SlideShare une entreprise Scribd logo

Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds

Télécharger en tant que ODP, PDF
Y
yasoiler

Annual Conference on the EU Data Protection Law on 19-20 April in Brussels

Droit
1  sur  37
Access the slides now: http://edri.org/diego/
2 European Digital Rights (EDRi) is an association of civil and human rights organisations from across Europe. We defend rights and freedoms in the digital environment.
3 EU Rules on Data Protection & Privacy Existing legislation: ● Data Protection Directive (1995) ● ePrivacy Directive (2002) To be replaced respectively by ● General Data Protection Regulation – GDPR (adopted in 2016, in force from May 2018) ● ePrivacy Regulation proposal (ongoing, expected for 2018)
4 Profiling
5 Profiling 1- Profiling: “Personalised” experiences and discrimination 2- Profiling and automated-decision making in the GDPR: Rights of individuals 3- Can profiling be done legally?
6 Profiling 1- Profiling: Algorithms and public policies Algorithm is the new magic potion: – Predictive policing (UK) – Credit score – Social services applications (Poland) – Illegal content – Copyright infringements
7 Profiling 1- Profiling: Algorithms and private policies
8 Profiling 1- Profiling: Access to social services ● Non-transparent rules of distributing public services ● Algorithm no more efficient than the office worker ● The new system of distributing labor market programs, instead ofincreasing efficiency, has led to the limitation of available options and even exclusion from access to such services. ● System based on the presumption of guilt: Unemployment = not motivated to work
9 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision-making b– General provisions on profiling and automated decision making c– Specific provisions on automated decision making d– Rights of the data subject
10 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making Art. 4.4 GDPR Profiling is composed of three elements: ● It is an automated form of processing ● It has to be carried out on personal data; and ● The objecive of the profiling must be to evaluate personal aspects about a natural person Note: Article 4(4) refers to any form of profiling, not “solely” automated processing which is Article 22 GDPR → Human involvement does not take the processing out of the protections
11 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision-making Goals of the provisions on profiling in the GDPR ● transparency and fairness safeguards; ● increased accountability obligations; ● specified legal bases for the processing; ● rights for individuals to oppose profiling; and ● if certain conditions are met, a need to carry out a data protection impact assessment.
12 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making Art. 4.4 GDPR Profiling is composed of three elements: ● It is an automated form of processing ● It has to be carried out on personal data; and ● The objecive of the profiling must be to evaluate personal aspects about a natural person Note: Article 4(4) refers to any form of profiling, not “solely” automated processing which is Article 22 GDPR → Human involvement does not take the processing out of the protections
13 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making What does the definition mean? 1/2 Profiling as a “procedure which may involve a series of statistical deductions”→ Therefore “simply assessing or classifying individuals based on characteristics such as their age, sex, and height could be considered profiling, regardless of any predictive purpose” (WP29 guidelines)
14 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making What does the definition mean? 2/2 Inferences are usually done about how an individual or group of individuals) can be placed under a certain category. For example: ● Likely to incurr in certain behavior (driving patterns for insurance companies) ● Interests (gender, political and other info for advertisers on social platforms) ● Analysis of a past behaviour (algorithms deciding about workers’ performance)
15 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision making Automated-decision making is the ability to decide using technological means. Automated-decision making can lead to profiling practices or not Example: Random assignment of seats in a theater → Can be just auomated, or you could get better seats according to the asiduity you attend expensive plays, your membership card ownsership...
16 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals How can profiling be used? ● Profiling ● Decision-making based on profiling ● Solely automated decision making, including profiling (Art. 22)
17 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals How can profiling be used? Difference between: ● Decision-making based on profiling –> a bank officer decides to agree to a mortgage for a customer ● Solely automated decision making, including profiling (Art. 22) → a machine decides this authomatically
18 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making ● General prohibition on fully automated decision- making, including profiling that has a legal or similarly significant effect ● However, as any rule it has some exceptions ● Measures need to be put in place to safeguards individuals’ rights and freedoms and legitimate interests (recital 71)
19 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making What does “legal” or “similarly significantly effects him or her” mean? ● Legal effects: Social benefits, border crossing, targeted surveillance or increased security checks, breach of contracts… ● Similarly significantly effects him or her: Recital 71 mentions examples: credit applcations, e- recruiting practices….
20 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making Key aspect to ascertain if it “similarly significantly effects him or her”: ● It must be sufficiently great to be worthy of attention ● It must influence the circumstances, behaviour or choices of the individials concerned ● Extreme: exclusion or discrimination
21 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making: online advertising Privacy International: “Targeted advertising has the potential of exclusion or discrimination of individuals” → 2015 Carnegie Mellon University research: Google advertising showed ads for high-income jobs to me more than to women
22 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 1- Right to be informed (Art. 13(2) and 14(2) (g) Controllers must: ● Tell the data subject that they are engaging in automated-decision making and/or profiling ● Explain what is the logic behind the algorithm/process ● Explain which are consequences expected from such processing
23 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 1- Right to be informed (Art. 13(2) and 14(2) (g) Meaningul information about the “logic involved” ● Information provided by the individual ● Information about previous conducts taken into consideratin (delay paying a monthly statement) ● Official public records (insolvency)
24 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 1- Right to be informed (Art. 13(2) and 14(2) (g) “Significance” and “envisaged consequences” Example: monitoring purchase behavior in an online platform to propose “premium” accounts to users that engage in impulsive shopping
25 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 2- Right of Access (Art. 15(1)(h) Right to access the personal data in the context of automated decision-making and profiling, including the logic behind the practices and significance and envisaged consquences
26 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 3- Right not to be subject to a decision based solely no automated decision-making (Art. 22) Even if Art. 22(2) provides exceptions to allow automated decision-making, Art. 22(3) allows to “obtain human intervention on the part of the controller to express his or her point of view and to contest de decision”
27 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 4- Right to rectification (Art.16), Right to erasure (Art. 17) and Right to restriction of processing (Art. 18) ● WP29: Right to restriction of processing applies to all stages of the profiling process
28 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 4- Right to rectification (Art.16), Right to erasure (Art. 17) and Right to restriction of processing (Art. 18) ● WP9: Right to rectification and right to erasure applies to both “input” and “output”: Right to add aditional information in order to correct an algorithm concluding likelyhood to have a car accident in the first two years after acquiring driving license
29 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 4- Right to rectification (Art.16), Right to erasure (Art. 17) and Right to restriction of processing (Art. 18) ● WP29: Right to restriction of processing applies to all stages of the profiling process
30 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 5- Right to object (Art. 21) ● The data subject has the right to object unless the cotroller “demonstrates compelling legitimate grounds” (????) which overrides the interests of the data subject ● But! Absolute right to object to direct marketing processing activities
31 Profiling 3- Can profiling be done legally? Yes! When: 1-Data Protection Principles (Art. 5) are respected ● Lawful, fair and transparent processing ● Further process and purpose limitation ● Data minimisatoin ● Accuracy ● Storage limitation
32 Profiling 3- Can profiling be done legally? Yes! When: 2-There is a lawful basis for processing (Art. 6) ● Consent → See WP29 guidelines for consent. User needs to have a real choice and no imbalance of power may exist ● Necessary for the performance of a contract (Amazon shopping suggestions) ● Necessary for compliance with a legal obligation (fraud prevention)
33 Profiling 3- Can profiling be done legally? Yes! When: 2-There is a lawful basis for processing (Art. 6) ● Necessary to protect vital interests (epidemic prevention) ● Necessary for the performance of a task carried out in the public interest or exercise of official authority
34 Profiling 3- Can profiling be done legally? Yes! When: 2-There is a lawful basis for processing (Art. 6) ● Necessary for the “legitimate interests” (See WP29 Guidelines) pursued by the controller or by a third party (Art. 6(1)(f)) → it does not apply automatically → balancing exercise required (detail of the profile, comprehensiveness of the profile, impact of the profiling, safeguards for fairness...)
35 Profiling 3- Can profiling be done legally? Yes! When: 3- Ensures data subject rights 4- Prepares a DPIA (Art. 35(3)(a)): “a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;”
36 Profiling 3- Can profiling be done legally? Yes! When: 1-Data Protection Principles (Art. 5) are respected 2-There is a lawful basis for processing (Art. 6) 3- Ensures data subject rights 4- Prepares a DPIA (Art. 35(3)(a))
37 We draw avery important conclusion here with a merely dark image behind it, so the text is white... Questions, comments? @DNBSevilla @edri diego.naranjo@edri.org

