The consultees rejected this proposal on the ground that consent might be obtained by duress or other objectionable behaviour. In their view, it would be difficult to remedy the circumstances where the person insured withdrew consent.165 In the view of the author, none of these grounds are strong enough to oppose the requirement of obtaining consent since duress or other unconscionable or objectionable inducement can be challenged in the courts. Once consent is given with satisfaction, it cannot be changed. In the view of the author, consent should not be required where there is insurable interest based on economic loss recognised by law since it is the insured’s legitimate interest to obtain financial security by way of the insurance policy. For instance, if the debtor passes away, the creditor will lose the money that he or she lent. Financial security by way of insurance policy is also necessary where the policy is taken on a spouse’s life. Consequently, there should not be any requirement of consent under the ground of public interest. However, where there is no need for financial security, the policy gets the nature of a gambling contract, which creates a threat to life. In the view of the author, as stated above, such policies should be

160

The Law Commission and the Scottish Law Commission (2008), p. 7.72. See, Ibid 7.73. 162 The Texas Insurance Code 1103.056 states that “An individual of legal age may in a single written document: (1) consent to the purchase of or application for an individual or group life insurance policy by a third party; and (2) designate or consent to the designation of any individual, partnership, association, corporation, or other legal entity as: (A) a beneficiary of the policy;(B) an absolute or partial owner of the policy; or (C) both a beneficiary and an absolute or partial owner of the policy.” 163 Article 159 of the German Insurance Contract Law (‘VVG’). 164 The Law Commission and the Scottish Law Commission (2008), para 7.79. 165 The Law Commission and the Scottish Law Commission, Insurance Contract Law: Post Contract Duties and Other Issues (Consultation Paper No. 201, Discussion Paper No. 152, 2011) para 13.60. 161

Gambling on My Life and My Right to Live

259

stopped. However, if any state disagrees with the author, it should impose the requirement of consent to protect the right to privacy of the person insured.166

10

Conclusion Very great crimes may and have been committed, owing to the facilities offered by life insurance.167

The 1774 Act of the UK was enacted with the pure intention to stop gambling in the guise of insurance. The only problem with the Act was not clarifying whether there is any requirement for the existence of insurable interest at the time of peril. Initially, the court in Godsall v Boldero168 held that insurable interest must exist both at the time of taking out the policy and on the day when the person insured dies. Subsequently, the court in Dalby v The India and London Life Assurance Co169 changed the law and made the life policy a contingent policy. Because of this development, several opportunities for gambling on life were facilitated. It is especially the possibility of assigning the policy to a stranger that made the Act superfluous.170 This was one of the main reasons for Australia to withdraw the requirement of insurable interest from its insurance laws.171 However, the Australian insurance industry has financially benefitted due to this withdrawal. Following their example, many academics are arguing to withdraw the requirement of insurable interest and recommend that a government should apply strict punishment in criminal law for a homicide that could be inspired by the motive of gambling. They are of the view that insurable interest cannot stop gambling due to the existing loophole, as discussed. It also cannot impose punishment for a murder that was inspired by gaining the benefit of an insured amount. Consequently, they are arguing to withdraw the useless requirement of insurable interest and allow for an unlimited open insurance market for a better economy.172 It is argued that these academics, with due respect, fail to see the other side of the coin where human lives are increasingly being threatened due to such promotion of gambling on life for the purposes of a profitable insurance claim payout.173

166 In Spain, Article 83 of the Insurance Contracts Act Law Number 50/1980, consent is necessary where the insured does not have interest on the life insured. 167 Evans v Bignold (1868-69) LR 4 QB 622, 625 (Lush J). 168 (1807) 9 East 72. 169 (1854) 15 C.B. 365. 170 Law Commissions of England and Scotland guide the people to assign a policy to avoid the impact of the Act. See, The Law Commission and Scottish Law Commission (2018a), para 2.43. 171 The Law Reform Commission, Insurance Contracts, Report No 20, (1982) para, 146. See, Sutton (1999), para 6.33. 172 See, Chandia (2018); The Law Commission and the Scottish Law Commission (2008) para 7.38. 173 See, Mahfuz (2018).

