Skip to main content
SpringerLink
Log in
Book cover

Market Integration Through Data Protection pp 45–79Cite as

Data Protection and the Insurance, Banking and Credit Reporting Industries

  • Chapter
  • First Online:

  • 1180 Accesses

Part of the book series: Law, Governance and Technology Series ((LGTS,volume 9))

Abstract

In Chap. 1 the data protection framework at the EU level was analysed in order “to prepare the field” for the analysis which will be carried out in this chapter. Here the focus will be the processing of personal data that takes place in the financial, insurance and credit reporting industries. The insurance industry and the banking sector use personal data to develop their activities with more efficiency, and the credit information suppliers are an important part of this mechanism, since they help banks and insurance companies in their search for personal data about their potential customers. This chapter will concentrate on the more sensitive issues that arise from the processing of personal data carried out by these industries, such as the processing of sensitive and genetic data—including the discussions about adverse selection, generalisation and discrimination.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The expression ‘credit information suppliers’ is used because there are basically two kinds of institutions that provide credit information: credit bureaus and public credit registers. Jentzsch, Nicola. Financial Privacy: An International Comparison of Credit Reporting Systems. 2.ed. Berlin: Springer, 2007. P. 61. For a definition of credit bureaus and public credit registers see International Finance Corporation (IFC)—World Bank Group. Op. cit. P. 7. “A credit bureau is an institution that collects information from creditors and available public sources on a borrower’s credit history. The bureau compiles information on individuals and/or small firms, such as information on credit repayment records, court judgments, and bankruptcies, and then creates a comprehensive credit report that is sold to creditors. (…) A public credit registry is defined as a database managed by the public sector, usually by the central bank or the bank supervisor, that collects information on the creditworthiness of borrowers (persons or businesses) from supervised financial institutions, makes such information available to financial institutions, and is used primarily for supervisory purposes.”

  2. 2.

    International Finance Corporation (IFC)—World Bank Group. Op. cit. P. 7. “Consumer credit bureaus collect information in a standardized format from several types of lenders, such as banks, credit card companies, retail lenders, other non-bank financial institutions, and utility companies.”

  3. 3.

    DeCew, Judith Wagner. Pursuit of Privacy—Law, Ethics, and the Rise of Technology. Op. Cit. P. 147. “At little or no cost, the bureaus make it easy for almost anyone to find out another individual’s income, employment status, marital status, driving record, real state holdings, credit limit, and even civil and criminal court records.”

  4. 4.

    International Finance Corporation (IFC)—World Bank Group. Op. cit. P. 5. “Credit bureaus help address the fundamental problem in financial markets known as ‘asymmetric information’, which means that the borrower knows the odds of repaying his or her debts much better than the lender does. The inability of the lender to accurately assess the credit worthiness of the borrower contributes to higher default rates and affects the profitability of the financial institution.”

  5. 5.

    “A ciò va aggiunto che la disciplina sulla protezione dei dati personali impatta sull’industria assicurativa in modo forse pi\( \hbox{\`{u}} \) significativo che in altre imprese, se si considera la struttura típica del negozio assicurativo, che pone, come vederemo, lo scambio di informazione e dati sul rischio tra assicurato ed assicuratore a fondamento della stabilità dell’impresa e della correttezza dell’operazione assicurativa.” CUFFARO, Vincenzo et al. Il codice del trattamento dei dati personali. Torino: G. Giappichelli Editore, 2007. P. 557.

  6. 6.

    Jentzsch, Nicola. Op. cit. P. 274. “Default: This term denotes the situation, where the borrower fails to meet his or her financial obligations. Default is often used to refer to accounts that are more than 180 days delinquent. (…) Delinquency: Delinquency is the situation where the borrower fails to pay when due. Usually, there are late fees applied after the delinquency occurred. The credit business usually distinguishes 30-day, 60-day and 90-day delinquencies with the latter being the most serious. Delinquencies that are over 30 days are usually reported to credit bureaus.”

  7. 7.

    Another use of personal information by those industries is production of consumer personal consumer profiles in order to allow them to offer new and specific products adapted to the needs of their consumers. See SOFSKY, Wolfgang. Privacy—A Manifesto. (Translated by Steven Rendall). Princeton & Oxford: Princeton University Press, 2008. P. 107. “On the commodity market other interests are dominant. Traders, banks, insurance companies, and advertising agencies collect information about customers in order to produce personal consumer profiles and open up new market niches. Anyone who knows his customers’ buying habits can surprise them with special offers and try to bind them to him.”

  8. 8.

    Information Commissioner’s Office. Credit Explained. Available at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/credit_explained_leaflet_2005.pdf. Accessed 23 February 2010. P. 1. “No one has a right to credit.”

  9. 9.

    Ferretti, Federico. Op. Cit. P. 15–16. “Each file usually contains the name of the borrower, his/her date of birth, current address, previous addresses if any, linked addresses, marital and employment status, number of accounts, amounts, types, stage (loan under approval, withdrawn, denied) and terms of accounts, amount of monthly instalments, amount of residual instalments, historical data, number of defaults, amount of arrears, name of granting institutions, payment history (both regulars and in default), dates. In addition, information relating to people that have a financial relationship with him/her is usually included.”

  10. 10.

    In the US, “The Medical Information Bureau (MIB), a nonprofit institution, maintains a database of medical information on 15 million individuals, which is available to over 700 insurance companies.” SOLOVE, DANIEL J. Privacy and Powever: Computer Databases and Metaphors for Information Privacy. Stanford Law Review, Vol. 53 (2000–2001): 1409.

  11. 11.

    Meyer, Roberta B. 2004. The insurer perspective. In Genetics and life insurance—Medical underwriting and social policy, ed. Mark A. Rothstein. Cambridge: The MIT Press. P. 29. “Risk classification assures that premiums are financially prudent or adequate to enable the insurer to meet its contractual obligations to its policy holders. It allows the insurer to determine premiums that are appropriate to levels of risk. The more underwriting information available to the insurer, the more precise it can be in determining appropriate premiums. This protects both insurer and policy holders from the insurer becoming insolvent due to inadequate premiums.”

  12. 12.

    Jentzsch, Nicola. Op. cit. P. 43. “(…) Banks and insurance companies screen and monitor applicants and there is a possibility to signal certain characteristics.”

  13. 13.

    Available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML. Accessed 7 May 2009.

  14. 14.

    Kuner, Christopher. European Data Protection Law—Corporate Compliance and Regulation. 2.ed. Oxford: Oxford University Press, 2007. P. 92. “The requirement that the data relate to an ‘identifiable’ person in the General Directive similarly means that a set of data which, taken together, could be matched to a particular person, or at least make identification of that person considerably easier, is considered ‘personal data’. Thus, for example, data concerning ‘all males over 50 living in city X’ would not be considered personal data, since it probably could not be tied to a specific person, even if great time and expense were used. However, data concerning ‘all males over 50 living in city X who are physicians, have two daughters, listen to Verdi operas and have vacation houses in the south of France’ would probably be considered personal data, since it would be possible to link this description with a specific person or persons, even though the data set itself does not contain any names.”

  15. 15.

    The same applies to Italy as will be seen in the next chapter (Sect. 5.2).

  16. 16.

    Webster, Mandy. Op. cit. P. 109. The differences in the concept of personal data in EU Member states will become evident in the analysis I will carry out in the Chaps. 3, 4 and 5.

  17. 17.

    Article 29 Working Party. Opinion 4/2007 on the concept of personal data, adopted on 20th June 2007. Available at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf. Accessed 21 January 2010. P. 6.

  18. 18.

    “Tale potere di controlo si fa ancora pi\( \hbox{\`{u}} \) stringente com riferimento a quello che viene considerato il nocciolo duro della privacy, rappresentato dalle informazioni relative alla salute, alle abitudine sessuale, alle opinione politiche, alle opinione religiose. (…) In relazione a tali informazioni è stata elaborata da c.d. categoria dei <<dati sensibile>>, che necessitano di uma protezione particolare contro i rischi della circolazione, proprio per la loro intrinseca attitude ad essere strumentalizzati per fini discriminatori.” In Bianca, Cesare Massimo; Busnelli, Francesco Donato. La protezione dei dati personali. Cedam: Torino, 2007. P. LXXIX. See also Doneda, Danilo; Viola de Azevedo Cunha, Mario. Risk and Personal Information: The Finality Principle and Data Protection in the Brazilian Legal System. RBRSi, Rio de Janeiro, Brazil, v. 3, n. 3, p. 133–150, 2009. Available at http://www.rbrs-i.com/img/upload/RBRSi%203-3%20Danilo%20Doneda.pdf. Accessed 21 January 2010.

  19. 19.

    See Article 8 Directive 95/46/EC.

  20. 20.

    The CoE Convention 108/1981 adopted the same expression—special categories of data—for sensitive data.