Recommandé

Are we on the right track for a strong ePrivacy Regulation?
Are we on the right track for a strong ePrivacy Regulation?Are we on the right track for a strong ePrivacy Regulation?
Are we on the right track for a strong ePrivacy Regulation?
yasoiler
 
Consent or go away: Forced consent, data portability and breaking monopolies
Consent or go away: Forced consent, data portability and breaking monopoliesConsent or go away: Forced consent, data portability and breaking monopolies
Consent or go away: Forced consent, data portability and breaking monopolies
yasoiler
 
Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds
Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds
Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds
yasoiler
 
RageAgainstArt13
RageAgainstArt13RageAgainstArt13
RageAgainstArt13
yasoiler
 
201704624- e-privacy 2017 - summer edition - 24000 dati
201704624- e-privacy 2017 - summer edition - 24000 dati201704624- e-privacy 2017 - summer edition - 24000 dati
201704624- e-privacy 2017 - summer edition - 24000 dati
yasoiler
 
20170624-Track or be tracked? The challenges of the ePrivacy Regulation
20170624-Track or be tracked? The challenges of the ePrivacy Regulation20170624-Track or be tracked? The challenges of the ePrivacy Regulation
20170624-Track or be tracked? The challenges of the ePrivacy Regulation
yasoiler
 
20160930 edri copyfails-copycamp
20160930 edri copyfails-copycamp20160930 edri copyfails-copycamp
20160930 edri copyfails-copycamp
yasoiler
 
EDRi - EU Copyright law: No risk to be copied
EDRi - EU Copyright law: No risk to be copiedEDRi - EU Copyright law: No risk to be copied
EDRi - EU Copyright law: No risk to be copied
yasoiler
 

Recommandé

Are we on the right track for a strong ePrivacy Regulation?
Are we on the right track for a strong ePrivacy Regulation?Are we on the right track for a strong ePrivacy Regulation?
Are we on the right track for a strong ePrivacy Regulation?
yasoiler
 
Consent or go away: Forced consent, data portability and breaking monopolies
Consent or go away: Forced consent, data portability and breaking monopoliesConsent or go away: Forced consent, data portability and breaking monopolies
Consent or go away: Forced consent, data portability and breaking monopolies
yasoiler
 
Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds
Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds
Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds
yasoiler
 
RageAgainstArt13
RageAgainstArt13RageAgainstArt13
RageAgainstArt13
yasoiler
 
201704624- e-privacy 2017 - summer edition - 24000 dati
201704624- e-privacy 2017 - summer edition - 24000 dati201704624- e-privacy 2017 - summer edition - 24000 dati
201704624- e-privacy 2017 - summer edition - 24000 dati
yasoiler
 
20170624-Track or be tracked? The challenges of the ePrivacy Regulation
20170624-Track or be tracked? The challenges of the ePrivacy Regulation20170624-Track or be tracked? The challenges of the ePrivacy Regulation
20170624-Track or be tracked? The challenges of the ePrivacy Regulation
yasoiler
 
20160930 edri copyfails-copycamp
20160930 edri copyfails-copycamp20160930 edri copyfails-copycamp
20160930 edri copyfails-copycamp
yasoiler
 
EDRi - EU Copyright law: No risk to be copied
EDRi - EU Copyright law: No risk to be copiedEDRi - EU Copyright law: No risk to be copied
EDRi - EU Copyright law: No risk to be copied
yasoiler
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
Delhi Call girls
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
James Watkins, III JD CFP®
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
bd2c5966a56d
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
mahikaanand16
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
SkyLaw Professional Corporation
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
SUHANI PANDEY
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
ShashankKumar441258
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
sreeramsaipranitha
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
Airst S
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Jong Hyuk Choi
 
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdfJim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
jimeibergerreview
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
JillianAsdala
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
Airst S
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
Khushdeep Kaur
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
PoojaGadiya1
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Contenu connexe

Dernier

WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
Delhi Call girls
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
James Watkins, III JD CFP®
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
bd2c5966a56d
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
mahikaanand16
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
SUHANI PANDEY
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
ShashankKumar441258
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
Airst S
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
Airst S
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
PoojaGadiya1
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 

Dernier (20)

WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
 
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdfJim Eiberger Redacted Copy Of Tenant Lease.pdf
Jim Eiberger Redacted Copy Of Tenant Lease.pdf
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 

En vedette

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

En vedette (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Diego Naranjo (EDRi) - Profiling: data subject rights, legal grounds

