For many years most major personal lines auto carriers have been offering usage-based insurance (UBI) programs allowing customers to be rewarded for safe driving and to do this, they have employed different methods to track driving behavior by collecting telematics data. Some of these programs have resulted in improved loss ratios for carriers while providing an answer to customer concerns that traditional pricing doesn’t reflect their good driving. However, in 2024 the news about telematics has been alarming with the New York Times running articles such as “How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me)” (April 23, 2024) and “Automakers Sold Driver Data for Pennies, Senators Say” (July 26, 2024). In light of these headlines, it is important to understand what the issues are and how they may relate to the usage of telematics and other newer types of insurance-relevant data.

My 2024 telematics journey

My own experience in buying a new car this year is illustrative of where the insurance industry stands with telematics today. In January my husband and I returned to the United States after several years of travel. We moved somewhere without transit service, so we needed to buy a car. While we were on the phone with our Safeco Insurance agent getting our policy details finalized, we were offered the RightTrack program to monitor our driving on the app for 90 days. We decided to do that to save a little money under the presumption that we’d have good driving scores. Having learned a bit about the telematics programs on the job before leaving on my extended travel break, I was also curious to experience the telematics part of the mobile app.

My husband already knew about some of the data collection associated with Hyundai BlueLink features, so as soon as we had the car, he went through all the opt-ins and opt-outs including choosing not to enroll in the Hyundai DriveScore program. There was a lot of screens to wade through for all the data sharing and privacy disclosures related to the car. Some were accessible through the BlueLink app and the Hyundai website and some were only in the car’s own on-board screens. It would be easy to miss some. In fact, we’re currently not sure where we stand on the SiriusXM data collection.

Having the RightTrack app enabled on our iPhones was an interesting experience. The app informed us whether we had any negative incidents during each trip and provided an ongoing rating of our overall score made up of ratings for hard braking, hard acceleration and time of day driven. We both had the app and often were both in the car, so there was a lot of work to confirm who was driving. Sometimes the phone thought my husband was driving when he was really in an airplane that was landing or taking off on a runway. Our phones periodically warned us that we had an app that was doing a very invasive level of tracking of our motion and location data. In terms of the driving scores we got, I was a bit out of practice in driving and learning the car and the local roads, so sometimes my driving wasn’t as smooth and natural as it could have been. I was getting used to using the single-pedal driving mode for lower speed limit areas and really hadn’t driven much for several years. However, at the end of our 90-day trial, we both ended up with “excellent” scores and with the Safeco program this meant we immediately received an additional discount on our premium beyond the initial discount for signing up. Furthermore, with the Safeco program, we would not see a surcharge for bad driving, only a discount if our behavior were good. In some telematics programs this discount applies at the first renewal but with Safeco we received an immediate credit at the end of the program.

Around the time our 90 days with the RightTrack program were ending, I started looking for contract and consulting work opportunities. I started hearing from insurtech companies that there were things afoot with telematics and privacy that could impact the rate of adoption in personal lines insurance because of a lawsuit against General Motors (GM) and LexisNexis. I read the New York Times coverage about the lawsuit and the new ways that telematics data were being collected.

So, what happened?

Telematics data collection for pricing and other uses by insurers has been evolving. When these programs first launched it usually required the installation of a device in the car or truck being tracked. Over time technology evolved to take advantage of the location and motion sensors that most of us carry around in our smart phones resulting in a smoother experience for capturing the data — no need to send a device and receive it back from the customer. Another source of data is the on-board systems in newer cars that are now connected to the internet and can send real-time data.

The early days of telematics promised the consumer they’d only be rewarded, now drivers get penalized.

Insurers use telematics data in various ways. A typical pricing program might consider more than just those variables captured by RightTrack, additional variables may include speeding, phone usage and road types in coming up with a score to use in pricing. While the early days of telematics promised the consumer they’d only be rewarded, now drivers get penalized. While not all programs are solely for pricing, some focus on behavior monitoring and improvement tools, such as telematics for commercial trucking fleets. In some cases, insurers or their technology partners are working with automobile original equipment manufacturers (OEMs) to get the telematics data directly from the on-board systems of vehicles.

