Remember how insurance companies would bring up the idea of using technology to track your car to determine how you drive and then base your premium on that data? And we would say “haha, what the hell, that sounds like a bad idea!”? Well it’s now a thing, in Australia, via Insurance Box and QBE.
For a once off $100, then an ongoing insurance premium, you get an OBD dongle to place in your car, which uses the magic of GPS and a GSM data network to log and send the insurance company info on where you’ve been, how fast you were going and where you stored your car – I think. Insurance Box and QBE aren’t exactly transparent with what information they’re hoarding and using to judge me.
When visiting the Insurance Box website, the impression you’re supposed to get is that it’s easy to install (just plug the little thingy in under your dashboard where it fits), that it’s gonna save you money and that you should get a quote immediately. There’s even a weird webpage full of “journeys” – just to make you feel as if everything is O.K, as normal people who look just like you, really liked their insurance company provided monitoring device and are saving money and stuff.
My first reaction probably wasn’t what the marketing department envisaged . I want to find out what they’re collecting via the OBD dongle, where the data is going, who has access to it, how is it secured and what happens if this data is leaked or stolen.
The first port of call is the Question and Answers page on the Insurance Box website. Under the heading “What will the Insurance Box check?”, the only information given is “We therefore check that the car is kept overnight where you said it would be and the kilometres you drive over the year.” – that’s it. No list of what that information actually is – or how often it checks it, or where that data is kept and who has access to it.
At the bottom of the Question and Answers page, there is a link to a few PDFs, a typical insurance PDS and FSG (as mandated by law), together with a “Privacy Promise” – fantastic! A detailed document on what Insurance Box and QBE does with my data, this will help me understand and determine if getting a data logger placed in my car by the insurance company is something I’m comfortable with.
The first thing that alarmed me was this line in the first paragraph: “Our computer systems only search for driving behaviour information and relevant information for insurance purposes, such as the regular address the car is garaged overnight and a trend of how the car is driven.”
In order to determine a trend, and in this case, a trend specifically for an individual’s driving, you need to store that information and constantly analyse it. This means that data relating to your driving habits is kept for an unknown amount of time, as well as the location of your car, every night. Are you comfortable with the insurance company knowing where your car is every night and that information living on their computers potentially forever?
Next is a line saying that “journey information is not transmitted over the internet or sent via cloud computing” hang on – how does the data get from your car into Insurance Box’s network and servers? If it’s not using the Internet, then is it some sort of private radio network?
The next lapse of detail and transparency comes from this paragraph: “We do not on-sell your journey information to any third party or allow access by any third party unless they are supplying services to us in the course of fulﬁlling our obligations in your insurance policy.”
Cool, they won’t give my data to anyone (which is pretty much common courtesy I reckon), but they do not mention the names of the third parties that could supply them with services regarding providing customers with insurance are. How do I know the third parties they’re sharing my data with aren’t idiots?
In the section titled “What data is captured by Insurance Box?”, there isn’t much information at all as to the actual data captured, transmitted and stored. “An electronic data feed will translate the co-ordinates from the Box into a speciﬁc location that will provide detail regarding various information including road type, road surface and speed limit of the road you are driving on at any speciﬁc time.”
That’s the extent as to something specific they log, and according to this statement, all they’re logging is your location. But how often is your location logged? Is it every second, every 10 minutes? Twice a day? Is this all they’re logging? Insurance Box doesn’t specifically say that location data is the only thing logged – just that it is something they log. Maybe they’re logging other stuff too, but just include it under a catch all “electronic data feed” term.
You might think that this is just a gross over-reaction from some freetard who hates the man. But I generally like this concept. It’s gotta be a vast improvement over the stereotyping and generalisations they use now, right?
Just because I’m a male in my twenties, it doesn’t mean I love racing other blokes at the traffic lights, or spend my Saturday nights doing burnouts in an industrial estate. Or that simply because I own a car with a turbocharger, I’m going to drive at 200km/h head on into a family of 6 driving a mini-van. There might be statistical evidence that a driver of such a vehicle may be more likely to do that, but I’m not a dickhead who would.
The theft tracking service the dongle provides is actually kinda handy too, if your car is nicked. If it results in a lower premium and the individual is comfortable with how the company operates and handles their data, this can be a good thing. This sort of vehicle monitoring isn’t even new – fleets have been doing it for ages. If you drive a company car, chances are they’re tracking you at all times and doing more invasive stuff than Insurance Box & QBE.
What I have a deep problem with is the lack of detail and transparency with what data is collected, when, where, how, and who has access to it. Would it be that difficult for Insurance Box to include in their Privacy Promise a table which outlines the information the OBD dongle spits out? I assume at a bare minimum it is latitude, longitude, speed and altitude – which are gathered easily from the GPS chipset in the dongle. What info do they take from the car? If any? Does it tap into say, the RPM of the engine as to determine if you were gunning it around a corner before a crash, or even if the car was poorly maintained by reading error codes?
The data network my information travels across, the physical location of where the data is kept and who is responsible for its maintenance and security (give me the name of the company Insurance Box and/or QBE outsource this to, if they outsource it) would be nice too. How long is this data kept and in what format? Who exactly has access to it, what are their names? Who are the possible third parties that data can be given to? What are their credentials on storing this sort of information?
Publishing this sort of information would mean going above and beyond what is out there now. It’s very rare for a company to give this fine grained level of information on how they handle personal information. But as more of this information is kept, used and potentially misused, the only way I will be comfortable taking part in programs like this is if everything is laid out before me, so I can decide if it’s something I want to do. Give me all the information you can, let me decide whether to give you money.