Risks of Profiling and the Limits of Data Protection Law

  • Bart Schermer
Part of the Studies in Applied Philosophy, Epistemology and Rational Ethics book series (SAPERE, volume 3)


Profiling and automated decision-making may pose risks to individuals. Possible risks that flow forth from profiling and automated decision-making include discrimination, de-individualisation and stereotyping. To mitigate these risks, the right to privacy is traditionally invoked. However, given the rapid technological developments in the area of profiling, it is questionable whether the right to informational privacy and data protection law provide an adequate level of protection and are effective in balancing different interests when it comes to profiling. To answer the question as to whether data protection law can adequately protect us against the risks of profiling, I will discuss the role of data protection law in the context of profiling and automated decision-making. First, the specific risks associated with profiling and automated decision-making are explored. From there I examine how data protection law addresses these risks. Next I discuss possible limitations and possible drawbacks of data protection law when it comes to the issue of profiling and automated decision-making. I conclude with several suggestions to for making current data protection law more effective in dealing with the risks of profiling. These include more focus on the actual goals of data processing and ‘ethics by design’.


Moral Reason Personal Data Data Protection Working Party Data Subject 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Barbaro, M., Zeller, T.: A face is exposed for AOL searcher no. 44177179. New York Times (2006), online version via: (last visited: December 28, 2011)
  2. Borking, J.J.F.M.: Privacyrecht is code. Kluwer, Deventer (2010) (in Dutch) Google Scholar
  3. Blok, P.: Het Recht op Privacy. Boom Juridische uitgevers, Den Haag (2002) (in Dutch) Google Scholar
  4. Bygrave, L.: Minding the machine: article 15 of the EC data protection directive and automated profiling. Computer Law & Security Report 17, 17–24 (2001) Google Scholar
  5. Custers, B.H.M.: Data Mining with Discrimination Sensitive and Privacy Sensitive Attributes. In: Proceedings of ISP 2010, International Conference on Information Security and Privacy, Orlando, Florida, July 12/14 (2010) Google Scholar
  6. Hildebrandt, M.: Defining Profiling: A New Type of Knowledge? In: Hildebrandt, M., Gutwirth, S. (eds.) Profiling the European Citizen, Cross-Disciplinary Perspectives. Springer Science (2008) Google Scholar
  7. van den Hoven, J.: Privacy and the Varieties of Informational Wrongdoing. Australian Journal of Professional and Applied Ethics, Special Issue 1 (June 1999) Google Scholar
  8. van den Hoven, J.: Information Technology, Privacy and the Protection of Personal Data. In: van den Hoven, J., Weckert, J., et al. (eds.) Information Technology and Moral Philosophy, pp. 301–332. Cambridge University Press, Cambridge (2008) Google Scholar
  9. Lessig, L.: Code 2.0. Perseus Book Group, New York (2006) Google Scholar
  10. Ohm: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization. UCLA Law Review 57, 1701–1777 (2010) Google Scholar
  11. Schermer, B.W.: Software Agents, Surveillance, and the Right to Privacy: a Legislative Framework for Agent-enabled Surveillance, PhD. Thesis. Leiden University (2007) Google Scholar
  12. Schwarz, Solove: The PII Problem: Privacy and a new concept of personal identifiable information. New York University Law Review 86, 1814 (2011)Google Scholar
  13. Terstegge, J.: Back to basics: privacy ethics (2009), (last visited: December 28, 2011) Google Scholar
  14. Vedder, A.: KDD: The challenge to individualism. Ethics and Information Technology 1(4) (December 1999) Google Scholar
  15. Verwer, Calders: Three Naive Bayes Approaches for Discrimination-Free Classification. In: Data Mining: Special Issue with Selected Papers from ECML-PKDD 2010. Springer (2010) Google Scholar
  16. Zwenne, G.J.: Over persoonsgegevens en IP-adressen, en de toe komst van privacywetgeving. In: Mommers, L., Franken, H., Klaauw, F., van der Herik, H., van der Zwenne., G.-J. (eds.) Het Binnenstebuiten, Liber Amicoru m Aernout Schmidt, pp. 321–341. Universiteit Leiden (2010) (in Dutch) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.eLaw, Institute for Law in the Information SocietyLeiden UniversityLeidenThe Netherlands

Personalised recommendations