The lawsuits and “spying” concerns stem from a newer pathway for insurers to get the data. Companies such as LexisNexis, Verisk and Arity have been acting as clearing houses offering driver scores that insurers can then purchase to help price coverage, much like the credit-based insurance scores. This means that without the consumer doing anything, the data already exists and is provided by software embedded in newer cars or from apps that the consumer already is using on their phones. While these products can improve the quoting experience by having the driver score available immediately and without additional effort by the consumer, they have become a hot issue in the media (see the series of New York Times articles), where regulators and consumer advocates question how the data behind these scores is collected and shared.

Under the existing privacy and disclosure legal framework, the driving scores and associated data fall under the same FCRA regulations as credit score data and other consumer reports. As such, if an entity is sharing these driving scores and other reports based on telematics data, then they must provide full disclosures of this data collection and sharing and the ability for the consumer to request a report of their data. The primary complaint is that consumers did not realize they had opted in to this type of data collection. In some cases, the consumer could not use a desirable feature (e.g., safety features such as crash detection) without enabling the collection of their data for the driving score and in many cases the potential uses of the data in insurance pricing were not well understood by the consumer opting in to the data collection. Furthermore, some consumers felt that the language used at the time of quote did not make it clear that a third party was being contacted that had collected driving behavior on them.

So far, these concerns have resulted in media coverage, legislative attention and the end or pause of some of these telematics programs. Immediately after the March 14 New York Times article “Florida Man Sues GM and LexisNexis Over Sale of His Cadillac Data,” GM suspended their data sharing with LexisNexis and Verisk. Hyundai completely discontinued its DriveScore program in April.

Data for these programs was collected through the on-board systems of vehicles manufactured by GM, Hyundai and Honda. As I mentioned earlier, opting out of some of the tracking technologies required consumers to look at many screens. In an April 23, 2024, New York Times article “How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me)”, the author revealed that while her husband had opted out of data collection in the smart phone app, the website had a different screen for opt-out and it was not in sync, so their data was collected.

Out of the total population of U.S. vehicles, relatively few were enrolled in these on-board telematics data capture programs. However, one can imagine that if a driver received an insurance quote and was told that an adverse factor in their quote was their driving behavior that they unintentionally consented to, they would be quite angry and ready to complain about their privacy being violated. Generally, when the insurer is seeking to use this data at the time of quote, they ask the customer’s permission, but some consumers have reported that they did not understand they were giving consent. On the automaker side, there has been more complaint about the clarity of disclosures and opt-in/opt-out language. This year the state of Texas sued GM over their data collection practices, claiming GM violated the Texas Deceptive Trade Practices Act. The GM data collection disclosures were allegedly buried in 50 pages about the car’s data collection and allegedly consumers were given warning messages about some vehicle safety features being disabled if they opted out.

The app-based data collection is also a new frontier for ongoing telematics data collection. Arity specializes in having advanced telematics software development kits (SDK) that can be used by partner companies to develop in-app features. These partner apps, such as Life360, GasBuddy and MyRadar have certain features that require opt-in to telematics-type data sharing. This shared data allows Arity to generate driver scores and other data that could be used in an insurance contact. According to a New York Times article published June 9, 2024, “Your Driving, Tracked,” some consumers allege that the disclosures on the data sharing were insufficient and they were surprised to learn that a driving score existed for them using data collected from these apps. The same New York Times article does cite the upside of insurers having customers sign up for telematics tracking directly and that it results in perhaps fairer pricing than using credit scores.

Kate Terry, CEO and cofounder of the insurtech startup Surround Insurance, shared in her LinkedIn blog thoughts on how the optics of this were not good for the insurance industry. When I asked her about whether the industry should have anticipated these issues, she stated, “The industry did a good job of foreseeing issues related to data collection by insurance carriers, via dongle or app. Most of the recent angst over telematics for insurance, though, has come from data collected by the in-car systems installed by the car manufacturers then sold to data vendors for use in insurance. Unfortunately, consumer ire is aimed at all the players in the value chain here — manufacturers, data vendors and insurance companies. Since, as an industry, we see the benefits of using the data, for consumers and insurers, we should have been public about the need for transparency and privacy for any sensitive data we want to use long before major newspapers were writing exposés. The industry has a duty to advocate for responsible and quick implementation of information, technology and techniques that will reduce the risk of loss and cost of insurance for consumers, and we failed in that role here.”

