Tab navigation

Summary

Privacy in an Agile Environment

Written by: Susana Gomez, Compliance Officer, Swiss Re

The 5th Swiss Re Symposium on Data Protection, held on 25 September 2018 at the Swiss Re Centre for Global Dialogue, focused this year on privacy in the context of new technologies and innovation. Contrary to many other conferences held on this topic where new technologies and innovation are presented as factors that erode privacy and where privacy is declared as being on a dead-end street, the speakers and participants of this Symposium took a fresh, positive look at the opportunities. Technology itself can provide solutions for the most pressing privacy compliance challenges, e.g., by translating complex regulatory requirements into an easy to understand and implementable language or by offering solutions where consumers are provided with full transparency and where they can set their own preferences and controls. Practitioners from the insurance and the technology industries shared their thoughts on how technology can only be used in a successful and sustainable way when individuals keep trusting technology. Therefore, privacy, seen as an essential element of maintaining consumer trust, is seen as an enabler of technology rather an inhibitor.

The Symposium attracted a very diverse crowd of insurance and reinsurance professionals, data protection and information technology experts, lawyers, academics and individuals interested in the subject. In speaker sessions and lively discussion forums, participants not only got a glimpse of the future of insurance where technology will bring enormous change and where meeting privacy expectations are expected to establish a competitive advantage but also were able to hear and question how insurance and technology practitioners face the challenges that new technologies bring.

Part One – Understanding Technology and Privacy 

Understanding technology – the future of technology in the eyes of a futurist

Gerd Leonhard, CEO of the Futures Agency

The insurance industry today has reached a new frontier. New technologies and business models are shaping the way we provide insurance solutions at ground-breaking speed. Innovation is creating new opportunities for humanity and as a result for us as insurers. Gerd Leonhard, Futurist and Humanist, opened the Symposium by asking us to think about technology and the future of insurance. A world where the technology we see today will further advance and change the way consumers experience insurance. Where Blockchain, Big Data, Artificial Intelligence, and Digitalization are not just industry buzzwords but will be integrated into daily operating procedures. Technology will not only change the way we do business in the insurance industry but will also transform our lives. Therefore, it will also become increasingly important to recognize where digital transformation could inadvertently create a negative impact on an individual's freedom of choice and privacy expectations. While it is certain that technology is here to stay, a sustainable future in our industry will only be guaranteed where an ethics framework provides for not only doing what is legitimate but doing what is right.

Understanding technology – focus on people

Stefan Weiss, Global Data Protection Officer, Swiss Re

"Without privacy, there is no point to being an individual", as Jonathan Franzen wrote, describes well where privacy rights, self-determination and freedom of choice makes us humans who we are. As technology will play an ever more important role in our lives, these parameters do not go away, in the contrary, they will have to be applied wherever new technology interferes with our lives Stefan Weiss, Swiss Re's Global Data Protection Officer, sees developments in the "digital revolution" that are similar to the industrial revolution. The latter resulted in strengthened workers' rights to counter-balance social consequences, whereas the "digital revolution" is likely to lead to strengthened consumer and privacy rights, covering individual freedom and choice. He observed that contrary to those who claim that privacy is dead, the opposite development seems to be well underway.

Human limitations become very apparent with the digital transformation of our lives. For example, the lack of adequate knowledge on how personal data can and will be used create information asymmetries. At the same time, human behavior in terms of providing information about oneself in a social media setting is guided by social preferences and norms rather than the result of a rational, informed decision. The lack of knowledge one has about a technology and complex data transactions that happen behind the scenes is obviously complicating things further – all of which require careful impact evaluations when confronting individuals with new technology.

In summary, it is important for our industry and its players to be transparent on what we do, to be pro-active in thinking about our customers and the individuals who are impacted. This is true for the benefits of technology but also for the risks and how they can be mitigated. The use of personal data needs context and needs to be explainable. Products need to be developed with an «ethical mindset» that considers our values and norms not only within the organization who applies new technology but also within the society and the context we work in. Knowing expectations of clients and the market in this respect is key. Finally, trust remains to be the most important currency in the digital world. Trust is the basis for a sustainable business relationship and we need to better understand the technology we apply to know how trust can be maintained or even fostered with the technology.