  • 1. Access the slides now: http://edri.org/diego/
  • 2. 2 European Digital Rights (EDRi) is an association of civil and human rights organisations from across Europe. We defend rights and freedoms in the digital environment.
  • 3. 3 EU Rules on Data Protection & Privacy Existing legislation: ● Data Protection Directive (1995) ● ePrivacy Directive (2002) To be replaced respectively by ● General Data Protection Regulation – GDPR (adopted in 2016, in force from May 2018) ● ePrivacy Regulation proposal (ongoing, expected for 2018)
  • 5. 5 Profiling 1- Profiling: “Personalised” experiences and discrimination 2- Profiling and automated-decision making in the GDPR: Rights of individuals 3- Can profiling be done legally?
  • 6. 6 Profiling 1- Profiling: Algorithms and public policies Algorithm is the new magic potion: – Predictive policing (UK) – Credit score – Social services applications (Poland) – Illegal content – Copyright infringements
  • 8. 8 Profiling 1- Profiling: Access to social services ● Non-transparent rules of distributing public services ● Algorithm no more efficient than the office worker ● The new system of distributing labor market programs, instead ofincreasing efficiency, has led to the limitation of available options and even exclusion from access to such services. ● System based on the presumption of guilt: Unemployment = not motivated to work
  • 9. 9 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision-making b– General provisions on profiling and automated decision making c– Specific provisions on automated decision making d– Rights of the data subject
  • 10. 10 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making Art. 4.4 GDPR Profiling is composed of three elements: ● It is an automated form of processing ● It has to be carried out on personal data; and ● The objecive of the profiling must be to evaluate personal aspects about a natural person Note: Article 4(4) refers to any form of profiling, not “solely” automated processing which is Article 22 GDPR → Human involvement does not take the processing out of the protections
  • 11. 11 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision-making Goals of the provisions on profiling in the GDPR ● transparency and fairness safeguards; ● increased accountability obligations; ● specified legal bases for the processing; ● rights for individuals to oppose profiling; and ● if certain conditions are met, a need to carry out a data protection impact assessment.
  • 12. 12 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making Art. 4.4 GDPR Profiling is composed of three elements: ● It is an automated form of processing ● It has to be carried out on personal data; and ● The objecive of the profiling must be to evaluate personal aspects about a natural person Note: Article 4(4) refers to any form of profiling, not “solely” automated processing which is Article 22 GDPR → Human involvement does not take the processing out of the protections
  • 13. 13 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making What does the definition mean? 1/2 Profiling as a “procedure which may involve a series of statistical deductions”→ Therefore “simply assessing or classifying individuals based on characteristics such as their age, sex, and height could be considered profiling, regardless of any predictive purpose” (WP29 guidelines)
  • 14. 14 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals a– Definition of profiling and automated decision- making What does the definition mean? 2/2 Inferences are usually done about how an individual or group of individuals) can be placed under a certain category. For example: ● Likely to incurr in certain behavior (driving patterns for insurance companies) ● Interests (gender, political and other info for advertisers on social platforms) ● Analysis of a past behaviour (algorithms deciding about workers’ performance)
  • 15. 15 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision making Automated-decision making is the ability to decide using technological means. Automated-decision making can lead to profiling practices or not Example: Random assignment of seats in a theater → Can be just auomated, or you could get better seats according to the asiduity you attend expensive plays, your membership card ownsership...
  • 16. 16 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals How can profiling be used? ● Profiling ● Decision-making based on profiling ● Solely automated decision making, including profiling (Art. 22)
  • 17. 17 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals How can profiling be used? Difference between: ● Decision-making based on profiling –> a bank officer decides to agree to a mortgage for a customer ● Solely automated decision making, including profiling (Art. 22) → a machine decides this authomatically
  • 18. 18 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making ● General prohibition on fully automated decision- making, including profiling that has a legal or similarly significant effect ● However, as any rule it has some exceptions ● Measures need to be put in place to safeguards individuals’ rights and freedoms and legitimate interests (recital 71)
  • 19. 19 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making What does “legal” or “similarly significantly effects him or her” mean? ● Legal effects: Social benefits, border crossing, targeted surveillance or increased security checks, breach of contracts… ● Similarly significantly effects him or her: Recital 71 mentions examples: credit applcations, e- recruiting practices….
  • 20. 20 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making Key aspect to ascertain if it “similarly significantly effects him or her”: ● It must be sufficiently great to be worthy of attention ● It must influence the circumstances, behaviour or choices of the individials concerned ● Extreme: exclusion or discrimination
  • 21. 21 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Automated decision-making: online advertising Privacy International: “Targeted advertising has the potential of exclusion or discrimination of individuals” → 2015 Carnegie Mellon University research: Google advertising showed ads for high-income jobs to me more than to women
  • 22. 22 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 1- Right to be informed (Art. 13(2) and 14(2) (g) Controllers must: ● Tell the data subject that they are engaging in automated-decision making and/or profiling ● Explain what is the logic behind the algorithm/process ● Explain which are consequences expected from such processing
  • 23. 23 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 1- Right to be informed (Art. 13(2) and 14(2) (g) Meaningul information about the “logic involved” ● Information provided by the individual ● Information about previous conducts taken into consideratin (delay paying a monthly statement) ● Official public records (insolvency)
  • 24. 24 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 1- Right to be informed (Art. 13(2) and 14(2) (g) “Significance” and “envisaged consequences” Example: monitoring purchase behavior in an online platform to propose “premium” accounts to users that engage in impulsive shopping
  • 25. 25 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 2- Right of Access (Art. 15(1)(h) Right to access the personal data in the context of automated decision-making and profiling, including the logic behind the practices and significance and envisaged consquences
  • 26. 26 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 3- Right not to be subject to a decision based solely no automated decision-making (Art. 22) Even if Art. 22(2) provides exceptions to allow automated decision-making, Art. 22(3) allows to “obtain human intervention on the part of the controller to express his or her point of view and to contest de decision”
  • 27. 27 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 4- Right to rectification (Art.16), Right to erasure (Art. 17) and Right to restriction of processing (Art. 18) ● WP29: Right to restriction of processing applies to all stages of the profiling process
  • 28. 28 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 4- Right to rectification (Art.16), Right to erasure (Art. 17) and Right to restriction of processing (Art. 18) ● WP9: Right to rectification and right to erasure applies to both “input” and “output”: Right to add aditional information in order to correct an algorithm concluding likelyhood to have a car accident in the first two years after acquiring driving license
  • 29. 29 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 4- Right to rectification (Art.16), Right to erasure (Art. 17) and Right to restriction of processing (Art. 18) ● WP29: Right to restriction of processing applies to all stages of the profiling process
  • 30. 30 Profiling 2- Profiling: Profiling and automated-decision making in the GDPR: Definitions and Rights of individuals Rights of the Data Subject 5- Right to object (Art. 21) ● The data subject has the right to object unless the cotroller “demonstrates compelling legitimate grounds” (????) which overrides the interests of the data subject ● But! Absolute right to object to direct marketing processing activities
  • 31. 31 Profiling 3- Can profiling be done legally? Yes! When: 1-Data Protection Principles (Art. 5) are respected ● Lawful, fair and transparent processing ● Further process and purpose limitation ● Data minimisatoin ● Accuracy ● Storage limitation
  • 32. 32 Profiling 3- Can profiling be done legally? Yes! When: 2-There is a lawful basis for processing (Art. 6) ● Consent → See WP29 guidelines for consent. User needs to have a real choice and no imbalance of power may exist ● Necessary for the performance of a contract (Amazon shopping suggestions) ● Necessary for compliance with a legal obligation (fraud prevention)
  • 33. 33 Profiling 3- Can profiling be done legally? Yes! When: 2-There is a lawful basis for processing (Art. 6) ● Necessary to protect vital interests (epidemic prevention) ● Necessary for the performance of a task carried out in the public interest or exercise of official authority
  • 34. 34 Profiling 3- Can profiling be done legally? Yes! When: 2-There is a lawful basis for processing (Art. 6) ● Necessary for the “legitimate interests” (See WP29 Guidelines) pursued by the controller or by a third party (Art. 6(1)(f)) → it does not apply automatically → balancing exercise required (detail of the profile, comprehensiveness of the profile, impact of the profiling, safeguards for fairness...)
  • 35. 35 Profiling 3- Can profiling be done legally? Yes! When: 3- Ensures data subject rights 4- Prepares a DPIA (Art. 35(3)(a)): “a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;”
  • 36. 36 Profiling 3- Can profiling be done legally? Yes! When: 1-Data Protection Principles (Art. 5) are respected 2-There is a lawful basis for processing (Art. 6) 3- Ensures data subject rights 4- Prepares a DPIA (Art. 35(3)(a))
  • 37. 37 We draw avery important conclusion here with a merely dark image behind it, so the text is white... Questions, comments? @DNBSevilla @edri diego.naranjo@edri.org