  21. 21.

    Charlesworth, Andrew. Op. cit., 940.

  22. 22.

    Apud Ibid, 941.

  23. 23.

    Recital 26 of Directive 95/46/EC.

  24. 24.

    Gediel, José Antônio Peres; CORRÊA, Adriana Espíndola. “Proteção jurídica de dados pessoais: A intimidade sitiada entre o Estado e o Mercado.” Revista da Faculdade de Direito—UFPR, n.47, 2008. P. 144.

  25. 25.

    Article 4(1) (n) of the Italian Personal Data Protection Code (Legislative Decree no. 196 dated 30 June 2003) considers anonymous data as “any data that either in origin or on account of its having been processed cannot be associated with any identified or identifiable data subject.”

  26. 26.

    See, for instance, the French Act n° 78-17 of 6 January 1978 on data processing, data files and individual liberties, http://www.cnil.fr/fileadmin/documents/en/Act78-17VA.pdf. Accessed 1 August 2011.

  27. 27.

    Information Commissioner’s Office, Data Protection Act 1998: Legal Guidance, http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/data_protection_act_legal_guidance.pdf. Accessed 3 March 2010: 13. “The Commissioner considers anonymisation of personal data difficult to achieve because the data controller may retain the original data set from which the personal identifiers have been stripped to create the ‘anonymised’ data.”

  28. 28.

    Regarding the anonymisation of genetic data the situation is even more complicated. See MURRAY, Thomas H., “Genetic Exceptionalism and ‘Future Diaries’: Is Genetic Information Different from Other Medical Information?,” in Genetic Secrets: Protecting Privacy and Confidentiality in the Genetic Era, ROTHSTEIN, Mark A. (New Heaven and London: Yale University Press, 1997), 63. “If a database contained sufficient information about the sequence, even if the person’s name were not attached to the file, it might be possible to identify the individual whose sequence it is, in a manner similar to the method of genetic fingerprinting. So, although the practise of removing identifying information is usually thought to confer anonymity by making records impossible to trace to an individual, that may not be the case with records containing significant chunks of DNA sequence data.”

  29. 29.

    Sweeney, Latanya. Foundations of Privacy Protection from a Computer Science Perspective, http://dataprivacylab.org/projects/disclosurecontrol/paper1.pdf. Accessed 22 February 2011.

  30. 30.

    Tene, Omer. Privacy: The new generations. International Data Privacy Law Vol. 1, No. 1 (2011): 17.

  31. 31.

    Ohm, Paul. Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization (August 13, 2009). University of Colorado Law School Legal Studies Research Paper No. 09–12, http://ssrn.com/abstract=1450006. Accessed 7 November 2010.

  32. 32.

    An example of the risks is the software produced by Phorm, called WebWise, which was hardly criticized by data protection advocates. See Clayton, Richard. The Phorm ‘Webwise’system, http://www.cl.cam.ac.uk/∼rnc1/080518-phorm.pdf. Accessed 7 November 2010.

  33. 33.

    Article 29 Working Party on Data Protection, Opinion 1/2008 on data protection issues related to search engines, adopted on 4 April 2008. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf. Accessed 4 January 2011, 20. In its opinion 4/2007, the Article 29 Working Party presents a definition of anonymous data that take into account ‘the means likely reasonably to be used’ for the identification of the data subject. See Article 29 Working Party, Opinion 4/2007 on the concept of personal data, Op. cit.: 21.

  34. 34.

    Walden, Ian, “Anonymising Personal Data,” International Journal of Law and Information Technology 10 n° 2 (2002): 226. “Achieving effective anonymisation may be a challenging task, from both a technical and compliance perspective. Sophisticated data analysis and data mining techniques on supposedly anonymous data may eventually yield data that does ‘directly or indirectly’ relate to a specific individual (…).”

  35. 35.

    European Data Protection Supervisor. Opinion on the proposal for a regulation of the European parliament and of the council on European statistics (COM(2007) 625 final). Adopted on 20 May 2008. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2008/08-05-20_Statistics_EN.pdf. 25 Jan 2010: 4. In the same sense, see European Data Protection Supervisor, Opinion of 5 September 2007 on the proposal for a Regulation of the European Parliament and of the Council on Community statistics on public health and health and safety at work (COM(2007) 46 final), http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2007/07-09-05_Statistics_health_data_EN.pdf. Accessed 4 January 2011: 4. “18. The same analysis occurs with the notion of anonymity. Although, from a data protection view, the notion of anonymity would cover data that are no longer identifiable (see recital 26 of the Directive), from a statistical point of view, anonymous data are data for which no direct identification is possible. This definition implies that indirect identification of data would still qualify these data as anonymous, from a statistical point of view.”

  36. 36.

    According to the Article 29 Working Party, the reasonableness is “Another general limitation for the application of data protection under the Directive.” in Article 29 Working Party. Opinion 4/2007 on the concept of personal data, Op. cit.: 5.

  37. 37.

    Article 29 Working Party. Opinion 4/2007 on the concept of personal data, Op. cit.: 13.

  38. 38.

    Council of Europe. Committee of ministers recommendation no. R (97) 5 on the protection of medical data. 13 Feb 1997. Available at http://www.coe.int. 17 Nov 2009.

  39. 39.

    Apud Walden, Ian, Op. cit.: 226. The cost of the identification was recognised by the Article 29 Working Party as one of the factors to be taken into account when analysing whether an individual is identifiable or not. Article 29 Working Party, Opinion 4/2007 on the concept of personal data, Op. cit.: 15.

  40. 40.

    Walden, Ian, Op. cit.: 227.

  41. 41.

    Sarmento e Castro, Catarina, Direito da informática, privacidade e dados pessoais (Coimbra: Almedina, 2005), 72.

  42. 42.

    Liedtke, Patrick M. What’s Insurance to a Modern Economy. The Geneva Papers, 2007, 32. P. 214. “An insurer also works as a risk expert and risk manager because he has to understand and assess the risks he will accept or decline for the scheme. If somebody buys into that scheme, a new relationship is established and has to be judged on its merits, not least vis-à-vis the existing participants and their risks. Whenever an insurer accepts a new risk into the scheme, this affects everybody who is already in the scheme. It is not just a decision that the insurer takes and where he has a direct obligation concerning the risk per se, he also has an obligation to his other business relations.”

  43. 43.

    Jentzsch, Nicola. Op. cit. P. 274. “Credit risk: The (estimated) probability that the borrower will not repay the amount owed on time. Although there are different definitions, credit risk in general usually is defined as delinquency or as default; this is being either 30, 60, 90 or 180 days late. The term is also used for a consumer’s creditworthiness (credit rating). In information economics, this term is used as a short form for ‘credit risk of the consumer,’ where there is a separation in good credit risks and bad ones.”

  44. 44.

    Baker, Tom. Containing the Promise of Insurance: Adverse Selection and Risk Classification. University of Connecticut School of Law Articles Working Paper Series. 2001. Available at: http://lsr.nellco.org/cgi/viewcontent.cgi?article=1002&context=uconn/ucwps. Accessed 1 February 2008. P. 3. “Insurance risk classification is the process of sorting insurance applicants into categories believed to correspond to differences in expected risk. Common examples include sorting life insurance applicants by age, health insurance applicants by health status, workers compensation insurance applicants by type of industry, and property insurance applicants by the nature of the construction of the property to be insured (e.g., wood versus brick).”

  45. 45.

    International Finance Corporation (IFC)—World Bank Group. Op. cit. P. 5. “Credit bureaus are essential to the success of credit markets. They serve as indispensable tools used by financial institutions to support their retail lending business.”

  46. 46.

    Viola de Azevedo Cunha, Mario. Privacidade e Seguro: a coleta e utilização de dados pessoais nos ramos de pessoas e de saúde. Cadernos de Seguro—Teses n. 33. Funenseg: Rio de Janeiro, 2009. P. 22.

  47. 47.

    Meyer, Roberta B. Op. cit. P. 29. “Risk classification assures that premiums are financially prudent or adequate to enable the insurer to meet its contractual obligations to its policy holders. It allows the insurer to determine premiums that are appropriate to levels of risk. The more underwriting information available to the insurer, the more precise it can be in determining appropriate premiums. This protects both insurer and policy holders from the insurer becoming insolvent due to inadequate premiums.” In the same sense, see Expert Group on Credit Histories. Op. cit. P. 40. “Some EGCH experts agree that when assessing creditworthiness and indebtedness, the use of as much relevant data as possible is an advantage (provided it is correct).”

  48. 48.

    Credit Bureaus and Public Registers usually collect and stored only credit information, that can be positive or negative, or even both, what varies from country to country. See International Finance Corporation (IFC)—World Bank Group. Op. cit. P. 12.“Credit history information can be broadly divided into two categories: Negative information: credit history only contains information on defaults. The information may include amounts outstanding at default and the date of last payment. When the debt is repaid, information on delinquencies is deleted from the database. These types of databases are also often referred to as black lists. Among all consumer credit bureaus, 32% provide negative only information. Positive (and negative) or full-file information: credit history contains information on all open and closed credit accounts, including the amount approved, as well as the information on repayment. If a borrower has defaulted on payments, but eventually paid it off, the default information remains on file and is not deleted for a defined period of time. Among all consumer credit bureaus, 68% provide both negative and positive information.” See also the Expert Group on Credit Histories. Op. cit. P. 38.

  49. 49.

    International Finance Corporation (IFC)—World Bank Group. Op. cit. P. 7. “These individual credit reports generally contain personal borrower information and information on borrower credit accounts. The personal section usually captures the borrower’s name; identification number, such as social security (if any); date of birth; former names; current and previous addresses; other forms of identification; employment history; alerts, such as ID theft or security freezes; and date of information update. The credit summary section contains information on all credit accounts (both open and closed) that the borrower may have had, all accounts in good standing, past due accounts, negative account history, and all inquiries made about the borrower for at least the past 12 months.”

  50. 50.

    Family history data will be discussed in Sect. 2.2 of this chapter.

  51. 51.

    Adverse selection happens when one party has information before the transaction that would change the terms of the transaction if known to the other party—e.g. Someone knows that he/she has cancer but does not give this information to the insurance company and contract a life insurance. BAKER, Tom. Op. cit. P. 2. “Adverse selection” (sometimes called “anti-selection” in the insurance trade literature) refers to the theoretical tendency for low risk individuals to avoid or drop out of voluntary insurance pools, with the result that, absent countervailing efforts by administrators, insurance pools can be expected to contain disproportionate percentage of high-risk individuals (…). For example, adverse selection is said to explain the disparity in prices between group and individual health insurance in the United States. With group health insurance, an employer signs up employees as a group, so the insurer gets both the low and the high risks. With individual health insurance, people decide on their own whether to purchase insurance, and those who need it the most are the most likely to purchase it (assuming that they have financial means), with the result that insurers end up with more of the high risks in the pool and less of the low risks.

  52. 52.

    Scolik, Hélio. O Prêmio Nobel de Economia de 2001 e a Informação Assimétrica. Available at http://www.vemconcursos.com/opiniao/index.phtml?page_ordem=assunto&page_id=274&page_print=1. Accessed 11 March 2007.

  53. 53.

    O’NEILL, Onora. Insurance and Genetics: The Current State of Play. In Brownsword, Roger et al. (editors). Law and Human Genetics—Regulating a Revolution. Oxford: Hart Publishing, 1998. P. 129.

  54. 54.

    Expert Group on Credit Histories. Report of the Expert Group on Credit Histories. May 2009. P. 13.

  55. 55.

    Solove, Daniel. Understanding Privacy. Op. cit. P. 73. “Acquisti and Grossklags point to the problem of information asymmetries, when people lack adequate knowledge of how their personal information will be used, and bounded rationality, when people have difficulty applying what they know to complex situations. Some privacy problems shape behavior. People often surrender personal data to companies because they perceive that they do not have much choice. They might also do so because they lack knowledge about the potential future uses of the information. Part of the privacy problem in these cases involves people’s limited bargaining power respecting privacy and inability to assess the privacy risks. Thus looking at people’s behavior might present a skewed picture of societal expectations of privacy.”

  56. 56.

    Baker, Tom. Op. cit. P. 12.

  57. 57.

    Etzioni, Amitai. A Communitarian Approach: A Viewpoint on the Study of the Legal and Ethical Policy Considerations Raised by DNA Tests and Databases. Journal of Law, Medicine & Ethics, V. 34 (2006): 217.

  58. 58.

    Schauer, Frederick. Profiles, Probabilities and Stereotypes. Cambridge: Belknap Press of Harvard University Press, 2003. P. 3.

  59. 59.

    Ibid. P. 4. “(…) generalisation is the stock in trade of the insurance industry. Indeed, the insurance industry has its own name for this kind of decisionmaking. To be an actuary is to be a specialist in generalization, and actuaries engage in a form of decisionmaking that is sometimes called actuarial.”

  60. 60.

    Ibid. P. 4.

  61. 61.

    Daniel Solove brings an interesting example of generalisation which discriminate an entire group of people. Solove, Daniel J. The digital person. Op. cit. P. 50. “(…) one bank routinely denied credit card applications from college students majoring in literature, history, and art, based on the assumption that they would not be able to repay their debts.”

  62. 62.

    Schauer, Frederick. Op. cit. P. 19.

  63. 63.

    Ibid. P. 5. There are other examples of generalisations made by insurance companies that are considered to be controversial, such as being resident of a specific city or driving high-performance sport cars. See Schauer, Frederick. Op. cit. P. 5.

  64. 64.

    UK National Cancer Institute. BRCA1 and BRCA2: Cancer Risk and Genetic Testing. Available at http://www.cancer.gov/cancertopics/factsheet/Risk/BRCA. Accessed 8 March 2010. See also The Oncologist. More Ashkenazi Jews Have Gene Defect that Raises Inherited Breast Cancer Risk. Vol. 1, No. 5, 335–335, October 1996. AlphaMed Press. “The study shows the BRCA2 mutation is just as common among Ashkenazis as a similar mutation in the BRCA1 gene that also increases the risk of breast cancer in this ethnic group. Despite the similar frequency of the two mutations, the risk of breast cancer is more than three times higher in Ashkenazi women who inherit the BRCA1 mutation compared to those who inherit the BRCA2 mutation, the research indicates.”

  65. 65.

    Lenox, Bryce A. Genetic Discrimination in Insurance and Employment: Spoiled Fruits of the Human Genome Project. University of Dayton Law Review. Vol. 23. 1997–1998. P. 194; 196–197. “Genetic discrimination by employers and insurers presents a myriad of issues for individuals subject to genetic screening. Currently, there are several target groups for genetic discrimination: (1) people who are carriers for a recessive genetic disease (they carry the gene but will never become symptomatic); (2) people who carry a gene linked to a genetic disease, but are asymptomatic (they have the gene, but show no signs currently and may never become symptomatic); (3) family members with relatives that carry a known or presumed genetic defect; and (4) those with a genetic aberration not known to manifest any medical condition. Apparently, such genetic discrimination may occur in insurance and in the workplace in almost all targeted groups. (…) Further, ‘the fact that genetic diseases are sometimes closely associated with discrete ethnic or racial groups such as African Americans, Ashkenazi Jews, or Armenians compounds the potential for invidious discrimination.’ Finally, genetic discrimination impacts the creativity and productivity of people, possibly more than the actual disease itself. ‘By excluding qualified individuals from education, employment, government service, or insurance, the marketplace is robbed of skills, energy, and imagination. Such exclusion promotes physical and economic dependency, draining rather than enriching social institutions.’”

  66. 66.

    Schauer, Frederick. Op. cit. P. 36–37.

  67. 67.

    Ibid. P. 187.

  68. 68.

    Ibid. P. 214.

  69. 69.

    Bagenstos, Samuel R. “Rational Discrimination”, Accommodation, and the Politics of (Disability) Civil Rights. Virginia Law Review. Vol. 89, Number 5, September 2003. P. 856. “Thus, a more plausible theory for what makes stereotyping based on the forbidden classifications of race, gender, and disability worse than other types of stereotyping is that stereotyping based on those classifications causes greater harm to the groups that are persistently on the ‘wrong’ side of society’s stereotypical judgements.” In the same sense, see Stein, Michael Ashley. Review: Generalizing Disability. Michigan Law Review. Vol. 102, Nº 6, 2004. Survey of Books Relating to the Law (May, 2004). P. 1389. “Nonetheless, a prominent exception to the morality of decisionmaking based on broad classifications are instances where the sustainable empirical facts are themselves by-products of past discrimination against those groups.”

  70. 70.

    Schauer, Frederick. Op. Cit. P. 128. “(…) certain forms of generalization, even if nonspurious vis-à-vis legitimate goals, are nevertheless morally repugnant because of the way in which they may stigmatize or isolate members of certain traditionally oppressed or marginalized groups.”

  71. 71.

    Stein, Michael Ashley. Op. cit. P. 1374. “(…) spurious categories lacking statistical support and nonspurious categories that are empirically sustainable. The nonspurious category contains two further varieties: universal generalizations that are always true because of either definitional (‘all bachelors are unmarried’) or empirical (‘all humans are less than nine feet tall’) reasons, and those generalizations that are relatively truer for members of a particular group than they are in general (‘bulldogs tend to have poorer hips than most other dogs,’ or ‘teenagers are relatively bad drivers in comparison to the overall driving population’)”.

