Discounts for Data
Biopolitics & Bodies
Surveillance Capitalism, the slippery slope towards Social Credit Systems.
It was 2022, the light at the end of the Covid tunnel was not yet visible in Toronto, I bought a car, I quit my job and needed some car insurance for a couple months while I trekked across the country in search of normalcy in my home province.
For the record I grew up with one car insurance provider, owned and operated through the provincial government – so I was new to this picking and choosing car insurance business. But I should have known, there’s no such thing as free, even when it comes to discounts.
Nonetheless I was young, dumb, and broke, so 25% off for being a good driver seemed like the best idea. It wasn’t until a year or so after that I reflected on this discount program that I realized the unsettling nature of the intense data tracking – once I gained an awareness to the scope and application of digital data extraction, analysis, and profiling I felt bamboozled.
Let’s get into it…
So, the insurance provider, let’s call them “InsuranceR’Us” offers customers up to 25% off their auto insurance by using their driving app.
This application uses location and GPS tracking to collect acceleration, braking, speeding, and cornering data, which it uses in conjunction with mileage, time of day, mobile device ID, internet, and Bluetooth connection to score users. This score is then used to rank users and if used properly can reward them.
It even gives you curated driving tips!
*Disclaimer, I did consent to this tracking, InsuranceR’Us assures the data recorded would not be sold to third parties or get me into trouble with law officials. I’ve never had a driving infraction, so I didn’t care too much at the time.
But it started to become more and more invasive, notification after notification, warning after warning when deleting trips where I was a passenger in another car – trips the app logged because the location services were always running. Permissions this app demanded.
For me it was quite simple at the time, disable app tracking (a condition of my insurance contract) and risk my coverage on a cross-country road trip to stand-up for my privacy while every other app on my phone does the same thing just less visibly OR deal with it.
So, I dealt with it.
I was complicit in this strange dynamic, but that didn’t mean it sat well with me. This program wasn’t inherently untrustworthy or problematic – but it was the social conditioning this instance of surveillance offers that makes me critical.
This model, that is not unique to InsuranceR’Us, leverages the public interest of safety against the personal interest of privacy.
Why wouldn’t people want safer roads?
Why shouldn’t we incentivize best practices?
But by incentivizing ‘safety’ we effectively blur the lines of consent in data collection and HOT TAKE (maybe?) – we begin to rewrite permissible invasions of our privacy. Changing the goal posts, insisting “it’s okay if…xyz”.
Beyond exemplifying surveillance capitalism, InsuranceR’Us’s program offers public concern when one starts to wonder how this may change auto insurance and public perception of privacy going forward. In my case, my provider was also a large bank, with many subsidiaries, and what I would expect to be a high desire for personal data. I mean, that’s how the credit system has worked since inception – data, data, data.
And why would the capitalistic machine stop at just financial data, that’s not pro-accumulation, that’s not pro-exponential growth. The natural next step is to find new areas of data to extract, mining different areas of consumer behaviour to get out on top.
In my experience with InsuranceR’Us, my data was in fact protected, I did not suffer a data breach and have no reason to believe my data made its way into third-party hands. Now, does the size and overall position of Insurance’R’Us’s business dealings make ‘third party-sharing’ kind or irrelevant? Yes.
More importantly, digital protection of data is not fool proof, not all companies can be or should be trusted, and there are bad actors. The hard truth is that data breaches happen.
Let’s look at some Canadian examples:
Life Labs Data Breach, 2019 – This breach impacted approximately 15million users (~40% of the Canadian population at the time) . The data impacted included health card numbers, lab test results, login credentials and the standard name, email, address. This is also an organization that is integrated with various provincial healthcare systems, thus its high usage and large data set.
The same year we saw the Desjardins Data Breach. Desjardins is one of Canada’s largest financial cooperatives. Their breach impacted approximately 9.7 million users, whose full names, addresses, birthdates, social insurance numbers, email addresses and transaction history were compromised.
AND even the Canada Revenue Agency, you know the government agency that makes Canadians perform an obnoxious amount of authentication steps to access their tax and benefit accounts – the same agency that makes Canadians that want to reach the CRA by phone (which is sometimes the only option) consent to unsecured phone lines because the person I’m sharing everything you’d need to steal my identify with is allowed to work from home without an appropriate secure set-up.
Ya that CRA, in 2020 had over 11,000 confirmed accounts that had Social Insurance Numbers, Taxpayer records, direct deposit information and login credentials accessed by unauthorized and malicious parties.
I get it, things happen, and I have more of a personal issue with the CRA, but these are three large organizations that people should be able to trust with their personal data, and even they’re not perfect protectors.
This is all to say, the more tracking and data extraction we allow, the more risk we open ourselves up to.
InsuranceR’Us’s discount insurance in exchange for data model is a way to incentivize early adoption – a test run of sorts, to see what works and how to sell this model en masse. Once it becomes attractive enough, or synonymous with safety much like seatbelts, or in a data tracking context, Canada’s now discontinued contract tracing app COVID Alert, there’s nothing stopping companies from removing the incentive and making data the key driver for securing service options.
Learn from me, think about the what, the why, and the how of digital data extraction. Even benign uses can set the stage for the future of privacy.
It’s a slow burn.
If you liked this post, or the topic more generally, consider subscribing. You’ll get written posts almost weekly, and my podcast once a month, directly to your email inbox.
References.
Data Breach Information: https://www.corbado.com/blog/data-breaches-canada
