The Data Protection Commissioner (the DPC), Ms Helen Dixon, has warned that insurance companies using telematics boxes to monitor drivers’ behaviour will be audited in 2016 in order to assess their compliance with the Data Protection Acts. Speaking at the National Data Protection Conference, she said that such tracking devices offered by insurers could record driver behaviour such as date, time and location of journey, braking frequency and force, cornering, acceleration and speeds, and that the collection of such data can generate an “extremely detailed personal profile” of individuals.

These telematics boxes are currently being targeted at drivers aged 17-24 in a bid to monitor their driving behaviour. However, the DPC commented that drivers need to be informed precisely of how their personal data would be used to come to conclusions regarding their driving ability, which third parties it may be passed on to and in what circumstances.

Given the nature of the personal data collected, insurance companies offering insurance products that engage the use of telematics devices must review their current procedures for collecting and processing such data. Consent, data protection notices, the use of third parties and international data transfers will all come into focus in the context of a privacy audit.