February 8, 2023 – According to a decision by the European Court of Justice, insurance agents and brokers have to comply with customers’ right to information in more detail than before. Upon request, they must specify which cooperation partners have received the data and explain the processes in a transparent manner. Just naming a category of insurers to which the intermediary sent the data is not enough. Attorney Björn Thorben M. Jöhnke explains this.
A judgment of the European Court of Justice (ECJ) of January 12, 2023 (C-154/21) specifies the obligations of companies and the self-employed, including insurance intermediaries. Accordingly, they must comply with the provision of information Article 15 GDPR not only name the categories of data recipients, but also their specific names.
Agents have one month to respond
- Björn Thorben M. Jöhnke (Image: Jöhnke & Reichow)
If a customer requests information from his intermediary about which insurer has data about him, the intermediary has one month to provide the relevant information, explains lawyer Björn Thorben M. Jöhnke from the law firm Jöhnke & Reichow Rechtsanwälte in partnership mbB at the request of the insurance journal.
“Insurance intermediaries should deal with the possibility of a right to information or with the resulting obligation of the intermediary to provide information at an early stage, so that information can be provided promptly within a month if necessary,” advises the lawyer, who himself has a professional past as an insurance intermediary .
The independent intermediary should have an overview of the cooperation partners to which he passed on the customer data. If necessary, he would have to name them specifically, emphasized Jöhnke.
The lawyer advises that an insurance broker who is responsible within the meaning of the General Data Protection Regulation can use text modules. “Basically, the data protection issues are recurring and very similar,” says Jöhnke. A complete log of the internal technical processes is also advisable.
Customers must approach intermediaries themselves
“In principle, the independent intermediary only has the obligation to provide the customer with appropriate data protection information, which the intermediary uses to inform the customer of his rights under the General Data Protection Regulation. In principle, nothing more is necessary at first,” reports the lawyer.
The information should only be given when the customer requests it.
The right to information finds its limits when those allegedly affected demand the information in an “abusive manner”. Allegedly affected persons would request information from the intermediary without even being a customer. The claim then becomes irrelevant.