The effectiveness of key GDPR provisions on profiling and automated decision-making

Abstract

The rapid advancement of technological innovations has enabled ways to capture and measure daily life like never before. Many organizations, both private and public sector, relies on the data inferred from individuals to aid in their decision-making. The daily routine’ reliance on data-generating technologies such as smartphones has made it difficult to participate in a society without some exposure to these technologies. These global trends have brought privacy and data protection into the spotlight, as these data-driven practices has raised many questions on fundamental rights of the individuals. The European strategy for data acknowledges these trends and aims to leverage on the benefits at the same time it aims to put out robust and efficient legislative framework to protect rights on individuals. General Data Protection regulation has been one of the instruments European lawmakers use to limit the profiling and automated decision-practices of individuals. In this paper the GDPR rules on profiling and automated decision-making are analyzed. understanding of the concepts is discussed, the industry practices with focus on big data analytics, and the potential shortcomings of limitations on the profiling and automated decision-making under GDPR. The research finds the concept of big data problematic under GDPR, and the rules on profiling and automated decision-making ambiguous at times. The research also highlights potential impacts on privacy concerns of social groups as well as shortcomings of data anonymization.