On 17 October 2017, the Article 29 Working Party (“Art 29 WP”) published draft guidelines on automated individual decision-making and profiling (“Guidelines”).
In the Guidelines, the Art 29 WP states that profiling and automated decision making can be useful for individuals and organisations by delivering increased efficiencies and resource savings, whilst recognising that they may pose significant risks for individuals unless appropriate safeguards are put in place.
The Guidelines clarify the provisions of the General Data Protection Regulation (“GDPR”) that aim to address these risks.
What is the difference between automated decision-making and profiling?
The Guidelines distinguish between automated decision-making and profiling.
Automated decision-making refers to the ability to make decisions by technological means without human involvement. Profiling, on the other hand, entails the collection of data about an individual and analysing their characteristics or behaviour patterns in order to categorise them and/or make predictions or assessments about their (i) ability to perform a task, (ii) interests; or (iii) likely behaviour.
While the Art 29 WP notes that automated decisions and profiling are distinct, they recognise that something that starts off as a simple automated decision-making process could become one based on profiling depending on the use of the data.
Continue Reading Article 29 Working Party publishes guidelines on automated individual decision making and profiling.