Skip to main content

The growing relevance of data ethics in insurance

Insurers can greatly benefit from modernizing their data organizations. However, the adoption of new technology by Dutch insurers is a balancing act. Technological advancement can impact the individual, and the Dutch insurer will have to assess whether these impacts align with the expectations from itself, its industry, its regulators, and society. This article examines a methodology by which insurers can pioneer the concept of data ethics in insurance. At the core of this journey lies the ultimate question: “How can we do what’s right?”


Emerging technologies are rapidly entering the world of insurance and provide insurers with an opportunity to unlock new value. It comes as no surprise that insurers are actively experimenting with data-driven methods to optimally develop new products, target (potential) customers and predict customer behavior. Because of the substantial value that can be unlocked, the successful application of data analytics may become a differentiator for success in the insurance sector ([DNB16]). But to seize these opportunities, insurance companies need to reshape their organizations and transform into data-driven enterprises. However, an insurer cannot merely focus on value and opportunity. A data transformation should be performed in a controlled manner, taking societal views and expectations into account.

In this article we specifically focus on the ethical impacts and considerations of data analytics in insurance. We consider a well-grounded data ethics framework to be a prerequisite for a controlled transformation towards a data-driven enterprise. As such, we examine a few concrete steps by which the insurer can develop its data ethics framework, which should contribute to the embeddedness of data ethics throughout the organization.

The relevance of data ethics in insurance

The rise of data analytics in the insurance sector has come with its own set of moral challenges and responsibilities. In some cases, a moral implication from the use of algorithms may hit the news; a well-known example is the tendency of algorithms to develop biases that discriminate. Such biases may impact an insurer who adopts these technologies. For example, insurers wishing to prevent fraud aim to identify the most relevant fraud indicators. When the insurer adopts an algorithm in support of this objective, they face a risk that they engage in illegitimate profiling.

Besides bias, other ethical risks could also impact the insurer. With the vast amounts of information published online, it is possible for a complex analytics solution to construct detailed user (group) profiles. An insurer could adopt such a model with the aim to increase the accuracy of its risk profiles of micro segments of (potential) customers and their expected behavior. Even the simplest of algorithms could make a decision that impacts a (potential) customer based on this expected risk profile. It is up for debate whether such use of (public) information is morally justifiable. What is more, ethical dilemmas arise over the level of transparency and control that is necessary. The decisions mentioned above could be made autonomously, without an employee understanding or being able to explain exactly why. Some could even be made without human involvement altogether. Whether such autonomous decision making is acceptable should be carefully weighed by the insurer.

The ethical aspects of data in insurance are more structurally visible when looking at the industry’s business model. This model revolves around the constant (re-)assessment of the aggregate risk and value of claims versus the overall income of insurance premiums. In that context, data analytics allows for a faster and more comprehensive assessment of the risk of claims and opens the door to optimizing the risk-return ratio. Fundamentally, the ethical considerations arise when such analytics are applied to individual persons or customer segments, which may impact the principle of solidarity. For example, an insurer may use data applications to determine whether it wants to accept a person’s application, to set a price, or to nudge behavior to reduce the chance of a claim. The more optimal these applications become in targeting (micro) segments of customers, the more it puts the solidarity principle of the Dutch health insurance sector at risk.

Regulatory pressure is intensifying

As regulated financial institutions in the Netherlands, Dutch insurance companies have the obligation to pursue ethical business operations. Recently, data ethics became an explicit focus area of the regulators across Europe. The European Commission published Ethical Guidelines for Trustworthy AI with the aim of identifying the ethical requirements of the use of data analytics, which have culminated in a 2021 proposal for a regulation on a European approach for Artificial Intelligence. Moreover, the Dutch Central Bank (DNB) and Netherlands Authority for the Financial Markets (AFM) have presented an exploratory study into artificial intelligence (AI) in the insurance sector, focusing specifically on responsible deployment of AI. In their study, the regulatory bodies request insurers to take a risk-based approach for responsibly implementing AI based on ten key considerations ([DNBA19]). More recently, the AFM published yet another exploratory study into the application of data analytics by insurers, examining the opportunities and, especially, risks associated with personalized pricing models, calling for a responsible approach to the adoption of these models by the Dutch insurance sector ([AFM21]).

