Protect data and allow innovation
Digital services are increasingly determining people's everyday lives and the success of undertakings. Legislators must keep both in mind: data protection and economic potential. Insurers also want to take advantage of innovations.
Digitally networked everyday life determines the way we live and work. That is why, in addition to the ecological transformation, the digital transformation is rightly one of the key fields of action of the traffic light coalition. The digitisation check for all laws takes into account the fact that digitisation now affects all aspects of life. Of course, this also applies to insurers: We use the opportunities of digitisation for better risk protection, rapid claims processing, and uncomplicated interaction with our customers.
Our positions on digitisation
Use data to create value
Digitised data creates value and prosperity. Insurers handle a lot of data along their value chain because they want to assess risks correctly, develop appropriate offers, and provide help quickly in the event of a claim.
The promotion of data infrastructures, as agreed by the traffic light coalition, is a correct goal in this regard. It is also right to improve access to data from public bodies (open data). The focus must be on trust and security in harmony with efficiency and user-friendliness. Otherwise, data-based business models of European undertakings will lose out to American tech providers and Chinese state-owned enterprises.
Build trust in artificial intelligence with smart regulation
The use of artificial intelligence (AI) requires the trust of all parties involved. AI systems for premium calculation, underwriting and claims settlement in the insurance sector are subject to strict requirements by general laws as well as the stringent regulatory framework for financial services. They also meet customers' demands for trustworthy handling of their data. Data and IT security and data protection are a matter of course for insurers' data-based business models.
Regulate issues appropriately, not a particular technology
Data are part of insurers' core business, whether for risk assessment, premium calculation or claims settlement. Existing legal regulations on data protection, consumer protection, protection against unfair business practices and protection against discrimination also apply in the field of AI because they are technology-neutral. Supplemental regulation should be considered only for high-risk AI applications. A correct delineation between non-risky and high-risk AI applications is crucial. The classification of sectors as high-risk should be made according to comprehensible criteria and not in a blanket fashion. The insurance sector is not a high-risk sector due to existing technology-neutral regulation. For this reason, the commitment of the traffic light coalition to "focus on a multi-level risk-based approach and avoid ex ante regulation that inhibits innovation" in the negotiations on the EU's Artificial Intelligence Act is also correct.
Define artificial intelligence
Not every algorithm is artificial intelligence. The definition of AI is critical to the scope of future regulation. To be future-proof, the definition should include only AI-specific concepts and not well-known mathematical methods, for example, linear models or statistical methods. Algorithms that do not incorporate some form of machine learning or self-optimisation should not be subject to AI regulation.
Protect data, enable innovation
Innovation-friendly data protection law is a prerequisite for the development of AI applications. High standards of personal data protection and consumer sovereignty over their data must be balanced with practical options. Experience to date with the General Data Protection Regulation (GDPR) shows that this balance has not yet been achieved in all areas. To ensure that the GDPR can continue to fulfill its role as an international standard-setter, the next evaluation should be used as an opportunity to remove existing obstacles. It must be legally possible to use data to train AI. Fully automated decisions that enable fast contract conclusions and rapid claims settlement in the interest of customers must not be allowed to fail due to data protection hurdles. The German government's goal of reaching an ambitious agreement with the U.S. for legally secure data transfer at a European level of protection should have high priority.
Trusting business partners in the digital space with digital identities
Consumers want to shop digitally, correspond in virtual space, and take care of official business online. Reliable and efficient handling of these digital business processes requires a high level of trust - from both sides of the digital counter, the social media platform or a virtual office. This in turn requires a trustworthy and generally applicable identity management system. The traffic light coalition wants to address this as a priority. The best way to achieve this goal is a cross-sector and cross-industry ecosystem in which private-sector solutions are integrated in the same way as the ID card, in line with demand and security. In the end, it should be possible to use digital ID solutions that combine user convenience and security and are therefore widely accepted.
Strengthening Germany's cyber resilience together
Cybercrime is the dark side of digitisation and has become a serious threat to politics, business and society. To effectively strengthen IT security, cooperation between all stakeholders is required. The coalition parties have developed a variety of approaches to this end - from obliging government agencies to report security vulnerabilities to the Federal Office for Information Security to supporting small and medium-sized enterprises with digitisation and IT security.
The insurance industry is a strong partner in achieving these goals: It is intensively involved in the fight against cybercrime and raises awareness, especially among small and medium-sized enterprises, of the dangers from the Net. Insurers are improving business cyber defenses by auditing their customers' IT security, pointing out security gaps and, where necessary, calling for improvements. In this way, insurers are helping to strengthen Germany as a business location and every small and medium-sized entrepreneur operating here.
Security in the smart home - introduce mandatory updates for smart home devices
Insurers are committed to better protecting people in a particularly sensitive space - their homes. To achieve this, the cyber risks of smart home devices must be effectively and efficiently limited. All manufacturers should therefore be required to automatically load security updates onto the devices for a fixed period of time and clearly mark the expiration of the support period on the devices.