Profiling

Any form of automated processing of personal data that evaluates personal aspects relating to a natural person, particularly to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. Defined in GDPR Article 4(4), profiling creates profiles about individuals based on their characteristics and behaviors, often using algorithms, machine learning, or statistical models. Examples include credit scoring, behavioral advertising targeting, insurance risk assessment, personalized recommendations, and predictive analytics. Profiling raises privacy concerns because it can reveal intimate details, create unfair discrimination, perpetuate bias, lack transparency, and affect individuals without their knowledge. Under GDPR, individuals have the right not to be subject to decisions based solely on automated profiling that produce legal or similarly significant effects (Article 22), unless specific exceptions apply. Organizations must provide meaningful information about profiling logic, significance, and envisioned consequences, and implement safeguards against discriminatory effects.