Increased relevance of data ethics has also led the Dutch insurance sector to internally evaluate its position on the subject. This evaluation led to the introduction of an ethical framework for the application of AI in the Insurance Sector by the Dutch Association of Insurers ([DAI20]). The framework, which is binding for all members of the association and is now a requirement within the association’s self-regulation, requires the insurers to respect seven requirements for responsible AI. A consumer could ultimately file a claim with the Financial Services Complaints Tribunal if the insurer does not act according to the framework.

It is not only regulators and governments that have an interest in the application of data and analytics by insurers. Societal pressures in the domain are equally rising. Research by KPMG ([KPMG19]) indicates that insurers have to battle particularly negative societal views on their trustworthiness when it comes to the application of AI.

Mid 2020, the Dutch insurance sector took a significant step forward in ethical data-driven decision-making by introducing its “Ethical Framework for the application of AI in the Insurance Sector”. The framework, built and driven by the Dutch Association of Insurers (DAI), reflects the recognition by Dutch insurers to be proactive in the use of AI and other data-driven products and processes and its impact on their customers. The Ethical Framework provides Dutch insurers an actionable set of policies on data ethics and privacy.

In parallel with the Framework taking effect, the DAI works with KPMG to inform insurers of what they need to do to meet these new requirements through a series of webinars. KPMG also developed a toolkit with the steps that Dutch insurers need to take to meet the controls, standards and risk requirements in relation to the Framework.

It is expected that there will be further debate and additional regulation – such as recently introduced by the European Commission – on AI, data-driven technologies, and data itself. With the launch of the Framework, insurance companies in the Netherlands are in a leading position for whatever they may face in the future.

How can the Dutch insurer build an ethical data organization?

Data ethics is becoming increasingly relevant in insurance and the sector will experience pressures to proactively engage the subject. Insurers will have to realize that their data initiatives may sometimes clash with the norms and values of internal and external stakeholders and that there can be boundaries to collecting, analyzing and utilizing data. To truly understand these misalignments and boundaries, the insurer must identify and address ethical dilemmas that arise from their data initiatives across the business in a harmonized manner.

An insurer could initiate its transformation towards building an ethical data organization by creating a data ethics framework. This framework revolves around the identification and mitigation of ethical risks that arise from data initiatives. First, the insurer has to generate awareness and educate its personnel. What is ethics? Why is it relevant in the field of data analytics? How does it impact the insurance sector? The insurer then has to understand the prevailing data ethics dilemmas that may already impact the firm. What dilemmas do employees face on a recurring basis? How would they deal with these today? Can a consensus be identified for certain moral domains? On this basis, the organization can draft its data ethics guidelines, which are used to design and implement formal procedures to address and monitor data ethics. Finally, the insurer must find ways to embed ethical decision-making throughout its organization to secure desired behaviors.


Figure 1. KPMG’s data ethics approach. [Click on the image for a larger image]

Generating awareness

The first step to embed ethical decision-making throughout the organization is to generate awareness. This can be initiated by engaging a broad stakeholder group to discuss, stress the importance and learn about the importance of data ethics in the organization. Awareness can be achieved by organizing internal discussion panels and workshops in which participants are challenged to think about the impacts of certain data solutions. The insurer should not view these sessions as a one-off, tick-in-the-box exercise though, but should rather seek to proactively sustain the awareness that it generates through them.

Identifying and assessing data ethics dilemmas

After generating awareness, the insurer can start to examine whether the business already faces specific ethical dilemmas. By targeting key individuals within the business they can pinpoint, discuss, and assess the moral dilemmas and challenges within their jobs and across the business. Examples of the ethical dilemmas that are often encountered in insurance include:

  1. Individual pricing versus group pricing

    Should segmentation capabilities be adopted, or will this interfere with the principle of solidarity? Individual pricing by insurers could create a group of “uninsurable” customers in our society, because they cannot afford the higher premiums.
  2. Data maximization versus data minimization

    Data minimization limits the chance of biases in the algorithm. On the other hand, AI algorithms work best when more data points are available, as new correlations and valuable combinations of variables are discovered.
  3. Uniform ethical boundaries versus situational ethical boundaries

    Should the same ethical considerations and boundaries apply under all circumstances, or do some situations require a different ethical approach, for example when combating fraud or when optimizing prices?
  4. Leveraging data to influence customer behavior

    Should data be used to monitor and reward healthy behavior of a policy holder? This can benefit the customer in maintaining a healthy lifestyle resulting in a longer life expectancy but can also cause unwanted side effects such as failing to visit the doctor in time.