  72. 72.

    See http://www.copecl.org/. Accessed 13 March 2010.

  73. 73.

    Basedow, Jürgen et al. (editors). Principles of European Insurance Contract Law (PEICL). Munich: Sellier European Law Publishers, 2009. P. 69.

  74. 74.

    Available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2008:115:0047:0199:EN:PDF. Accessed 13 March 2010.

  75. 75.

    Data related to fraud is an example of the use of sensitive data in credit reporting activities. See Expert Group on Credit Histories. Op. cit. P. 40. “Data about fraud is often stored in central databases so that a creditor may check to see if a credit application may be related to a past fraud. Creditors store information about instances of fraud within their own business and employ experts and tools to detect and prevent fraudulent new credits and fraud activity in existing accounts.”

  76. 76.

    Directive 2008/48EC imposes to financial institutions the duty to assess the creditworthiness of the consumers, by consulting the relevant databases. It also creates to member states the obligation to ensure to creditors from other member states, in the case of cross-border credit, access to databases used in that member state for assessing the creditworthiness of consumers in a ‘non-discriminatory’ way. See Articles 8 and 9:

    Article 8. Obligation to assess the creditworthiness of the consumer

    1. 1.

      Member states shall ensure that, before the conclusion of the credit agreement, the creditor assesses the consumer’s creditworthiness on the basis of sufficient information, where appropriate obtained from the consumer and, where necessary, on the basis of a consultation of the relevant database. Member states whose legislation requires creditors to assess the creditworthiness of consumers on the basis of a consultation of the relevant database may retain this requirement.

    2. 2.

      Member states shall ensure that, if the parties agree to change the total amount of credit after the conclusion of the credit agreement, the creditor updates the financial information at his disposal concerning the consumer and assesses the consumer’s creditworthiness before any significant increase in the total amount of credit.

    Article 9. Database access

    1. 1.

      Each Member state shall in the case of cross-border credit ensure access for creditors from other member states to databases used in that member state for assessing the creditworthiness of consumers. The conditions for access shall be non-discriminatory.

    2. 2.

      If the credit application is rejected on the basis of consultation of a database, the creditor shall inform the consumer immediately and without charge of the result of such consultation and of the particulars of the database consulted.

    3. 3.

      The information shall be provided unless the provision of such information is prohibited by other Community legislation or is contrary to objectives of public policy or public security.

    4. 4.

      This Article shall be without prejudice to the application of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

  77. 77.

    Expert Group on Credit Histories. Op. cit. P. 40. “In most European markets today, however, some types of non-credit information cannot be processed. As far as this data would constitute infringements to the legislation, they might be considered as judicial data in the sense of some national laws implementing the Data Protection Directive. Judicial data is strictly protected and cannot, according to such laws, be processed except e.g. by the data controller use in the course of his/her own litigation. Centralisation of such data or its processing by a third party (creditor) would therefore not be admissible. In addition, data collected for a specific purpose (e.g. telecommunication services) must be, according to the Data Protection Directive, processed for that specific purpose and cannot automatically be transferred to another data controller with an incompatible purpose.”

  78. 78.

    Both insurance companies, banks and credit information suppliers process personal data for preventing criminal activities. There are some legal duties imposed to these activities regarding, for example, money laundering and paedophilia.

  79. 79.

    See Chap. 3.

  80. 80.

    EUROPEAN COURT OF JUSTICE. Case C-236/09, Association belge des Consommateurs Test-Achats ASBL and others v. Conseil des ministres. Grand Chamber, 9 March 2010. Available at http://curia.europa.eu/jurisp/cgi-bin/form.pl?lang=en&alljur=alljur&jurcdj=jurcdj&jurtpi=jurtpi&jurtfp=jurtfp&numaff=C-236/09&nomusuel=&docnodecision=docnodecision&allcommjo=allcommjo&affint=affint&affclose=affclose&alldocrec=alldocrec&docdecision=&docor=docor&docav=docav&docsom=docsom&docinf=docinf&alldocnorec=alldocnorec&docnoor=docnoor&docppoag=docppoag&radtypeord=on&newform=newform&docj=docj&docop=docop&docnoj=docnoj&typeord=ALL&domaine=&mots=&resmax=100&Submit=Rechercher. Accessed 7 August 2011.

  81. 81.

    European Commission. Communication from the Commission—Guidelines on the application of Council Directive 2004/113/EC to insurance, in the light of the judgment of the Court of Justice of the European Union in Case C-236/09 (TestAchats). C(2011) 9497 final. Brussels, 22.12.2011. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf. Accessed 17 September 2012. P. 5.

  82. 82.

    Article 29 Working Party on Data Protection. Working Document on the processing of personal data relating to health in electronic health records (HER). Op. cit. P. 9. “In contrast to the provisions of Article 7 of the Directive, consent in the case of sensitive personal data and therefore in an HER must be explicit. Opt-out solutions will not meet the requirement of being ‘explicit’. In accordance with the general definition that consent presupposes a declaration of intent, explicitness must relate, in particular, to the sensitivity of the data. The data subject must be aware that he is renouncing special protection. Written consent is, however, not required.”

  83. 83.

    “Although tobacco deaths rarely make headlines, tobacco kills one person every 6 s. Tobacco kills a third to half of all people who use it, on average 15 years prematurely. Today, tobacco use causes one in ten deaths among adults worldwide—more than five million people a year. By 2030, unless urgent action is taken, tobacco’s annual death toll will rise to more than eight million.” In World Health Organization. Report on the global TOBACCO epidemic, 2008. Available at http://www.who.int/tobacco/mpower/mpower_report_full_2008.pdf. Accessed 16 May 2008.

  84. 84.

    In this sense, see International Labour Office—Report of the Director-General. Equality at work: Taking the challenges (Global Report under the follow-up to the ILO Declaration on Fundamental Principles and Rights at work). International Labour Conference, 96th Session, 2007. P. 49. “Discrimination base on lifestyle—182. Lifestyle and, more specifically, whether an individual leads a ‘healthy’ life, is becoming a factor in obtaining or keeping a job. Being overweight or a smoker or suffering from hypertension can be an occupational disadvantage in several industrialized countries. Virtually every lifestyle choice, including driving fast cars, has some health-related consequence; the question therefore is where to draw the line between what an employer can regulate and the freedom of employees to lead the life of their choices.”

  85. 85.

    Article 29 Working Party on Data Protection. Working Document on Blacklists. Op. cit P. 9–10. “As for blacklists including any other kind of especially protected data, such as health information, it should be pointed out that files of this kind on such questions are essentially compiled in connection with life insurance offered by companies in that sector. In such cases, in the absence of legal regulations incorporating the appropriate safeguards, these files may only be compiled with the data subject's free, specific, explicit and informed consent, which he is entitled to revoke. Even then, however, Article 6 of the Directive must be taken into account, as must, in particular, the proportionality of creating these files in relation to the end in sight. It is also necessary to establish that no specific rules in the Member state concerned prohibit this kind of practice even when the data subject has given his consent. (…) As specific examples of action in relation to this kind of blacklist, some national supervisory authorities have reprehended joint files centralised by a federation of insurance companies which included data on persons who had been refused life insurance on the grounds of their health problems. The supervisory authority ruled that these had to be deleted or legitimised in accordance with the Directive, as it took the view that it was not sufficient that this information should be available to the respective companies with life insurance contracts with those data subjects with which the nature of the contractual relations could provide grounds for holding this information.”

  86. 86.

    Article 29 Working Party on Data Protection. Working Document on the processing of personal data relating to health in electronic health records (HER). Op. cit. P. 18. “When structuring HER records, recurrent information demands should also be taken into consideration. One example: Under national law, private insurance companies might be entitled to receive some (limited) information concerning health records, when necessary in the context of fulfilling their contractual obligations towards insured patients. Granting access to private insurance companies to the HER of a patient seems unacceptable. For that reason a solution could be to establish a standardized special ‘documentation package’ which, when necessary, meets the legitimate information interests of the insurer and, if authorized by the patient, could be (electronically) transmitted to the private insurance company.”

  87. 87.

    This recommendation, however, is not a binding document. See Batellaan, Pieter; Coomans, Fons. Op. cit.

  88. 88.

    Article 1(c) of the Appendix to the Recommendation.

  89. 89.

    Article 4.2 of the Appendix to the Recommendation.

  90. 90.

    4.4. Subject to the provisions of Principles 4.6–4.8, 8.1 and 13.1, personal data may only be collected and processed for the purposes of: a. preparing and issue of insurance; b. collecting premiums and submitting other bills; c. settling claims or paying other benefits; d. reinsurance; e. co-insurance; f. preventing, detecting and/or prosecuting insurance fraud; g. establishing, exercising or defending legal claim; h. meeting another specific legal or contractual obligation; i. prospecting new insurance markets; j. internal management; k. actuarial activities.

