What is profiling!? I hear you ask! Well, profiling is the process of extrapolating information about an individual’s personality or behaviour, interests and habits to be determined, analysed and predicted. It’s found its way into many areas of life in the form of consumer profiles, movement profiles, user profiles and social profiles. More than likely, it’s happening to you!
This week, the Information Commissioner’s Office (“the ICO”) published their initial views on the new profiling provisions within the General Data Protection Regulations (“the GDPR”), which aim to protect individuals against some forms of automatic data-processing by putting in place certain obligations for data controllers to consider.
Of course, profiling can be a powerful tool for organisations whilst having some benefit to individuals. However, although it helps organisations understand and target audiences it can also have a detrimental effect on individuals. The ICO have highlighted the risk of the infringement of an individual’s fundamental rights and freedoms as many people have no idea that they are being profiled and consequently, no understanding of how this data is being used.
The ICO have highlighted three key areas for consideration, they include:
- The right to object; and
- Data minimisation.
Interestingly, the Article 29 Working Party guidelines on profiling are due to be published later this year. Whether many of these protective provisions are to be incorporated remains to be seen!