In the United States, What Are the Different “Types” of Profiling for Privacy Compliance Purposes?
Tuesday, November 23, 2021

Profiling is defined in several statutes as any form of automated processing of personal data to evaluate, analyze, or predict personal aspects concerning an identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.[1] Profiling activities can loosely be grouped into the following three categories or buckets with the corresponding compliance-related obligations:

 

Bucket 1

Profiling that does not (1) impose a reasonably foreseeable risk to data subjects or (2) factor into a decision that produces a legal or similarly significant effect.

Bucket 2

Profiling that does impose a reasonably foreseeable risk to data subjects but does not factor into a decision that produces a legal or similarly significant effect.

Bucket 3

Profiling that does factor into a decision that produces a legal or similarly significant effect.[2]

Access right for input data.[3]

 

Access right for output data.

Deletion right for input data.

Deletion right for output data.

Correction right for input data.

Correction right for output data.

Conduct a Data Protection Impact Assessment to analyze potential for unfair or deceptive treatment, disparate impact, financial, injury, etc.

✔[4]

✔[5]

Opt-out right from processing.

✔[6]

 

[1] C.R.S. 6-1-1303(20) (2021).

[2] While European regulators have offered guidance as to what types of decisions might product legal or similar effects, it is unclear whether that guidance will be followed by regulators in the United States.

[3] The word “rights” in this chart refers only to the right of an individual to request the action; it does not necessarily mean that an organization must honor the request. Modern privacy statutes contain a number of exceptions that may apply to specific requests to access, delete, or correct personal information.

[4] Va. Code 59.1-573(A)(5) (2021); C.R.S. 6-1-1306(1)(a)(I)(C) (2021).

[5] Va. Code 59.1-573(A)(5) (2021); C.R.S. 6-1-1306(1)(a)(I)(C) (2021).

[6] Va. Code 59.1-573(A)(5) (2021); C.R.S. 6-1-1306(1)(a)(I)(C) (2021).

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins