Icelandic insurance companies are permitted to compile personal information on people when investigating cases of suspected insurance fraud.
This is the conclusion of the Icelandic Data Protection Authority following a complaint from a man who said the company Sjóvá had gone too far when investigating him.
The man had claimed for disability following a work accident, RÚV reports. He later complained about Sjóvá’s working methods to the Data Protection Authority, claiming the company had broken the law by compiling information on his wages.
Sjóvá had been alerted to the possibility that the man’s disability was not in accordance with the assessment he had submitted and the company decided the information was credible enough to investigate further—leading to the appointment of a contractor to compile more information on the man. The contractor’s final report included photos of the man, taken from Facebook, and other photos of his house and workplace. He also spoke to individuals who knew the man.
The subject of the investigation believes his personal privacy has been violated, as well as Sjóvá breaking the law by allowing their investigator to investigate the man’s health.
The Data Protection Authority concluded that insurance companies are allowed to work with sensitive personal data when investigating cases of suspected insurance fraud. The actions of Sjóvá and their investigator were not deemed to have gone further than might be considered necessary.