small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

ICO Begins GDPR Profiling Discussion

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

ICO Begins GDPR Profiling Discussion

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

London

Related Topics

Europe Privacy
Consumer Privacy

Related Capabilities

Privacy & Data Security

Related Regions

Europe

April 25, 2017

The UK Information Commissioner’s Office (ICO) recently published initial thoughts on some of the new profiling provisions in the General Data Protection Regulation (GDPR). The ICO’s discussion paper highlights the fact that profiling can often take place without an individual’s knowledge, and touches on the increasingly sophisticated ways in which profiling is used to deliver behaviorally targeted advertisements. The paper also covers the legal definition of profiling. The ICO has requested feedback by the end of the month in relation to:

  • When, how, and why organizations carry out profiling, and whether a degree of inference is necessary for a process to be considered profiling;
  • How organizations will ensure that profiling carried out is fair and not discriminatory;
  • How organizations will ensure that information used for profiling is relevant, accurate, and kept for no longer than necessary;
  • Whether organizations have considered the legal basis for carrying out profiling on personal data;
  • How organizations will ensure the provision to individuals of timely fair processing information (as required under the GDPR);
  • How organizations will strike the balance between legitimate profiling and individuals’ rights and freedoms; and
  • Any difficulties foreseen in implementing the GDPR requirement to carry out a data protection impact assessment.

TIP: Those interested may submit comments in the feedback request form by April 28.

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising

We, our service providers, and other third parties use cookies and other analytics, advertising, and tracking technologies on this site. Your information, including personal information and interactions with this site, may be monitored, recorded, or collected through these tools and further used or disclosed by us, our service providers, and authorized third parties. For more details, please visit our privacy policy.