The Regulation on the Collection, Storage and Sharing of Insurance Data (“Regulation”) was published in Official Gazette dated 18 October 2022 and numbered 31987, entering into force on the same day. The regulation was prepared to regulate the procedures and principles regarding the collection, storage and use of insurance data and the sharing of such data with insurance, reinsurance and pension companies that are engaged in insurance activities and other persons and organizations determined by the Insurance and Private Pension Regulation and Supervision Agency (“Agency”).
Regulation defined “insurance data” has been defined as data pertaining to insurance agreements, insurers and insurance companies that are parties to the insurance agreement, insured, beneficiaries and other third parties who directly or indirectly benefit from the insurance agreement, and all data that are essential for risk assessment, including false insurance practices.
Insurance data will be collected and kept in the general database of the Insurance Information and Surveillance Center (“Center“) and institutions and organizations will be obliged to provide the data requested by the Center.
In light of the above developments, the important details of the Regulation are as follows:
- The Center shall determine the authorized users that are going to have access to the data in the general database and the content of the data they can access. Access to the system of authorized users who violate the access rules shall be restricted with the approval of the Agency based on the decision of the Center.
- The Center can grant access to policy and damage data related to insurance agreements which are deemed appropriate by the Agency to other people after receiving the necessary authentication or proof of entitlement.
- Data subjects may request information from the Center on their own data included in the general database, except for data on insurance misapplications.
- Insurance data can be used for the purposes of contributing to public supervision, control and economic security in the insurance sector and planning the financing of health services, monitoring insurance practices, ensuring unity of practice in insurance branches, monitoring compulsory insurance, contributing to the prevention of incorrect insurance practices, conducting studies to increase insurance rates, ensuring the production of reliable statistics on the insurance sector and calculation of the insurance score.
- Pertaining institutions and organizations will also be obliged to submit the data requested by the Center without delay, accurately, consistently and completely, and they are obligated to create the necessary infrastructure to share this data.
- The Center shall use the data in the general database
- to associate current production, damage and compensation data received from pertaining institutions and organizations with the data in the general database, to cooperate with relevant institutions and organizations for the purpose of monitoring and determining compulsory insurances,
- to receive data on motorized vehicle operators and drivers,
- to associate the above-mentioned data with the data in the general database,
- to share with public institutions and organizations within the scope of the pertaining legislation,
- to create a database where information on accident investigation reports are kept,
- to keep data on third party liability insurance agreements for foreign-registered vehicles entering the country and for motorized vehicles registered in Turkey leaving the country,
- to share the past policy data of the insured regarding health and diseases with the relevant institutions and organizations in order to preserve the economic security in the risk assessment processes of the currently insured clients and
- to ensure that planning of health services financing is duly carried out, establishing an offsetting platform for the mutual recourse receivables.
- In cases where the explicit consent or approval of the data subject is sought regarding the data contained and shared in the general database, the institutions and organizations exchanging the data will be responsible for obtaining explicit consent or approval from the data subject and for the fulfillment of the obligation to inform.
- The Center may only publish the data it obtains after anonymizing it.
You can reach the full text of the Regulation through this link. (Only available in Turkish).