ICO takes a wider view on Profiling for GDPR
Category : Blogs
The UK Information Commissioner’s Office has released a Feedback Request document on profiling and automated decision making, as part of the run-up to the enforcement of the GDPR in May 2018.This asks for feedback on both these activities by the end of this month (that is, effectively, April 28th). Having only published this just before Easter, this has not given people very much time to respond.It should be said that this is not guidance, and is a request for feedback. However, the tenor of the document suggests the ICO is taking a wider view of the definition of “profiling” than those outlined in the European GDPR guidelines. The guidelines clearly focus on automated profiling, whereas the ICO feedback request seems to take a wider definition of any profiling, whether this is automated or humans are involved. This suggests a view that an organisation would need to get opt-in consent from customers to perform any form of insight or analysis that may use some form of analytical tool, which moves away from the commonly held definition of “automated profiling” which suggests a model that does not require any human intervention or assessment once it has been set up.You may well have different views, which is of course the purpose of a discussion paper, but I would suggest that if you are interested in insight and analytics, it is well worth reading the ICO Feedback Request and providing feedback, but you only have until April 28th to respond before the deadline.If you are interested, the link is here.