260

Mahfuz

Gambling on a person’s life means that the person is being used as a gambling instrument by the gambler and by the gambling house, i.e. the insurance company. It is the wish of the gambler that the insured life dies sooner and the wish of the insurer that he or she dies later. In the view of the author, it is a type of humiliation for the person insured. He/she also remains under threat to life by the gambler, who wishes his/her early death. It is the threat to lose his/her life from which a person should be protected, instead of waiting for his/her death and then after the insidence punishing the culprit by applying strict criminal law. One can draw the analogy that citizens are being asked to leave the doors to their homes open at all times relying on criminal law and police force in order to get the remedy once they are robbed or attacked in reality, the law itself requires persons to protect themselves, rather than putting themselves at risk by, for example, leaving a door open and then expecting that law enforcement officers will chase down the criminals.174 Moreover, the assured’s right to privacy is also violated when his/her information is used by strangers (both the policyholder and insurer can be unknown to the person insured) in taking the policy on his/her life. In order to protect human dignity and the right to privacy, the author recommends applying the principle laid down in Godsall v Boldero175 and disregarding its impact on the current insurance industry. The author also proposes to cap the insurable interest limits for the life insurance policies taken on a spouse’s life or own life. However, if a state or regulators do not agree to impose such restrictions, they should impose at least the requirement of obtaining the assured’s consent for purposes of a policy where the policyholder does not have an insurable interest or where the interest is lost prior to the end of the cover.

References . . . as reported in BBC (5 May 2011a) Malcolm Webster gives evidence in wife murder trial. http:// www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-13279024. Accessed 24 Aug 2019 . . . as reported in BBC (5 July 2011b) Malcolm Webster: Wife Killer Jailed for 30 years’ BBC News. https://www.bbc.com/news/uk-scotland-north-east-orkney-shetland-13989956. Accessed 20 Sept 2019 . . . as reported in CNN (27 January 2017) ‘the Menendez Brothers: Murder in Beverly Hills’, https://edition.cnn.com/interactive/2017/hln/how-it-really-happened/the-menendez-brothers/. Accessed 26 Sept 2019 . . . as reported in The Guardian (Saturday 7 April 2018) ‘Menendez brothers reunite nearly 30 years after killing parents’ https://www.theguardian.com/us-news/2018/apr/07/menendez-brothersreunite-nearly-30-years-after-killing-parents. Accessed 27 July 2019 Alborn T (2007) A license to bet: life insurance and the Gambling Act in the British Courts. Conn Ins Law J 14:1–20 Alt A (2008) Spin-life insurance policies: a dizzying effect on human dignity and the death of life insurance. Ave Maria Law Rev 7:605–637

174 175

Mahfuz (2013), p. 81. (1807) 9 East 72.

Gambling on My Life and My Right to Live

261

Australian Human Rights Commission (14 December 2012) Information for people and organisations responding to complaints – unlawful discrimination. https://www.humanrights.gov.au/ complaints/information-people-and-organisations-responding-complaints-unlawful-discrimina tion. Accessed 28 Sept 2019 Bainbridge A, Clark E (24 January 2019) Insurers gaining ‘open-ended access’ to medical records slammed as ‘unfair privacy breach’ ABC NEWS https://www.abc.net.au/news/2019-01-24/ medical-records-handed-to-insurance-companies-over-mental-health/10720024. Accessed 01 Sept 2019 Bentham J (1830) The rationale of punishment. Heward, Montréal Birds J, Lynch B, Paul S (2018) MacGillivray on insurance law, 14th edn. Sweet & Maxwell, Mytholmroyd Boodhun N, Jayabalan M (2018) Risk prediction in life insurance industry using supervised learning algorithms. Springer 4:145–154 Bovsun M (22 May 2010) Ransom gone bad Exxon oil executive Sidney Reso killed in kidnap try by Arthur and Irene Seale’ Daily News, https://www.nydailynews.com/news/crime/ransombad-exxon-oil-executive-sidney-reso-killed-kidnap-arthur-irene-seale-article-1.448931. Accessed 27 July 2019 Bozanic KJ (2008) An investment to die for: from life insurance to death bonds, the evolution and legality of the life settlement industry. Penn State Law Rev 113:229–266 Brunau TJ (2012) Betting on death or just cashing in?: Taking a look at the life settlement industry through the lens of. Kramer v Phoenix Life Insurance’ Quinnipiac Probate Law J 25(2):210–232 Cali B (2007) Balancing human rights? Methodological problems with weights, scales and proportions. Human Rights Q 29:251–270 Carrega-Woodby C (21 March 2014) Greedy son convicted of parents’ brutal murder’ New York Post, https://nypost.com/2014/05/21/greedy-son-convicted-of-parents-brutal-murder/. Accessed 27 July 2019 Chandia CL (2018) 'Insurable interest on the eve of its legislative consolidation, It is still not too late to put into reverse gear. Br Insurance Law Assoc J 131:9 Cheng K (12 December 2018) Chinese husband buys £3.8 million life insurance for his wife months before killing her during a holiday in Thailand to claim payout, relatives reveal’ Mail Online https://www.dailymail.co.uk/news/article-6487843/Chinese-man-buys-3-5-million-life-insur ance-wife-killing-Thailand-say-relatives.html. Accessed 5 Sept 2019 Cherowbrier J (Feb 11, 2019) Insurance industry in the United Kingdom – Statistics & Facts Statista https://www.statista.com/topics/4511/insurance-industry-uk/. Accessed 25 Sept 2019 Curran R (12 April 2010) The pros and cons of betting on death. The Wall Street Journal https:// www.wsj.com/articles/SB10001424052748703909804575123960669921740. Accessed 20 Sept 2019 Davey J (2014) Dial M for moral hazard? Incentives to murder and the Life Assurance Act 1774. Insurance Law J 25:120 ECtHR (30 April 2019) Guide on Article 8 of the European Convention on Human Rights Fleisher M (2010) Stranger originated life insurance: finding a modern cure for an age-old problem. Cumberland Law Rev 41:569–621 Gajjar J (2014) The doctrine of insurable interest in life insurance: a fling of the past or till death do us part? Br Insurance Law Assoc J 127:1 Human Rights Committee (32 Session, 8 April 1988) General Comment No. – 16, Article 17 (The right to respect of privacy, family, home and correspondence and protection of honour and reputation) Human Rights Committee (30 October 2018) General comment No. 36 (2018) on article 6 of the International Covenant on Civil and Political Right, on the right to life Human Rights council (18 July 2014) The right to privacy in the digital age A/HRC/27/37 Indiviglio D (May 18 2011) ‘Death derivatives: has wall street finally gone too far?’ The Atlantic https://www.theatlantic.com/business/archive/2011/05/death-derivatives-has-wall-streetfinally-gone-too-far/239091/. Accessed 22 Aug 2019

