Hello, an interesting topic indeed.
I read the rules to objecting to marketing profiling / marketing resulting in the following outcomes:
An individual objects to marketing profiling -
The individual continues to receive general marketing that has not been selected by profiling. No profiling in relation to marketing will happen to this individual, but profiling unrelated to marketing could continue.
An individual objects to marketing -
The individual does not receive any further marketing. No profiling in relation to marketing will happen to this individual, but profiling unrelated to marketing could continue.
As the RSPCA and BHF judgements were pre-GDPR, and the ruling was made under DPA 1998, I feel any instance of the word "profiling" in context of those judgements does not categorically mean "profiling" as defined in GDPR, and the ICO mainly focused on wealth screening in this ruling. The issue that ICO had was that mass wealth-screening services were used obtain additional information from external publicly available sources to create wealth / capacity profiles, and individuals were not informed of this, could not reasonably expect this - and because of this - could not object to this if they wished.
The ICO did not explicitly say profiling required consent, just that they believed certain profiling would unlikely be covered by legitimate interests, and if it wasn’t, that consent would be required. It highlighted that there would be an element of risk in relying on legitimate interests for wealth screening, without explicitly saying this was not possible.
Back to your final question, and considering this under GDPR, I believe individuals do have a right to be informed of profiling under the Article 5(1)(a), Article 13(1), (2)(f) & (3), and when additional data is obtained from elsewhere, Article 14(1)(c),(d), 2(g) & (3)
Presuming this processing is being conducted under legitimate interests, they would have grounds to object to this processing under Article 13(2)(b), Article 14(2)(c) and Article 21(1) - I do not believe a processor could argue "compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject" in relation to continuing profiling.
i would question why / where would there be a scenario an organisation would not want to be transparent in their use of profiling and not allow an individual to object to the use of profiling?
Thanks,
Michael
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|