Are Sensor-Based Business Models a Threat to Privacy? The Case of Pay-How-You-Drive Insurance Models

Abstract

Ubiquitous computing has also reached the insurance industry in the form of Usage Based Insurance models. Modern rates use sensor data to offer the user suitable pricing models adapted to his character. Our overview shows that insurance companies generally rely on driving behaviour to assess a user in risk categories. Based on the collected data, a new attack using kNN-DTW shows that, with the derived information, the identification of a driver in a group of all users of a vehicle is possible with more than 90% accuracy and therefore may represent a misuse of the data collection. Thus, motivated by the General Data Protection Regulation, questions regarding anonymisation become relevant. The suitability of standard methods known from Big Data is evaluated in the complex scenario Pay-How-You-Drive using both real-world and synthetic data. It shows that there are open questions considering the field of privacy-friendly Pay-How-You-Drive models.