This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Current Issue (May 2017)

Volume: 14 Issue: 5



About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Editorial: Profiling - sense and sensibility

One of the most controversial and poorly understood aspects of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) is the concept of ‘profiling.’ Being a defined term, one would have thought that any room for confusion would be limited, but the level of misunderstanding about this concept is wide and far-reaching. The different legal treatment that profiling receives under the GDPR - depending on its effect - complicates things from the outset. Coupled with the general confusion surrounding the appropriate lawful ground for this type of data activity, as widespread as it is, profiling is bound to become a key focus of attention for regulators. So how can we make sense of all this?

Part of the challenge with profiling is that it has become an essential element of the digital economy. The emergence of data analytics and its role as a source of valuable business information across all sectors has elevated profiling to its much cherished status among marketers and advertisers. The use of profiling to target would-be customers is common place and largely accepted as part of our technology-driven consumer experience. But whilst we have all gradually become used to being presented with ‘targeted offers’ and ‘tailored content,’ we have probably also lost our ability to be alarmed by it.

Here is where the law is trying to make a distinction between innocuous intelligence gathering and the potentially dangerous exploitation of our digital identities. But the line that divides the two extremes is neither thin nor precise. The GDPR distinguishes between what could be called ‘common profiling’ - which involves analysing or predicting aspects of someone’s life - and a narrower type of profiling that produces legal effects concerning an individual or similarly significantly affects an individual. This sub-set is seen as ‘high risk profiling’ and is subject to specific rules under the GDPR, like greater transparency, the right for affected individuals to challenge decisions and the obligation to undertake a Data Protection Impact Assessment.

Read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
E-Law Alerts
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed