Privacy

Profiling

Any form of automated processing of personal data to evaluate or predict aspects of a person's behavior, preferences, or characteristics.

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person — in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

Examples

  • Credit scoring based on financial history
  • Targeted advertising based on browsing behaviour
  • Automated fraud detection systems
  • Content recommendation algorithms on social media

Data Subject Rights

Under GDPR, individuals have the right:

  • To be informed about profiling
  • To object to profiling based on legitimate interest
  • Not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects

When a DPIA Is Required

Large-scale or systematic profiling typically requires a DPIA.

GDPR Article 4(4), Articles 21–22.

Related Terms

Personal DataPrivacy

Any information that can identify a living individual, directly or indirectly.

Legitimate InterestPrivacy

A legal basis for processing data when the controller's interest outweighs the data subject's rights.

DPIAPrivacy

Data Protection Impact Assessment — a risk assessment required before high-risk data processing activities.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

Privacy by DesignPseudonymization