262

Mahfuz

Information Platform humanrights.ch (2 May 2019) https://www.humanrights.ch/en/standards/untreaties/iccpr/. Accessed 26 Sept 2019 KPMG (15 August 2018) Life Insurance sector revenues on the rise, KPMG study shows. https:// home.kpmg/au/en/home/media/press-releases/2018/08/life-insurance-sector-revenues-on-therise-kpmg-study-shows-16-august-2018.html. Accessed 26 Sept 2019 Loshin J (2007) ‘Insurance Laws’ Hapless Busybody: a case against the insurable interest requirement. Yale Law J:474–509 Mahfuz (2013) A research to develop English insurance law to accommodate Islamic principles. PhD. University of Manchester, Manchester Mahfuz (2018) Can insurable interest and assignment in a life-related policy coexist? Br Insurance Law Assoc J 131:38 Merkin R (2016) Colinvaux’s law of insurance, 11th edn. Sweet & Maxwell, Mytholmroyd Mitchell D (17 June 2019) Life insurance application questions’ BestLifequote. https://www. bestlifequote.com/blog/what-questions-are-on-a-typical-life-insurance-application/. Accessed 28 Sept 2019 Rehbock T (2008) Menschenwürde und Bioethik. Inf Phil 36(1):25 Sutton K (1999) Insurance law in Australia, 3rd edn. LBC Information Services, Freshwater Swisher PN (2005) The insurable interest requirement for life insurance: a critical reassessment. Drake Law Rev 53:477–543 The Law Commission and Scottish Law Commission (April 2016) Summary of Responses to Issues Paper 10: Insurable Interest The Law Commission and Scottish Law Commission (June 2018a) Updated Draft Insurable Interest Bill for Review The Law Commission and Scottish Law Commission (June 2018b) Reforming insurance contract law, Updated draft Insurable Interest bill for review The Law Commission and the Scottish Law Commission (2008) Insurable Interest, issues paper 4 The National Council for Civil Liberties (2010) A Parliamentarian’s guide to the Human Rights Act, 1st edn. Liberty, London The Office of the High Commissioner for Human Rights, ‘The Universal Declaration of Human Rights at 70: Still Working to Ensure Freedom, Equality and Dignity for All’. https://un.by/en/ un-news/human-rights/246-30-articles/3987-article-3-right-to-life. Accessed 26 Sept 2019 Tiedemann P (2012) Is there a human right to life? Ann Rev Law Ethics 20:345–360 Karina Weller (3rd July 2017) What is the International Covenant on civil and political rights?’ Human Rights News, Views & Info, https://rightsinfo.org/international-covenant-civil-politicalrights/. Access 22 July 2019