  91. 91.

    Article 4.7 of the Appendix to the Recommendation.

  92. 92.

    Rodotà, Stefano. A vida na sociedade da vigilância: privacidade hoje. Rio de Janeiro: Renovar, 2008. P. 249. Unofficial translation by the author.

  93. 93.

    Maybe in the future they will intend to use genetic information for risk analysis in long-term contracts, such as mortgages, but it is not a current scenario.

  94. 94.

    Godard, Béatrice; Joly, Yann; Knoppers, Bartha Maria. A Comparative International Overview. In Rothstein, Mark A. Genetics and Life Insurance—Medical Underwriting and Social Policy. Cambridge: The MIT Press, 2004. P. 175.

  95. 95.

    Article 2(i) of the Unesco International Declaration on Human Genetic Data. Available at http://portal.unesco.org/en/ev.php-URL_ID=17720&URL_DO=DO_TOPIC&URL_SECTION=201.html. Accessed 17 May 2008. See also Recommendation nº R(97)5 of the Council of Minister of CoE on the protection of medical data, which Article 1 defines genetic data as “data, of whatever type, concerning the hereditary characteristics of an individual or concerning the pattern of inheritance of such characteristics within a related group of individuals”, considering in such definition “any genetic information (genes) in an individual or genetic line relating to any aspect of health or disease, whether present as identifiable characteristics or not.”

  96. 96.

    See Article 2(xii) of the Unesco International Declaration on Human Genetic Data. Available at http://portal.unesco.org/en/ev.php-URL_ID=17720&URL_DO=DO_TOPIC&URL_SECTION=201.html. Accessed 17 May 2008.

  97. 97.

    Article 4(10) of the EU Commission’s Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

  98. 98.

    Juth, Niklas; Radetzki, Marian; Radetzki, Marcus. Genes and Insurance—Ethical, Legal and Economic issues. Cambridge: Cambridge University Press, 2003. P. 11. “Is the latter purpose of genetic testing that is of primary interest to insurance companies, that is the testing for diseases that have not yet revealed any symptoms.”

  99. 99.

    See Association of British Insurers. Code of Practice for Genetic Tests. June 2008. Available at http://www.abi.org.uk/Information/Codes_and_Guidance_Notes/41697.pdf. Accessed 23 February 2010. P. 2. “The Code is applicable to insurance where an applicant may disclose a predictive genetic test result.”

  100. 100.

    In this sense is the conclusion of the Article 29 Working Party on Data Protection concerning the extension of the protection given to sensitive data under the Directive 95/46/EC to genetic data. In Article 29 Working Party. Working Document on Genetic Data. Op. cit. P. 5.

  101. 101.

    Lewicki, Bruno. A Privacidade da Pessoa Humana no Ambiente de Trabalho. Rio de Janeiro: Renovar, 2003. P. 201.

  102. 102.

    Meyer, Roberta B. Op. cit. P. 39/40. “The second myth deals with the widely held misperception that genetic tests are always concerned with future rather than present disease. DNA-based genetic tests designed to diagnose cancers and other diseases by definition deal with conditions that are already present. They aid in early diagnosis of that disease that already exists. Genetic tests are being developed to define the genetic makeup of a tumor or disease-causing organism and to design therapies tailored to those genetic characteristics. For example, genetic tests are performed on the microorganism that causes tuberculosis to determine if a given Mycobacterium is resistant to conventional drug therapy. Another prognostic genetic test involves polymerase chain reaction of blood to detect malignant cells that are in the process of metastasizing from a primary site to distant body locations. The results may signal an unexpected need for aggressive chemotherapy. Because results of both diagnostic and prognostic genetic tests provide information relevant to the likelihood of premature death, they are likely to be critical to medical underwriting.”

  103. 103.

    O’neill, Onora. Insurance and Genetics: The Current State of Play. In Brownsword, Roger et al. (editors). Law and Human Genetics—Regulating a Revolution. Oxford: Hart Publishing, 1998. P. 126.

  104. 104.

    Burley, Justine. An abstract approach to the regulation of human genetics: law, morality and social policy. In Somsen, H. The regulatory challenge of biotechnology. Cheltenham: Edward Elgar Publishing, 2007. P. 63.

  105. 105.

    The Charter of Fundamental Rights of the European Union recognises human dignity as a inviolable right (Article 1).

  106. 106.

    See Omega Case (Case C-36/02) decided by the European Court of Justice. “34. As the Advocate General argues in paragraphs 82–91 of her Opinion, the Community legal order undeniably strives to ensure respect for human dignity as a general principle of law. There can therefore be no doubt that the objective of protecting human dignity is compatible with Community law, it being immaterial in that respect that, in Germany, the principle of respect for human dignity has a particular status as an independent fundamental right.” In the same sense, see Rodotà, Stefano. La vita e le regole—Tra diritto e non diritto. Op. cit. P. 29. “L‘inviolabilità della dignità umana, proclamata in apertura della Costituzione tedesca e della Carta dei diritti fondamentali dell’Unione europea, è garanzia che preclude a chiunque, fosse pure lo stesso interessato, di ridurne il significato e la portata. Libertà e dignità appartengono alla sfera di quel che non è negoziabile, è posto fuori del mercato.”

  107. 107.

    Niger, Sergio. Il diritto alla protezione dei dati personali. In Monducci, Juri; Sartor, Giovanni (editors). Il codice in materia di protezione dei dati personali. Cedam: Padova, 2004. P. 8. “La dignità umana costituisce uno dei valore fondativi della privacy, destinato ad assumere un rilievo sempre pi\( \hbox{\`{u}} \) grande per diffondersi e il rafforzarsi di tendenze che espongono, usando lespressione di E.J. Blounstein, la vita privata ad un public scrutiny.”

  108. 108.

    Viola de Azevedo Cunha, Mario; Marin, Luisa; Sartor, Giovanni. Peer-to-peer privacy violations and ISP liability: data protection in the user-generated web. International Data Privacy Law, 2012, Vol. 2, No. 2. P. 53.

  109. 109.

    The relevance (or not) of consent as a valid legal basis for the processing of (all kinds) of data will be further analysed in Chap. 6.

  110. 110.

    Rodotá, Stefano. A vida na sociedade da vigilância: privacidade hoje. Op. cit. P.250.

  111. 111.

    Dolgin, Janet L. Ideologies of Discrimination: Personhood and the ‘Genetic Group’. Studies in History and Philosophy of Biological and Biomedical Sciences. Vol. 32, No. 4. Great Britain: Elsevier, 2001. P. 707.

  112. 112.

    Meyer, Roberta B. Op. cit. P. 29–30.

  113. 113.

    Rothstein, Mark A.; Horung, Carlton A. Public Attitudes. In Rothstein, Mark A. Genetics and Life Insurance. London: MIT Press, 2004. P. 1.

  114. 114.

    Burley, Justine. Op. cit. P. 69.

  115. 115.

    Article 21 Non-discrimination

    1. Any discrimination based on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation shall be prohibited.

  116. 116.

    Article 11—Non-discrimination—Any form of discrimination against a person on grounds of his or her genetic heritage is prohibited.

  117. 117.

    Article 6—No one shall be subjected to discrimination based on genetic characteristics that is intended to infringe or has the effect of infringing human rights, fundamental freedoms and human dignity.

  118. 118.

    Article 7—Non-discrimination and non-stigmatization

    1. (a)

      Every effort should be made to ensure that human genetic data and human proteomic data are not used for purposes that discriminate in a way that is intended to infringe, or has the effect of infringing human rights, fundamental freedoms or human dignity of an individual or for purposes that lead to the stigmatization of an individual, a family, a group or communities.

  119. 119.

    Article 12—Predictive genetic tests—Tests which are predictive of genetic diseases or which serve either to identify the subject as a carrier of a gene responsible for a disease or to detect a genetic predisposition or susceptibility to a disease may be performed only for health purposes or for scientific research linked to health purposes, and subject to appropriate genetic counselling.

  120. 120.

    “In Five European countries—Austria, Belgium, Denmark, France and Norway—any use of genetic information for business purposes is prohibited. In Four countries—France, Germany, Sweden, and the United Kingdom—a moratorium or partial moratorium on the use of genetic information by insurers has been established. In the Netherlands, the Medical Examination Act (1998) prevents the acquisition of genetic information by insurers and employers below a certain amount of coverage.” In EuroGAPPP. Genetics and public and professional policy in Europe. Available at http://ec.europa.eu/research/biosociety/pdf/bmh4_ct98_0550_partb.pdf. Accessed 5 March 2008. Although France appears twice in the citation, both as a country where the use of genetic information for business purposes is prohibited and as a country that established a moratorium, the correct one is the reference to a legal prohibition, according to article L.1141-1 of the Code of Public Health. Available at http://www.legifrance.gouv.fr/affichCode.do?cidTexte=LEGITEXT000006072665. Accessed 10 November 2010.

