Profiling: when data becomes a judgement about you

Profiling is automated evaluation — predicting your behaviour, creditworthiness, health or reliability from data. It carries its own transparency duties and its own objection right.

Profiling (Art. 4(4)) is any automated use of data to evaluate you — predict performance, economic situation, health, preferences, reliability, movements. It is everywhere: credit scores, insurance pricing, fraud flags, ad segments, recommender feeds, CV-ranking software. What the GDPR attaches to it: transparency — you must be told profiling exists and, for decisions, get “meaningful information about the logic” (Art. 13–15); the objection right — absolute when profiling serves marketing, balancing-test otherwise; and the Art. 22 shield when a profile alone drives decisions with serious effects — the CJEU’s SCHUFA ruling put credit scoring itself inside that shield. The escalation nobody mentions: profiles that infer sensitive traits — health from purchases, orientation from behaviour — cross into Art. 9 territory where “legitimate interest” cannot follow. Seeing your profiles: an access request covers derived data — ask explicitly for “all profiles, segments, scores and inferences”, because takeout tools return raw data and quietly omit the judgements. The judgements are the point.

Verified against the sources above on 18 July 2026. Information, not legal advice.

← Privacy explained📞 Your data protection authority