Javascript is required
logo-dastralogo-dastra

Profiling

Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
27 December 2023·3 minutes read time

Article 4 of the GDPR defines profiling as:

any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour location or movements

Profiling consists of using an individual's personal data with a view to analysing and predicting his or her behaviour, such as determining his or her performance at work, financial situation, health, preferences, lifestyle, etc.

According to the UK data protection authority (the ICO), '"because profiling can be used to serve a wide range of purposes it is particularly important to be clear about the purposes for which your service uses personal data to profile its users, and to differentiate between them. Catch-all purposes, such as ‘providing a personalised service’ are not specific enough."

Profiling is based on the establishment of an individualised profile of a person: it aims to assess certain personal aspects of that person, with a view to making a judgement or drawing conclusions about him or her.

Profiling is linked to the right not to be subject to an entirely automated decision. A decision based on profiling can be made under the following conditions:

  • explicit consent
  • the decision is necessary for a contract entered into with the organisation
  • the automated decision is authorised by specific legal provisions.
Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.