Data collected by automakers isn’t the only new thing in telematics. Arity is a leader in the space of providing telematics-related technology for smart phone apps. While not all of their products involve collecting data for insurance purposes, many of the features that Arity provides to their app partners are enabled only when the consumer also consents to data collection that can be used to produce a driving score, which Arity can provide to their partners. The consumer must consent twice: once in the app that is collecting data and when getting an insurance quote to allow the insurer to receive the report. Some consumers reported that they did not understand what was going on at either of these consent stages. This has resulted in attention from such as a July letter from U.S. Senators Ron Wyden of Oregon and Edward Markey of Massachusetts

Michael DeLong, Research and Advocacy Associate with the Consumer Federation of America (CFA), voiced concerns about telematics data collection, “We think a lot of auto insurance companies and third-party vendors are collecting enormous amounts of data on consumers via telematics. We are unsure exactly what they are doing with this data, but we believe they might be using it to narrowly categorize consumers and to increase their premiums in various ways. Or they may be selling it to other corporations to nickel and dime consumers.” The lack of transparency, whether intentional or not, can give rise to these concerns.

What’s the current regulatory landscape?

As is common with insurance, the laws and regulations vary quite a bit by state. California has some of the strongest consumer privacy protection laws, being the first to pass a consumer data privacy law in 2018, and other states have bills being considered in their legislatures. Many states only have the basic NAIC model regulations in place.

The NAIC Privacy Protections Working Group (PPWG) is currently tasked with updating the existing models related to consumer privacy:

• Model 670 – NAIC Insurance Information and Privacy Protection Model Act.
• Model 672 – Privacy of Consumer Financial and Health Information Regulation.

Most states have not adopted Model 670, but Model 672 has seen universal adoption. The PPWG is currently working on updates to the privacy models and the current route is to work on updating the more universally adopted Model 672.

Insights into these two NAIC models can be found in letters from Damon Diederich, Privacy Officer and Attorney at the California Department of Insurance to the PPWG (letters dated May 30, 2024 and March 3, 2022). Diederich claims that that state adoption of Model 672 was largely done because adopting nothing would result in the Gramm-Leach-Bliley Act preempting the ability of state to regulate state insurance privacy. Diedrich goes further to point out that Model 672 was originally meant to be a regulation adding detail to Model 670 and fails to incorporate some of the protections captured by Model 670 such as rights of access, correction and consumer data choice.

Diederich’s May 30, 2024, letter states, “The complexities of modern data use need to be counterbalanced by robust consumer privacy protections. A modern insurance privacy law should:

• Protect consumers throughout all parts of the insurance data ecosystem and at all stages of the consumer’s interaction with the licensee.
• Provide effective notices and transparency, including information about sources of personal information, uses of personal information, and disclosures of personal information.
• Inform consumers when personal information negatively impacts the price or availability of coverage for a consumer and allow the consumer to verify or contest the underlying information.
• Permit the consumer to exercise meaningful choice about whether and how their personal information is used for purposes unrelated to the consumer’s insurance coverage; and
• Provide data minimization and effective records retention requirements as a safeguard against institutionalized hacking.”

Most consumer advocates would argue that today’s insurance privacy laws and practices in the United States fall short of this standard.

Michael DeLong of the CFA has also submitted comments to the PPWG and I asked for his thoughts on what the industry and regulators need to do surrounding consumer concerns about telematics data. “We think that every state needs stronger telematics regulations to make sure only data relevant for insurance is collected through these programs and that it is only used for insurance. Ideally, insurance companies would voluntarily adopt these standards, but they have shown little sign of doing this. So, states need to step in and mandate these protections. If the NAIC comes up with a model telematics law or bulletin, that would be quite helpful. Having driver information scores be subject to the FCRA is a good first step, but on its own it is not enough. Many consumers do not know about the FCRA or that they can request their data. State regulators should require that clear, easy-to-understand information about the driver scores be sent directly to consumers, either via mail or email or some other method. State regulators should also get more staff, funding and expertise, so they can thoroughly investigate telematics programs and hold them accountable. And consumer driving data shouldn’t go into these driver scores without their clear and informed consent.”

