Insurance companies offering discounts to young drivers who install special tracking devices in their cars to monitor their driving behaviour will face audits to ensure they are not breaking the law in how they use people’s personal information.
Data Protection Commissioner Helen Dixon, told a conference to mark international Data Protection Day on Thursday that so-called "telematics boxes" offered by some insurers could record driver behaviour, speeds and locations and that they generated an "extremely detailed personal profile" of individuals.
“It would be essential that anyone signing up for a reduced car insurance premium on this basis is made fully aware of what the deal really is and precisely how their personal data will be used to come to conclusions regarding their driving behaviour,” she said.
Such insurance products are already being sold by some firms in Ireland, particularly targeting drivers aged 17-24.
The commissioner said drivers needed to be informed precisely how their personal data would be used to come to conclusions regarding their driving ability or quality, and what third parties it may be passed on to and in what circumstances.
“The Irish data protection authority intends therefore to audit in 2016 some of the companies offering these products in Ireland to assess in detail the level of compliance with data protection legislation,” she said.
Ms Dixon was addressing the eighth annual national data protection conference organised by the Irish Computer Society and the Association of Data Protection Officers, in Dublin.
She said tracking the ongoing march of “big data” and seeking to ensure organisations did not combine people’s personal data in ways they could not have anticipated was an “ongoing challenge”.
On personal sensor-based devices, the commissioner said the whole area of health data and its “crossover from the medical world into the lifestyle and fitness arena” will likely be of growing interest to her office this year and beyond.
“While the transmission of personal data from these devices to the cloud is achieved with the consent of for example the Fitbit owner, as a data protection authority, we remain vigilant as to the uses other sectors, such as the insurance sector, may seek to put this valuable personal data and how that might be done.”
Tracking of individuals through their smart devices over wifi connections in shops and airports was also becoming “endemic”, the commissioner told delegates.
Combining this information with smart video analytics to deliver facial recognition also posed “some challenging questions in terms of interference with the individual’s right to privacy”.
Europe’s data protection authorities will shortly issue guidance on these matters, Ms Dixon said.
She said her office was seeing the dividends of its recent additional staffing and that this would soon be reflected in shorter timeframes for responses to those engaging with the office, as well as “better quality and timely guidance”.
The commissioner said a critical round of recruitment was now underway for specialist IT and technical compliance staff.