D7.3: Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence: Future of IDentity in the Information Society

You are here: Resources > FIDIS Deliverables > Profiling > D7.3: Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence >

Resources

Identity Use Cases & Scenarios.
FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
  - D7.2: Descriptive analysis and inventory of profiling practices.
  - D7.3: Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence.
  - D7.4: Implications of profiling practices on democracy.
  - D7.6 Workshop on AmI, Profiling and RFID.
  - D7.7: RFID, Profiling, and AmI.
  - D7.8: Workshop on Ambient Law.
  - D7.9: A Vision of Ambient Law.
  - D7.10: Multidisciplinary literature selection, with Wiki discussion forum on Profiling, AmI, RFID, Biometrics and Identity.
  - D7.11: Kick-off Workshop on biometric behavioural profiling and Transparency Enhancing Technologies.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
IDIS Journal.
FIDIS Interactive.
Press & Events.
In-House Journal.
Booklets
Identity in a Networked World.
Identity R/Evolution.

Title:
THE THIRD STEP: THE APPLICATION OF (GROUP) PROFILES

The third step: the application of (group) profiles

The Data Protection Directive

Applicability of the directive at the application level generally depends on the identifiability of the person targeted - if application of a profile gives rise to some activity that falls within the scope of ‘processing’, as defined in article 2.b: ‘any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction’. Article 15, which concerns the automatic application of automated profiles to individuals, is very relevant in this second level. Also at this point, the distinction between group profiles and personalised profiles is relevant.

Group profiles

The application of group profiles in AmI environments implies that the group profile has to be activated in one way or another. This activation can occur in two ways, either the AmI environment detects personal data of identifiable persons that indicate the applicability of the profile, or the AmI environment detects data of non-identifiable persons or other information that indicate applicability. This distinction has consequences from a legal point of view. If personal data are detected (if the group profile applies to an identifiable person) data protection law applies: the rights of the subjects and the obligations of the data controller are defined (see infra). If the group profile is not applied to an identifiable person, data protection law does not apply.

Personalised profiles

If we start from the fact that the application of personalised profile requires the detection of personal data at the moment of application, data protection law applies in these situations. If the personalised profile is applied to a person using pseudonyms, data protection legislation may not apply if these pseudonyms can not be linked to an identifiable person

55 / 62