  121. 121.

    Art. 11—Non discrimination principle

    1. 1.

      Nobody can be damaged, in anyway, as a consequence of possessing a genetic disease or of his own genetic heritage.

    2. 2.

      Nobody can be discriminated, in any way, as a consequence of the results of a genetic test, including for employment purposes, health or life insurance purposes, access to education and adoption, both for the adopted and for the adopter.

    3. 3.

      Nobody can be discriminated, in any way, in his right to a have a medical and psycho-social treatment and genetic counselling as a consequence of the refusal to do a genetic test. (Unofficial translation by the author).

  122. 122.

    See UK House of Commons. Select Committee on Science and Technology Fifth Report. Available at http://www.parliament.the-stationery-office.co.uk/pa/cm200001/cmselect/cmsctech/174/17404.htm#a1. Accessed 13 January 2011.

  123. 123.

    Leemens, Trudo. Genetics and Insurance Discrimination: Comparative Legislative, Regulatory and Policy Developments and Canadian Options. Health Law Journal Special Edition, 2003. Available at http://www.law.ualberta.ca/centres/hli/userfiles/Lemmens.pdf. Accessed 13 January 2011. P. 60.

  124. 124.

    Rothstein, Mark A. Genetic Secrets: A Policy Framework. In Rothstein, Mark A. (editor). Genetic Secrets: Protecting Privacy and Confidentiality in the Genetic Era. New Heaven and London: Yale University Press, 1997. P. 474. “In the Netherlands, a 5-year moratorium trial period, in which no genetic information may be used in underwriting policies below 200,000 guilders (about $ 100,000), has been extended indefinitely while proposed legislation is debated in the Parliament.”

  125. 125.

    Genetic Privacy. Available at http://epic.org/privacy/genetic/. Accessed 16 February 2008. “Discrimination in life insurance: Life insurance applications generally require individuals to disclose information about themselves, their health and their lifestyles as a condition of obtaining coverage. Some life insurers have asked individuals to take genetic tests in order to determine whether they are predisposed to diseases that could make them greater risks. Genetic testing for life insurance was a subject of a Parliamentary hearing in the UK. Because of the uncertain connection between genetic predisposition and the eventual development of disease in any specific individual, life insurers agreed to a voluntary 5-year moratorium on genetic testing with the exception of the test for Huntington’s Disease on policies that would pay out more than 500,000 pounds.” The processing of genetic data by the insurance industry in the UK will be better analysed in the appropriate topic (4.5.3).

  126. 126.

    Dolgin, Janet L. Op. cit. P. 708.

  127. 127.

    Meyer, Roberta. B. Op. cit. P. 35. “Insurers have used broadly defined genetic information in underwriting for a long time. Applications for policies commonly seek information on family history, cholesterol level, hypertension, coronary heart disease, cancer, diabetes, and many other impairments that may have a genetic basis, which is inherited, acquired, or both.”

  128. 128.

    O’Neill, Onora. Op. cit. P. 126.

  129. 129.

    Uhlmann, Wendy R., and Sharon F. Terry. 1997. Perspectives of consumers and genetics professionals. In Genetic secrets: Protecting privacy and confidentiality in the genetic era, ed. Mark A. Rothstein. New Heaven: Yale University Press. P. 168.

  130. 130.

    Article 29 Working Party. Working Document on Genetic Data. Op. cit. P. 9. “Right not to know: It is the case where the person concerned chooses not to be informed of the results of the genetic test nor receive any further information (i.e. as to whether it is carrying a defective gene or is going to suffer a disease) particularly if the disease is highly serious and at the time there are no scientific means to prevent or treat it. The same applies to the family members who may wish to assert a right not to know about the results of a test taken by a family member to determine the presence or absence of a serious genetic disorder, preferring to live their lives without the shadow of such information. This is particularly true when there is no prevention or treatment available.”

  131. 131.

    Ibid. P. 7. “Predictive genetic tests are designed to identify genetic changes which are highly likely to lead to an illness at a later point in the life of the person tested. A particular problem associated with predictive diagnostics is that, even if genetic changes can be identified which are demonstrably linked to certain illnesses, it often cannot be predicted with certainty if and when a particular illness will occur in the later life of the person concerned.”

  132. 132.

    Apud Moraes, Maria Celina Bodin de. O conceito de dignidade humana: substrato axiológico e conteúdo normativo. In Constituiçao, direitos fundamentais e direito privado, ed. Ingo Sarlet. Porto Alegre: Editora Livraria do Advogado. P. 128. Unofficial translation by the author.

  133. 133.

    Kass, Nancy E. P. 306. “The threat to autonomy. Genetic tests are available for medical conditions for which there are no or limited treatments. This means that the decision whether to learn whether one is destined to have—or is at increased risk for—a certain condition is a matter of personal choice. Counselling programs have been established to help individuals who may be at risk for certain conditions for which no intervention is available decide if they want to learn whether they carry a gene mutation associated with a particular health condition later in life. Inherent to such counselling programs is the assumption that valid reasons exist both for wanting the information and for not wanting the information perhaps years in advance of becoming symptomatic.

    Mandatory genetic screening—or ‘conditionally mandatory’ screening, that is, screening required as a condition of obtaining health insurance—would deprive individuals of this right to personal autonomy. No longer would the consequential psychological decision about whether to take a genetic test be left to the individual.”

  134. 134.

    O’neill, Onora. Op. cit. P. 129. In the same sense, see Kass, Nancy E. Op. cit. P. 306. “If insurance companies increasingly seek to use genetic information in their risk-screening process, either by asking the applicants whether they have been tested on their own or by requesting copies of applicants’ medical records, individuals will have an incentive to avoid testing until it is medically necessary. Obviously, once a patient presents with the symptoms and a diagnostic test is warranted, the test may have little additional impact in whether a person is considered insurable. (…) If one’s access to health or life insurance were limited severely as a result of acquiring such information early of from sharing such information with one’s physician, such public health benefits could not be realized.”

  135. 135.

    In the UK, if the individual discloses such information to an insurance company, this latter cannot take into account this information for risk analysis. See Association of British Insurers; Government of the United Kingdom. Mar 2005. Concordat and Moratorium on genetics and insurance. Available at http://www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/documents/digitalasset/dh_4106050.pdf. 23 Feb 2010.

  136. 136.

    The European Parliament recognised the need to regulate the processing of personal data for insurance purposes at the European level, what, in the opinion of the Parliament should lead to a prohibition of such processing activity. See European Parliament. Resolution on the ethical and legal problems of genetic engineering. (Official Journal C 96, 17/04/1989, p. 165–171). Available at https://www.codex.vr.se/texts/EP-genetic.html. Accessed 16 February 2009. “As regards genome analysis for insurance purposes:

    19. Considers that insurance companies have no right to demand that genetic testing be carried out before or after the conclusion of an insurance contract nor to demand to be informed of the results of any such tests which have already been carried out and that genetic analysis should not be made a requirement for the conclusion of an insurance contract;

    20. Asserts that the insurer has no right to be notified by the policy holder of all the genetic data known to the latter.” In the same direction was the position adopted by the World Medical Association in its Declaration on the Human Genome Project. World Medical Association. 2010. Declaration on the human genome project. Available at http://www.wma.net/en/30publications/10policies/20archives/g6/index.html. 26 Jan 2010. “Genetic discrimination in private insurance and employment—here is a conflict between the increasing potential of new technologies to reveal genetic heterogeneity and the criterion for private insurance and employment. It may be desirable, regarding genetic factors, to adopt the same tacit consensus which prohibits the use of race discrimination in employment or insurance. Genetic mapping may become a source of stigmatization and social discrimination, and the ‘risky population’ may turn into a ‘defective population’.”

  137. 137.

    See footnote 280 (supra).

  138. 138.

    See Article 9(2)(a) of the Proposal for a General Data Protection Regulation. European Commission. 2012. Op. cit. “Article 9—Processing of special categories of personal data—(1.) The processing of personal data, revealing race or ethnic origin, political opinions, religion or beliefs, trade-union membership, and the processing of genetic data or data concerning health or sex life or criminal convictions or related security measures shall be prohibited. (2.) Paragraph 1 shall not apply where: (a) the data subject has given consent to the processing of those personal data, subject to the conditions laid down in Articles 7 and 8, except where Union law or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject; or”.

  139. 139.

    Moraes, Maria Celina Bodin de. O conceito de dignidade humana: substrato axiológico e conteúdo normativo. Op. cit. P. 128. Unofficial translation by the author.

  140. 140.

