Insurance Europe has today published a paper that examines the impact of the different positions that have been taken by the European co-legislators – the European Commission, the Council of the EU and the European Parliament – on proposals for the e-Privacy Regulation, which will soon be debated in trialogue discussions.
the co-legislators should preserve the exemption for the “services requested by the end-user” to allow data collection from terminal equipment, as this is the only way insurers can continue to offer telematics-based insurance products.
These types of innovative services strongly benefit consumers by rewarding low-risk drivers with lower premiums, while also improving road safety. To provide such innovative services, it is important that the e-Privacy Regulation includes a legal basis providing sufficient legal certainty to collect data from the terminal equipment.
However, only the Council’s position would provide the legal certainty insurers need to continue offering such products, as there is no exemption in either the Commission’s or the Parliament’s positions that provides for such certainty.
Insurance Europe also recommends safeguarding the current interplay between the e-Privacy Directive and the GDPR regarding the collection and processing of data from terminal equipment. Currently, as highlighted by the European Data Protection Board, the collection of data from the user’s terminal equipment is protected under the current e-Privacy Directive, with any subsequent processing of personal data falling under Article 6 of the GDPR.
Unlike a fixed list of exemptions, as proposed by the new e-Privacy Regulation, the GDPR’s principles- and risk-based approach allows for the needed flexibility to process personal data in situations where relying on consent is not always possible or feasible.
It should also be noted that all legal grounds for processing personal data under the GDPR already provide consumers with enhanced protection compared to the current ePrivacy Directive.