I have no idea what it is but I note that Horwich Farrelly have been shortlisted in the PostOnline Fraud Awards (to be held on 1st October 2020) for an innovation titled 'automated vehicle data investigation solution: CarWash".
It may not have anything to do with anything sinister but in 2019 they claimed that: their automated investigations tool saves insurance industry over £2.4 million in less than 12 months with a fully automated fraud investigation solution designed to give motor insurers a cost-effective way to specifically tackle vehicle-data related fraud and drive down the cost of motor claims.
They say that with the resources required to review potentially fraudulent claims often onerous and the costs to outsource investigations also high, Horwich Farrelly’s ‘Car Wash’ applies innovative technology and novel algorithms to streamline the process. For cases the firm concluded in 2018, ‘Car Wash’ saved the insurance industry over £2.4 million.
‘Car Wash’ compares claims against a wide range of data from a variety of sources to reveal a series of ‘red flags’ that enable further investigation of those deemed most likely to be fraudulent. The system considers over 30 potential indicators of fraud, including MOT history, mileage data, road tax records, change of keeper dates and car adverts – as well as Horwich Farrelly’s own historical fraud data – within an insurer’s database of claims. If potential fraud, including suspected staged incidents and fraud rings, are found then the system highlights these – automatically.
Since first being piloted in January 2018, Horwich Farrelly has run over 50,000 claims through ‘Car Wash’ and the results have been both impressive and – for some – surprising, particularly in claims were no other evidence of fraud was predicted. Over 4,500 fraud matches have been detected by the system to date.
I discovered yesterday that Horwich Farrelly were enow on the ANPR bandwagon and the inference from that has to be that the ANPR results are another factor to plumb into their automated processing. As we already know, if at least part of the access to ANPR data is likely to constitute “profiling” the constitutes a GDPR breach.
Profiling is defined in Article 4(4) GDPR as: “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's… reliability, behaviour, location or movements”. Profiling may rely either wholly or partly on automated decision-making.
It appears from Horwich Farrelly's release that they, or their insurer clients, must employ some sort of automated processing, potentially an algorithm(s), to cross-refer between (i) insurer clients’ credit hire data and other past data and (ii) the Group Nexus database, in order to identify claims that they allege warrant further investigation and (iii) other data held by them with decisions are taken in ongoing litigation, or indeed to re-open settled litigation, apparently based solely on the ANPR Product’s automated data processing.
Article 22(1) GDPR provides that a data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for them or otherwise significantly affects them. None of the conditions in Article 22(2) GDPR is met. It therefore follows that, to the extent that the ANPR Product does involve automatic processing or profiling, there is a breach of Article 22(1) GDPR. We will keep this under review but if anyone has further information, could they share it?