    Schwartz; Paul. M. Op. cit. P. 408. “Günter Wiese argues that private insurers might be tempted to practice adverse selection techniques to increase their profits and lower the premiums of their remaining clients: ‘An exclusion of genetically encumbered persons from private insurance would be unsatisfactory for the society as a whole; the state and the general public of tax payers would be responsible for these individuals, after all, and the system of private insurance would end by being discredited. This exclusion would be especially problematic if, due to demographic trends, public social insurance benefits could only be set at a low level.’ Profit maximizing by private companies that use personal genetic data does not increase the social wealth. Rather, it inefficiently shifts costs to taxpayers and, to a lesser extent, back onto health care providers who may be forced to provide uncompensated or undercompensated care.”

  141. 141.

    Francioni, Francesco. The International Legal Framework. In Francioni, Francesco (editor). Biotechnologies and International Human Rights. Oxford and Portland: Hart Publishing, 2007. P. 22. “Myriad Genetic claimed a patent relating to a gene probe ‘for diagnosing a predisposition to breast cancer in Ashkenazi Jewish women’. The relevant gene mutation related to ovarian and breast cancer and was found to be prevalent in Ashkenazi Jewish population in the order of 1% as compared to 0.1% of the general population.”

  142. 142.

    Ibid. P. 21. “At the same time, genetic science and technology, especially in the field of medicine, are raising new possibilities of discrimination. From a general point of view, the most threatening type of discrimination can come from conceptualization of ‘normality’ based, rather than on the natural definition as a state of physical and mental wellbeing, on a genetic connotation, which includes the hidden predisposition to some health impairment or, conversely, the search for a certain quality of life.”

  143. 143.

    DeCew, Judith Wagner. P. 148. “Consider, for example, the dangers that can accompany advances in genetic tests. Tests for breast cancer genes, to cite one case, could potentially be extremely useful for patients who might benefit from extra vigilance to check for the disease. If confidentiality of the results cannot be assured, however, allowing information to be part of a doctor’s or genetic counsellor’s file could mean that patients are later identified as having <<preexisting conditions>>, jeopardizing medical insurance coverage for themselves and even their children.”

  144. 144.

    Rothstein, Mark A. Genetic Secrets: A Policy Framework. In Rothstein, Mark A. (editor). Genetic Secrets: Protecting Privacy and Confidentiality in the Genetic Era. New Heaven and London: Yale University Press, 1997. P. 471. “There is a legitimate concern that similar, surrogate measures for genetic traits could be adopted by one or more insurers if genetic testing were prohibited. For example, nonspecific diagnostic criteria could be used to predict the onset of a genetic disorder. Less likely, but more troubling, an insurer might refuse to insure members of a certain ethnic group because the group has a higher prevalence of a particular gene disorder, regardless of legal prohibition on such conduct.”

  145. 145.

    Rothstein, Mark A. Ibid. P. 468. “There is little evidence that the state of the art in genetics is sufficiently developed or that medical directors of insurance companies have the expertise in genetics to base medical underwriting on predictive genetic information. For example, among the results of a 1992 questionnaire survey of the medical directors of life insurance companies, ‘more than one in four indicated that they believe that genes are composed of chromosomes rather than the other way around, and … [o]nly half knew that DNA is composed of four nucleotides.’”

  146. 146.

    Capron. A. M. Genetics and Insurance: Accessing and Using Private Information. In Paul, Ellen Frankel (editor). Social Philosophy & Policy: The Right to Privacy. Volume 17. Number 2. Bowling Green: Bowling Green State University, 2000. P. 255.

  147. 147.

    O’neill, Onora. Ob. cit. P. 126–127.

  148. 148.

    Rodotà, Stefano. La vita e le regole—Tra diritto e no diritto. Milano: Feltrinelli, 2006. P. 72. “Solo assicurando che i risultati dei test genetici non potranno essere conosciuti e utilizzati da assicuratori e datori di lavoro, che potrebbero utilizarli per discriminare, le persone possono liberamente ricorrere a quei test e così tutelare efficacemente il loro diritto alla salute.”

  149. 149.

    Article 29 Working Party Working. Document on Genetic Data. Op. cit. P. 10. This position is very close to the precautionary principle used against the production and commercialization of genetic modified organisms. About this subject see Martini, Luca. Il Diritto Internazionale e Comunitário della Bioetica. Torino: G. Giappichelli Editore, 2006. P. 73–144.

  150. 150.

    Principle 7.

  151. 151.

    O’Neill, Onora. P. 127.

  152. 152.

    Available at http://www.whitehouse.gov/news/releases/2008/05/print/20080521-7.html. Accessed 4 September 2008.

  153. 153.

    Burley, Justine. Op. cit. P. 78.

  154. 154.

    Rothstein, Mark A. Genetics and Life Insurance. London: MIT Press, 2004. P. xii. “(…) We have to decide the degree to which genetic information of relevance in medical settings should be available for use in other settings. We have also yet to decide whether this information should be treated the same way as other health information or whether it is somehow unique. Finally, we have yet to determine the extent to which access to results of genetic tests by third parties will dissuade people from undergoing testing.”

  155. 155.

    Available at http://www.aeras-infos.fr/sections/les_documents_offici/la_convention/texte_de_la_conventi/downloadFile/file/convention_aeras.pdf?nocache=1167154356.09. Accessed 18 October 2010.

  156. 156.

    The French Code of Public Health imposed the adoption of a national convention regarding the access to credit for persons who, deal to their age, health status or disability, present a higher risk (risque aggravé), to be concluded between the “National Government, Trade Associations of the Credit Institutions, Insurance Companies, mutual insurance companies and institutions of precaution (prévoyance) as well as national organisations representing patients and the users of the health system approved under the terms of article L. 1114-1 or representatives of persons with disabilities” (Article L. 1141-2 of the Code of Public Health), aiming at facilitating the access to credit by those persons. Unofficial translation by the author.

    The Convention Aeras was signed on 6 July 2006 and entered into force on 6 January 2007. According to the convention, the lending institutions, besides analysing the financial status of the applicant for credit, can request that such person subscribes an insurance policy to guarantee the repayment of the debt. See http://www.aeras-infos.fr/sections/la_convention_en_3_q/view. Accessed 8 October 2010.

References

  • Bagenstos, Samuel R. 2003. “Rational discrimination”, accommodation, and the politics of (disability) civil rights. Virginia Law Review 89(5): 825–923.

    Article  Google Scholar 

  • Baker, Tom. 2001. Containing the promise of insurance: Adverse selection and risk classification. University of Connecticut School of Law articles working paper series. Available at: http://lsr.nellco.org/cgi/viewcontent.cgi?article=1002&context=uconn/ucwps. 1 Feb 8.

  • Basedow, Jürgen, et al. (eds.). 2009. Principles of European Insurance Contract Law (PEICL), 69. Munich: Sellier European Law Publishers.

    Google Scholar 

  • Burley, Justine. 2007. An abstract approach to the regulation of human genetics: Law, morality and social policy. In The regulatory challenge of biotechnology, ed. H. Somsen. Cheltenham: Edward Elgar Publishing.

    Google Scholar 

  • Capron, A.M. 2000. Genetics and insurance: Accessing and using private information. In Social philosophy & policy: The right to privacy, vol. 17, Number 2, ed. Ellen Frankel Paul. Bowling Green: Bowling Green State University.

    Google Scholar 

  • Clayton, Richard. 2010. The Phorm ‘Webwise’ system. http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf. Accessed 7 Nov 2010.

  • Cuffaro, Vincenzo, et al. 2007. Il codice del trattamento dei dati personali. Torino: G. Giappichelli Editore.

    Google Scholar 

  • Dolgin, Janet L. 2001. Ideologies of discrimination: Personhood and the ‘genetic group’. Studies in History and Philosophy of Biological and Biomedical Sciences 32(4). Great Britain: Elsevier.

    Google Scholar 

  • Etzioni, Amitai. 2006. A communitarian approach: A viewpoint on the study of the legal and ethical policy considerations raised by DNA tests and databases. The Journal of Law, Medicine & Ethics 34: 214–221.

    Article  Google Scholar 

  • Francioni, Francesco. 2007. The international legal framework. In Biotechnologies and international human rights, ed. Francesco Francioni. Oxford/Portland: Hart Publishing.

    Google Scholar 

  • Gediel, José Antônio Peres, and Adriana Espíndola Corrêa. 2008. Proteção jurídica de dados pessoais: A intimidade sitiada entre o estado e o mercado. Revista da Faculdade de Direito da UFPR 47: 141–153.

    Google Scholar 

  • Godard, Béatrice, Yann Joly, and Bartha Maria Knoppers. 2004. A comparative international overview. In Genetics and life insurance—Medical underwriting and social policy, ed. Mark A. Rothstein. Cambridge: The MIT Press.

    Google Scholar 

  • Jentzsch, Nicola. 2007. Financial privacy: An international comparison of credit reporting systems, 2nd ed. Berlin: Springer.

