It is good to know the definition of automated decision-making and profiling, as these are two important concepts in the GDPR (the EU General Data Protection Regulation). Just because a decision has been made through automated decision-making does not mean that there must have been a profiling or vice versa. However, it can cover both. Companies that perform automated decision-making and profiling can have several benefits, such as saving resources and gaining increased efficiency.
The definition of profiling in GDPR
The definition of profiling according to the GDPR is when you assess characteristics that are personal to a person and it takes place automatically. For example, it can happen when an employer analyzes and processes work performance from the workers via a computer system.
In order to be profiling, the following three requirements must be met:
· Automatically, or partially automatically.
· Refers to personal data.
· An assessment of a characteristic that is personal.
The meaning of automated decision-making in GDPR
In short, it refers to decisions that are made automatically, through algorithms, without the involvement of a human being.
Requirements for automated decision-making
· Where the decision is based solely on automated processing, such as a creditworthiness assessment;
· Whether the decision produces legal effects for the data subject;
· Where the decision significantly affects the data subject;
Examples of what automated decision-making can be based on
· The information provided by the data subject to the company. For example, if the data subject fills out a form on the website.
· The information that the company collects through an observation. For example, by having a mobile application that collects positioning data.
· Data leading to some conclusions. For example, by the data subject forming a profile, such as credit class information.
It is important to be transparent with data subjects
According to the GDPR, companies must always be transparent with data subjects when processing personal data. On the other hand, companies should be extra transparent when automated decision-making is applied. For example, the company must inform about the logic of the processing in relation to the purpose. In addition, the company shall inform about the consequences it may have for the data subjects.
Sectors where automated decision-making and profiling are more common
· Finance
· Health services
· Marketing
· AI
· Machine learning
Increased access to information and technological progress
With the increased availability of information on the internet about individuals, companies have the opportunity to create algorithms or similar to be able to analyze the behavior of individuals in order to, for example, be able to predict a buying behavior. In addition, the development of technology in the world and the demand for analyzing large amounts of data have increased. This has created opportunities to create profiles easier for companies and be able to make automated decisions. It is important to bear in mind that this can have major consequences for individuals. Therefore, it is important to know the rules of the GDPR, which are stricter in such processing.