The current path of the NAIC PPWG is to work on revisions to Model 672 that will attempt to close some of the privacy gaps while taking certain operational considerations raised by industry representatives into account. A coalition of industry groups, including the American Property Casualty Insurance Association and the National Association of Mutual Insurance Companies, worked on a draft model known as Model 672 Plus; the NAIC PPWG is building a working group tasked with moving the draft forward. Individual states continue to move forward with their own privacy protection laws and regulations including regulations around employee data in California and Colorado, and we could even see involvement from the federal level in light of recent warnings from the Federal Trade Commission to automakers about data sharing from connected cars.

Do consumers want telematics-based pricing?

When asked about consumer acceptance of telematics versus other rating variables, such as credit score or territory, DeLong said, “Consumers prefer pricing that reflects individual risk, but they want that pricing to be accurate. They also want premiums to not be excessive, and if people are paying a lot because of their risk, they should have the opportunity to lower that cost, through actions like taking a defensive driving course. Telematics has substantial promise for consumers, but most people are put off by the sheer amount of information collected by companies and the lack of transparency; that is why uptake has been relatively low. CFA believes that auto insurers’ use of socioeconomic factors in insurance pricing and underwriting, like someone’s credit score, education, occupation, homeownership status or marital status, is extremely unfair and should be banned. These factors are used to overcharge low-income consumers and Black and Hispanic consumers. If telematics can move insurance away from this, that would be a very good thing — especially if it more accurately matches rates to risk.”

“Consumers prefer pricing that reflects individual risk, but they want that pricing to be accurate.” —Michael DeLong

I also spoke with insurtech innovator and telematics evangelist Matteo Carbone to get his insights on the current state of telematics. He points out that today most insurers are only offering pricing based on telematics to new business customers. UBI has been used for the past two decades by U.S. insurers with an approach focused on the new business (typically referred as “switch&save”). Nowadays, six of the top ten carriers are showing UBI penetrations between 46% and 70% on the new business in their direct channels. Instead, the penetration on the agent channel has always been lower. The contention that consumers are wary of it may be wrong, it may just be that they aren’t being given the option unless they are shopping for new insurance and not using an independent agency channel to get it.

Robin Harbage, FCAS, began working with telematics at Progressive in 1997 and continued to work with it throughout his career and believes, “The value of telematics data for safety, accident response, and fair and accurate rating are so great, that the vast majority of drivers should openly welcome the introduction as a means to lower rates. Most drivers believe they are better than average, and in a manner, they are right. Since a high proportion of accidents are caused by a small proportion of drivers, it is true that well over half of drivers cause far fewer than half the accidents. The benefits to good drivers is clear, and the value to society is possible with good education about the causative behavior, which can be changed by individuals.”

The telematics route forward

Carbone suggested that while carriers continue to grow their existing telematics programs, a new approach to collecting telematics data may be needed, “The optimal approach is using connected data from the different sources will be available— data from OEMs and third-party apps — but change the way this is presented to policyholders. Today’s approach is the inquisitive cop, I will look for information, if I find something I don’t like you will be penalized,” he said.

“An optimal way is to give the opportunity to share verified information with your insurers,” said Carbone. “If you share information, I will look to see if you are good. The more you share, the more benefits you may unlock if the data shows you are a good risk. This is a radical shift to the proposition to policyholders today.” He went on to highlight the products of South Africa’s Discover Group whose app uses incentives, data and behavioral science to improve health outcomes. He suggests the same should be done by automobile insurers to help improve the overall loss ratio of the book, not just using telematics data to identify the best and worst risks. He added, “The usage of telematics data allows for better matching rates to risks, promoting safer driving behaviors, and reducing frauds in the claim process. All these impacts permit the offer of coverage at a lower price to a large part of the policyholders. This means being able to profitably manage a book of auto business while increasing the availability and affordability of coverage. I believe that in five or 10 years, all insurers will require telematics, and if you don’t download the app, you will be considered a nonstandard risk.”