    Google Scholar 

  • Juth, Niklas, Marian Radetzki, and Marcus Radetzki. 2003. Genes and insurance—Ethical, legal and economic issues. Cambridge: Cambridge University Press.

    Google Scholar 

  • Kuner, C. 2007. European data protection law—Corporate compliance and regulation, 2nd ed. Oxford: Oxford University Press.

    Google Scholar 

  • Leemens, Trudo. 2003. Genetics and insurance discrimination: Comparative legislative, regulatory and policy developments and Canadian options. Health Law Journal Special Edition. Available at http://www.law.ualberta.ca/centres/hli/userfiles/Lemmens.pdf. 13 Jan 2011.

  • Lenox, Bryce A. 1997–1998. Genetic discrimination in insurance and employment: Spoiled fruits of the human genome project. University of Dayton Law Review 23: 209–211.

    Google Scholar 

  • Lewicki, Bruno. 2003. A privacidade da pessoa humana no ambiente de trabalho. Rio de Janeiro: Renovar.

    Google Scholar 

  • Liedtke, Patrick M. 2007. What’s insurance to a modern economy. The Geneva Papers on Risk and Insurance 32: 211–221.

    Article  Google Scholar 

  • Martini, Luca. 2006. Il diritto internazionale e comunitário della bioetica. Torino: G. Giappichelli Editore.

    Google Scholar 

  • Niger, Sergio. 2004. Il diritto alla protezione dei dati personali. In Il codice in materia di protezione dei dati personali, ed. Juri Monducci and Giovanni Sartor. Padova: Cedam.

    Google Scholar 

  • Ohm, Paul. Broken promises of privacy: Responding to the surprising failure of anonymization (13 Aug 2009). University of Colorado Law School legal studies research paper No. 09-12. http://ssrn.com/abstract=1450006. Accessed 7 Nov 2010.

  • O’Neill, Onora. 1998. Insurance and genetics: The current state of play. In Law and human genetics—Regulating a revolution, ed. Roger Brownsword et al. Oxford: Hart Publishing.

    Google Scholar 

  • Rodotà, Stefano. 2006a. La vita e le regole—Tra diritto e non diritto. Milano: Feltrinelli.

    Google Scholar 

  • Rodotà, Stefano. 2008. A vida na sociedade da vigilância: Privacidade hoje. Rio de Janeiro: Renovar.

    Google Scholar 

  • Rothstein, Mark A. 1997. Genetic secrets: A policy framework. In Genetic secrets: Protecting privacy and confidentiality in the genetic era, ed. Mark A. Rothstein. New Heaven: Yale University Press.

    Google Scholar 

  • Rothstein, Mark A., and Carlton A. Horung. 2004. Public attitudes. In Genetics and life insurance, ed. Mark A. Rothstein. London: MIT Press.

    Google Scholar 

  • Schauer, Frederick. 2003. Profiles, probabilities and stereotypes. Cambridge: Belknap Press of Harvard University Press.

    Google Scholar 

  • Scolik, Hélio. O prêmio Nobel de economia de 2001 e a informação assimétrica. Available at http://www.vemconcursos.com/opiniao/index.phtml?page_ordem=assunto&page_id=274&page_print=1. 11 Mar 2007.

  • Sofsky, Wolfgang. 2008. Privacy – A Manifesto. Trans. Steven Rendall. Princeton & Oxford: Princeton University Press.

    Google Scholar 

  • Solove, Daniel. 2000–2001. Privacy and power: Computer databases and metaphors for information privacy. Stanford Law Review 53: 1393–1462.

    Article  Google Scholar 

  • Stein, Michael Ashley. 2004. Review: Generalizing disability. Michigan Law Review 102(6): 1373. Survey of Books Relating to the Law (May, 2004).

    Article  Google Scholar 

  • Sweeney, Latanya. Foundations of privacy protection from a computer science perspective. http://dataprivacylab.org/projects/disclosurecontrol/paper1.pdf. Accessed 22 Feb 2011.

  • Tene, Omer. 2011. Privacy: The new generations. International Data Privacy Law 1(1): 15–27.

    Article  Google Scholar 

  • Viola de Azevedo Cunha, Mario. 2009. Privacidade e seguro: A coleta e utilização de dados pessoais nos ramos de pessoas e de saúde. Cadernos de seguro—Teses n. 33. Rio de Janeiro: Funenseg.

    Google Scholar 

  • Viola de Azevedo Cunha, Mario. 2010a. Data protection and insurance: The limits on the collection and use of personal data on insurance contracts in EU law. Global Jurist 10(1): 1934–2640. Topics, Article 6.

    Article  Google Scholar 

  • Viola de Azevedo Cunha, Mario, Luisa Marin, and Giovanni Sartor. 2012. Peer-to-peer privacy violations and ISP liability: Data protection in the user-generated web. Data privacy law. New York: Oxford University Press.

    Google Scholar 

  • Walden, Ian. 2002. Anonymising personal data. International Journal of Law and Information Technology 20(2). Oxford University Press.

    Google Scholar 

  • Article 29 Working Party on Data Protection. Opinion 1/2008 on data protection issues related to search engines. Adopted on 4 Apr 2008. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf. 22 Jan 2011.

  • Association of British Insurers. June 2008. ABI code of practice for genetic tests. Available at http://www.abi.org.uk/Information/Codes_and_Guidance_Notes/41697.pdf. 6 Feb 2010.

  • Committee of Ministers of the Council of Europe. Recommendation no. R (97) 5E on the protection of medical data. 13 Feb 1997. https://wcd.coe.int/wcd/com.instranet.InstraServlet?command=com.instranet.CmdBlobGet&InstranetImage=564487&SecMode=1&DocId=560582&Usage=2. 16 June 2011.

  • European Commission. 2011. Communication from the commission—Guidelines on the application of council directive 2004/113/EC to insurance, in the light of the judgment of the court of justice of the European Union in Case C-236/09 (TestAchats). C(2011) 9497 final. Brussels, 22 Dec 2011. Available at http://ec.europa.eu/justice/gender-equality/files/com_2011_9497_en.pdf. Accessed 17 Sept 2012.

  • European Commission. 2012. Proposal for a regulation of the European parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). COM (2012) 11 final. Published 25 Jan 2012. Available at http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf. 7 Apr 2012.

  • European Data Protection Supervisor. Opinion on the proposal for a regulation of the European parliament and of the council on European statistics (COM(2007) 625 final). Adopted on 20 May 2008. Available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2008/08-05-20_Statistics_EN.pdf. 25 Jan 2010.

  • European Parliament. Resolution on the ethical and legal problems of genetic engineering. (Official Journal C 96, 17/04/1989, p. 165–171). Available at https://www.codex.vr.se/texts/EP-genetic.html. 16 Feb 2009.

  • Genetic Privacy. Available at http://epic.org/privacy/genetic/. 16 Feb 2008.

  • International Labour Office. Report of the Director-General. Equality at work: Taking the challenges (Global Report under the follow-up to the ILO Declaration on Fundamental Principles and Rights at work). International Labour Conference, 96th Session, 2007.

    Google Scholar 

  • The Oncologist. Oct 1996. More Ashkenazi Jews have gene defect that raises inherited breast cancer risk. The Oncologist 1(5): 335–335. AlphaMed Press. Available at http://theoncologist.alphamedpress.org/cgi/reprint/1/5/335. 14 Mar 2010.

  • UK Information Commissioner’s Office. Data Protection Act 1998: Legal Guidance. Available at http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/data_protection_act_legal_guidance.pdf. 3 Mar 2010.

  • UK National Cancer Institute. BRCA1 and BRCA2: Cancer risk and genetic testing. Available at http://www.cancer.gov/cancertopics/factsheet/Risk/BRCA. 8 Mar 2010.

  • World Health Organization. 2008. WHO report on the global TOBACCO epidemic. Available at http://www.who.int/tobacco/mpower/mpower_report_full_2008.pdf. 16 May 2008.

  • Meyer, Roberta B. 2004. The insurer perspective. In Genetics and life insurance—Medical underwriting and social policy, ed. Mark A. Rothstein. Cambridge: The MIT Press.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centro de Estudos e Pesquisas no Ensino do Direito, Rio de Janeiro State University Centro, Rio de Janeiro, Rio de Janeiro, Brazil

    Mario Viola de Azevedo Cunha

Authors
  1. Mario Viola de Azevedo Cunha
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media Dordrecht.

About this chapter

Cite this chapter

de Azevedo Cunha, M.V. (2013). Data Protection and the Insurance, Banking and Credit Reporting Industries. In: Market Integration Through Data Protection. Law, Governance and Technology Series, vol 9. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-6085-1_2

Download citation

Publish with us

Policies and ethics

Search

Navigation