Jusletter

Table of contents

• 1. Introduction
• 1.1. An attempt to define profiling
• 1.2. Risks and benefits related to profiling
• 2. Profiling under the EU data protection framework
• 2.1. Profiling according to the DPD
• 2.2. Profiling under the GDPR: All GDPR requirements and safeguards apply
• 2.2.1. Profiling ≠ Automated Decision Making (ADM)
• 2.2.2. Art. 21 GDPR: Right to object
• 3. Nature of Art. 22 GDPR: in-principle prohibition or right to be invoked? 
• 3.1. Interpretation a): in-principle prohibition
• 3.1.1. Teleological interpretation (legislative intent)
• 3.1.2. Implementation of Art. 15 DPD within the Member Sates
• 3.1.3. Provision language (grammatical interpretation)
• 3.1.4. Systematic interpretation
• 3.1.5. Guideline WP251
• 3.2. Interpretation b): a right to be invoked
• 3.2.1. Data subject rights require affirmative action
• 3.2.2. Art. 22 is included in Chapter III (rights of the data subjects)
• 3.2.3. Suitability to modern and evolving data processing
• 3.3. Conclusion
• 4. Art. 22 GDPR: Profiling and automated individual decision-making
• 4.1. Material scope of Art. 22 GDPR 
• 4.1.1. Decision
• 4.1.2. Based solely on automated processing (intended to evaluate certain personal aspects)
• 4.1.3. Legal effect or similarly significant effect
• 4.2. Exceptions of Art. 22 GDPR 
• 4.2.1. Performance of a contract
• 4.2.2. Authorised by Union or Member State Law
• 4.2.3. Explicit consent
• 4.3. Additional safeguards
• 4.3.1. Art. 22 (3) GDPR: Right to obtain human intervention and to contest the decision
• 4.3.2. Art. 13 & 14 GDPR: Meaningful information about the logic involved and envisaged consequences
• 4.3.3. Art. 15: Right of access
• 4.4. Conclusion
• 5. Final conclusion