Profiling, in general, means any form of collecting information about a person or group of people and evaluating the characteristics or behaviour patterns of that person or group of people, to include them in a certain category or group to analyse and/or make predictions about their interests, behaviours, preferences.

The “profiling” is therefore any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person”.

Through profiling, individuals may be associated with online identifiers provided by their devices, applications, tools and protocols, such as IP addresses, cookies or other types of identifiers (eg radio frequency identification tags).

These identifiers can leave traces that, in combination with unique identifiers and other information received by servers, can be used to profile and identify individuals.

At each stage of profiling there is:
1. DATA COLLECTION
2. AUTOMATED ANALYSIS FOR FINDING CORRELATIONS
3. APPLICATION OF THE CORRELATION TO AN INDIVIDUAL TO IDENTIFY PRESENT OR FUTURE BEHAVIOR BEHAVIOURS
The data controller must ensure that he meets the requirements of the Regulation and give adequate guarantees to all those whose personal data he processes, which should include:

·        informing data subjects about the processing
·        the right to obtain human intervention
·        the right to express his or her point of view
·        the right to receive an explanation of the decision
·        the right to contest the decision

In any case, the data controller must ➡:

• use appropriate mathematical or statistical tools and programs for profiling
• apply adequate technical and organizational measures to:
1)     ensure that factors leading to inaccuracies in the data are rectified and the risk of errors is minimized;
2)     guarantee the security of personal data, considering all the possible risks which can affect interests and rights of the data subjects;
3)     prevent discriminatory effects against individuals based on race or ethnic origin, political beliefs, religion or personal beliefs, union membership, genetic characteristics, health condition or sexual orientation.