Carbone also confirmed that while these privacy and disclosure concerns have resulted in a pause of some automakers sharing data to LexisNexis, Verisk and other partners, it has not slowed down the general path forward with telematics use at large carriers. Since 2023, Progressive has begun adding ongoing telematics features in their app that are available to a larger portion of their book. The feature currently available give crash detection and improve the claim process, however Carbone’s vision is that structured behavior change programs should also be added. He pointed out that as opposed to 10 years ago, now there are many specialized insurtech players ready to work with carriers on custom solutions for their products. Carbone pushed for the need to use telematics to confront rising loss ratios and highlighted data from a recent blog post showing that even considering the costs of working with a technology partner to implement a telematics SDK in an insurer’s app, it should be possible to see at least a 5% improvement in combined ratio in the typical implementation.

Furthermore, the need for telematics data aggregators providing the types of services, such as those that raised consumer alarm, is clear to most who look at the market today. Robin Harbage points out, “No single insurer, auto manufacturer, or communications company will ever collect a majority of telematics data. Much as with credit data, large bodies of telematics scores at point of sale will require a few aggregators to work with data sourced from multiple phone or app suppliers to collect a broad swath of driving behavior. With proper disclosure and education, it is likely consumers will willingly opt into telematics systems, if the benefits are made clear. The necessary step is for consumers to understand that they gain more value than the cost of losing some privacy in a world where they are already tracked on an extreme basis, and for companies using telematics data (this goes far beyond insurers) to be absolutely transparent about the use of the data and be willing to collaborate with a few aggregators collecting data from a broad range of vendors.”

Kate Terry’s LinkedIn blog also heavily advocated for clear transparency, “Putting the fact that you might sell telematics data to a third party on page 150 of your contract for in-car services is not the same as explaining that if you opt in to an insurance driving score, it may increase or decrease your car insurance prices when you next shop. Similarly, briefly mentioning you might inspect a home is not the same as disclosing that you may use a drone or satellite imagery to look at a property and may require repairs to insure the property.” In other words, the bare minimum legally required disclosures may not be enough to get consumers on board with data sharing.

Looking at it from a business legal standpoint there is justification to say less so that it can stand in a court of law later if you don’t adhere exactly to what you said, but from a relationship management standpoint the lack of transparency along with the constantly increasing automobile premiums may increase the adversarial relationship with the customer. This relationship is something that insurers and the industry in general may be able to work on improving through marketing and product design, which are not necessarily the actuary’s specialty, but we can help advocate for it by showing the potential loss ratio improvements to be gained in wider use of telematics.

From an actuary’s standpoint, we can help advance the cause of telematics through our communication with our colleagues, state regulators and even the public. DeLong cited a desire for “actuarial support for each variable included in the telematics algorithm and further demonstration that variables used do not result in unfair discrimination on a protected class basis” as well as “testing for unfair and unintentional bias, either by the companies or by insurance regulators.” This supports the continuation of the work the CAS and actuaries across our industry are doing in the field of studying bias and how to test for it.

As actuaries, we can also prepare to be more flexible with our use of telematics data. In a world where consumers have different levels of comfort with sharing, we will need to partner with those who design the insurance product options. If we allow, as Carbone suggests, different levels of sharing of data, we need to be able to design more complex pricing programs that allow us to use the data the consumer has consented to in ways that are fair and unbiased. We will need to justify and explain these complex programs to internal company stakeholders, helping to design ways to monitor and adjust for different levels of telematics adoption and evolving sources of telematics data. And we will need to come up with ways to explain our usage of this data in pricing to regulators. All of this may require more data sharing, in-depth explanations and transparency than we are used to, but the benefits of more consumers using telematics and its potential positive impact on overall driver behavior may very well prove to be worth the extra effort and changes from the current norm.