Friday, July 17, 2009

Pay as You Drive Proposals Threaten Privacy

The general concept behind "pay as you drive" programs - providing financial incentives for motorists who reduce their driving - is worthy. But to date, the consumer privacy concerns outweigh the benefits of such plans - at least as currently written.

As the Electronic Frontier Foundation (EFF) noted on Wednesday, one such proposal is being considered here in California, writing:

The California Department of Insurance (DOI) is considering regulations that would enable insurance prices to depend on the precise number of miles a car is driven in a given billing period. But in implementing these "Pay As You Drive" regulations, the DOI appears poised to empower insurance companies to require customers' cars to be outfitted with "black-box" devices that could transmit back to the insurance companies all sorts of data about car motion (acceleration, braking, and so forth) as well as driver behavior (steering and seat-belt wearing).

It was just last year that we (Consumer Federation of California) opposed a bill in the California legislature (AB 2800) that would have done something very similar: amend the mandatory insurance rating factors approved by the voters in 1988 as part of Proposition 103. Proposition 103’s proponent, Consumer Watchdog (formerly the Foundation for Taxpayer and Consumer Rights) worked for many years to win Department of Insurance regulations to implement the intent of the Proposition 103, which among other rating factors, was designed to reward drivers with reduced insurance premiums for driving less.

DOI rules to implement these provisions were adopted in 2006 and are only now taking effect. Proposition 103 requires insurance companies to base the auto insurance rates charged in California primarily on a motorist’s 1) driving safety record, 2) annual miles driven and 3) years of driving experience. Proposition 103 grants the Insurance Commissioner the authority to establish insurance rates through a ratemaking process, provided the rates are designed to further the intent of Proposition 103. The legislature has no authority to set rates under Proposition 103.

In 2006, then-Insurance Commissioner John Garamendi enacted new regulations to enforce the annual mileage factor and require insurance companies to restructure their auto insurance rates to fully comply with the voters’ mandate. At the same time, Commissioner Garamendi promulgated new rules to make it easier for insurers to verify the actual miles driven by their policyholders.

The problems we had with that bill (AB 2800), and the current efforts underway, are numerous. Most notably, it would have created an unfair system of insurance discrimination in which similarly situated policy holders would pay different prices. An insured driver who participates in an insurance company’s optional “green” plan would pay a lower insurance rate than a similarly situated policy holder who drove an identical number of miles but who did not participate in the same insurance company’s “green” plan.

If every other factor about the policy holders is the same, the fact that one is not a participant in a program would unfairly result in a higher premium under that original legislation. Under the current rules, insurers can offer real incentives for realistic mileage reductions. As long as the insurer continues to prioritize the impact of a driver’s safety record, nothing would stop an insurer from offering their insurance product as a legitimately Green Auto Insurance policy.

In order to facilitate insurers’ ability to confidently assess the risk associated with a customer’s mileage, DOI regulations grant insurers the authority to require customers to provide an odometer reading when the mileage verification rules were revised. Insurance companies were also given the authority to request, but not mandate, that customers comply with certain mileage verification requirements including the technological GPS devices contemplated in AB 2800.

As we argued at the time, the proper venue for modifying automobile insurance rates under Proposition 103 is through the rate-setting process of the Department of Insurance, not through legislation.

We won that argument, and now, the good news - if one can call it that - is the DOI has retreated from its prior position (and the threat posed by AB 2800) that these devices should track your location. As EFF points out, "it's still true that every car already has a reliable, tamper-resistant device that verifies actual mileage: an odometer."

But significant privacy concerns remain regarding collection of data on consumers’ driving habits, destinations and other information that is not germane to the objective of verifying the total miles driven.

Jennifer Granick of EFF explains:

...there appear to be no restrictions on what the insurance companies would do with that data — of course, when you drive on the public street, you lose some privacy. But 10 years ago, someone interested in your whereabouts would have had to decide in advance to follow you and then physically follow you. Black boxes can collect information pervasively, silently, and cheaply for any later use by the insurance company, private parties or the government. There is real danger that this information would not only be used to ascertain the political or associational affiliations of drivers, but also to charge more if you drive and park in neighborhoods with high vehicle theft and crime rates, to impose higher premiums for people who drive at night or to link your health insurance rates with location data that reveals your lunchtime trips to McDonald's.

In comments filed with the DOI this week, EFF has argued that it is unacceptable for insurance companies to coercively require customers to accept such devices in their cars, and that the proposed regulations be amended to permit drivers to participate in any verifed actual mileage program via other means (like your car's odometer). EFF also argued that location privacy requires, at a minimum, that the proposed regulations restrict collection of information to the minimum amount necessary, require that the driver be able to independently verify information collected and require that the insurer have an explicit policy about the use and storage of the collected data.

With that said, there is something you can do to protect driver privacy in California: Tell Insurance Commissioner Steve Poizner [contact info] that you agree with EFF's criticisms. Ask him why he wants to allow insurance companies to track drivers? Or how about this: Shouldn't you be tracking insurance companies instead? Thanks to EFF for their work and suggested actions....

1 comment:

Bec said...

Pay As You Drive in Australia allows customers who do not drive often can make savings without the use of a black box system.

In fact, all customers have to tell the company is their odometer reading at the start of the policy, the insurer has no access to data regarding how or where the customer drives.

This is a legitimate alternative with none of the privacy concerns mentioned above, check it out at