Peer Discussion amongst Data Protection Officers

Christian Drechsler, Head of Legal IT/IP/Data, Zurich Insurance Company Ltd., and
Stefan Weiss, Global Data Protection Officer, Swiss Re

Following the insights on the future of the insurance industry, what to expect from new technologies and the view that privacy is here to stay, a peer discussion amongst Data Protection Officers looked a bit into the operational details when building privacy into a new digital product or processing environment.

Considering watch was sketched out by Gerd Leonhard, the question was on what the challenges are when being confronted with a new technology and trying to apply legal and regulatory requirements to it. Certainly the privacy field has changed quite dramatically over the last five years. Providing privacy advice was typically easier five years ago than it is today. In fact, many questions in the past were not so much related to technology and had to deal a lot more with a contractual review and legal interpretations what is being done. Where technology was involved, it was much easier to understand. Today, a Data Protection Officer is confronted with technology almost all the time. And what gets raised is more often than not very new to all stakeholders. This makes it necessary to understand it a lot more detail what is presented before rendering advice. Also, quite often when a Data Protection Officer is expected to give advice, the technology is not even built yet and only exists on the drawing board. Iterative processes in "agile system development" add another layer of complexity because what was thought in the beginning may not make it to the end or additional new objectives for data processing activities may come in only much later. What Data Protection Officers now also have to consider is the regulatory landscape and the speed at which laws and regulation change – the introduction of GDPR and the subsequent adaptations of data protection laws in many other countries outside the EU being a prime example. Of course the heightened sanctions and enforcement powers that come with many data protection and privacy laws also means that privacy compliance is usually not a sole topic for a legal or compliance department anymore but make it up to the boardroom very often.

Part Two – Privacy in Practice

"Privacy by Design" – how to promote trust in innovative insurance products

Sarah Zech, Digital Compliance Counsel, Allianz SE

Architects, artists, and privacy practitioners are all in the design business. Each understand that a solid infrastructure is critical to the long-term sustainability of a solution. And with any long-term solution, the way we as insurers deliver service to our clients must be designed to address challenges like data protection and privacy. In Privacy by Design, Sarah Zech described how Allianz uses known privacy principles throughout the product development life cycle, ultimately generating value for its customers – value in the form of protecting the customer's reputation which is reinforced by the customer's trust towards the organization and the applied technology.

Technology and innovation - how the technology industry approaches privacy concerns with new, innovative technology

Ulrich Sachs, Sr. Product Legal Counsel, Google

User trust is the key to Google's success. Ulrich Sachs described how he works with engineers to continue building user trust into Google's product offerings. It is clear that a consumer losing trust into Google and stopping to use Google's search engine will immediately result in less user traffic. Users will only continue to use services when they continue trusting it. In order to maintain their users' trust, Google built a scalable privacy framework into their foundation that is fully automated and applied to their cloud platform. The framework has Google's engineers work on Privacy by Design where new products are being built and where new data processing activities are being set up.

Learning from each other – knowledge exchange

Moderator: Annie Bai, Data Protection Officer, Swiss Re

Panelists: Sarah Zech, Ulrich Sachs, Carmen Edelman, Head Digital IT Advisory, Swiss Re, and David Evans, Data Protection Officer, Swiss Re  

No Swiss Re Institute would be complete without an open discussion. To wrap up the observations of the day Annie Bai, moderated a panel of peers to explore the responsibility organisations have to make privacy a core element of their business. The panel revisited how the future of insurance may look for them as privacy practitioners, the impact new technology and innovation have on them in their roles as business enablers, and how the challenges faced in privacy today can help to inspire the insurance solutions of tomorrow.