The identification, discussion and assessment of these, and other, ethical dilemmas ultimately provides the basis to establish a data ethics framework that is tailored to the organization.

Drafting a set of data ethics guidelines

Dilemmas and outcomes can be abstracted into guidelines which are applied across the business, especially during the decision-making process for data initiatives. These guidelines provide guidance for data ethics domains as they reflect the norms and values of the organization and its employees. Ethical guidelines in the field of data analytics will often revolve around the principles as illustrated in the framework in Figure 2. The organization defines its data ethics guidelines by asking itself a number of key questions. For example, does the organization feel that it should explain any decision made on the basis of technology? And who is responsible for decisions made through certain application of data analytics?


Figure 2. KPMG’s data ethics framework. [Click on the image for a larger image]

Data ethics principles can be used by anyone within the organization, from developers to senior management, to guide considerations on the implementation and use of technology. Moreover, the guidelines serve as a basis for a continued discussions within the company on data ethics, particularly as the use of data increases and new analytic solutions are further developed. The guidelines can also be of importance when defining the limits within which it can continue to explore new data opportunities.

Formalizing a data ethics approach

After this first exploration, the insurer has to shift towards a solution to embed data ethics within the organization and culture. Ethical guidelines, however well drafted, ultimately fail to impact culture if they are not properly implemented. How can (senior) management, data scientists and other stakeholders make use of them? On the one hand they should follow the guidelines diligently, on the other, they should avoid literal interpretations. Professionals and decision makers should continue to ask themselves whether the data solution they are seeking to deploy is also ethically sound.

A key objective should therefore be to formalize, test and fine-tune the data ethics framework so that it can be implemented across the company. There are several means by which this can be achieved. First, the insurer should have a comprehensive view on any initiative that could or would fall into the scope of the framework. The insurer could implement a registry for all advanced data solutions that are in use or will be adopted soon. Second, the insurer could formally embed the data ethics framework in the Data Policy and make it part of its data governance framework. This will help the insurer to create a formal ethical decision-making framework. Third, the insurer may implement specific impact assessment procedures that examine the trustworthiness of a (proposed) data application. Arising dilemmas can then be addressed following a standardized approach through data governance procedures.

Securing behavior – truly embedding ethical decision-making in the organization

Data ethics is a constantly evolving. The introduction of new technology introduces new responsibilities and boundaries for the organizations that use them. As a final step, we therefore believe that assigning specific roles and responsibilities to the ethics domain will ignite the journey towards establishing a truly ethical data organization and will help secure ethical behavior in the future. In support of this, the insurer could set up a governance body that is specifically assigned to oversee the data ethics program of the organization. This data ethics committee can provide guidance upon AI and data ethics dilemmas and can oversee the effective implementation of the data ethics framework in the organization.

Conclusion – what lies ahead?

By proactively addressing the emerging field of data ethics, the insurer will start to embed ethical decision-making throughout the organization. By means of this article we hope to provide a few pragmatic tools to initiate this journey. It should be noted that an organization does not become ethical overnight. It will take practice, learning and continuous improvement to get there. There is no doubt, however, that insurers should start thinking about how they want to address this in their organizations.


[AFM21] Autoriteit Financiële Markten (2021). Personaliseren van prijs en voorwaarden in de Verzekeringssector. Retrieved from:

[DAI20] Dutch Association of Insurers (2020). Ethical Framework for the application of AI in the Insurance Sector. Retrieved from:

[DNB16] De Nederlandsche Bank (2016). Vision for the future of the Dutch insurance sector: Sustainability through transformation. Retrieved from:

[DNBA19] De Nederlandsche Bank & Autoriteit Financiële Markten (2019). Artificial intelligence in the insurance sector: an exploratory study. Retrieved from:

[KPMG19] KPMG (2019). Onderzoek: Vertrouwen van de Nederlandse burger in Algoritmes. Retrieved from: