In the United States, What Are the Different “Types” of Profiling for Privacy Compliance Purposes?

Profiling is outlined in a number of statutes as any kind of automated processing of private knowledge to guage, analyze, or predict private elements regarding an recognized or identifiable particular person’s financial state of affairs, well being, private preferences, pursuits, reliability, habits, location, or actions.[1] Profiling actions can loosely be grouped into the following three classes or buckets with the corresponding compliance-related obligations:

 

Bucket 1

Profiling that does not (1) impose a fairly foreseeable threat to knowledge topics or (2) issue into a choice that produces a authorized or equally vital impact.

Bucket 2

Profiling that does impose a fairly foreseeable threat to knowledge topics however does not issue into a choice that produces a authorized or equally vital impact.

Bucket 3

Profiling that does issue into a choice that produces a authorized or equally vital impact.[2]

Entry proper for enter knowledge.[3]

 

Entry proper for output knowledge.

Deletion proper for enter knowledge.

Deletion proper for output knowledge.

Correction proper for enter knowledge.

Correction proper for output knowledge.

Conduct a Knowledge Safety Affect Evaluation to research potential for unfair or misleading therapy, disparate impression, monetary, damage, and so on.

✔[4]

✔[5]

Choose-out proper from processing.

✔[6]

 

[1] C.R.S. 6-1-1303(20) (2021).

[2] Whereas European regulators have provided steerage as to what sorts of selections would possibly product authorized or related results, it’s unclear whether or not that steerage will probably be adopted by regulators in the United States.

[3] The phrase “rights” on this chart refers solely to the proper of a person to request the motion; it doesn’t essentially imply that a company should honor the request. Trendy privateness statutes include a quantity of exceptions which will apply to particular requests to entry, delete, or appropriate private data.

[4] Va. Code 59.1-573(A)(5) (2021); C.R.S. 6-1-1306(1)(a)(I)(C) (2021).

[5] Va. Code 59.1-573(A)(5) (2021); C.R.S. 6-1-1306(1)(a)(I)(C) (2021).

[6] Va. Code 59.1-573(A)(5) (2021); C.R.S. 6-1-1306(1)(a)(I)(C) (2021).

Source link