Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Dixon, Tim --- "Profiling and Privacy" [1995] PrivLawPRpr 62; (1995) 2(5) Privacy Law & Policy Reporter 95

Profiling and Privacy

Australian Privacy Commissioner, Information Paper No 2, April 1995

Profiling and Privacy, written by the Privacy Branch's Steve Maguire, defines profiling as, 'the process of ascertaining characteristics which are closely associated with a particular target group and the subsequent searching of databases to identify other individuals who have the same or similar characteristics.' It is a technique receiving increasing use in both the public and private sectors.

Profiling enables an organisation to identify individuals who may have a higher likelihood of having engaged in, or intending to engage in, certain behaviour. In the public sector, this behaviour may be tax evasion, welfare fraud, money laundering, and criminal conduct. In the private sector, profiling is used for direct marketing and to assess credit risks. Roger Clarke has previously examined many of the issues surrounding the use of profiling (see 1 PLPR 128 for a summary and references), but the literature is otherwise slight.

The three uses of profiling which the paper discusses are to detect incorrect payments and fraud control in Commonwealth administration, for direct marketing, and in financial services. It does not mention how many agencies or corporations are involved in data profiling or how many profiling operations are currently conducted, but it argues that profiling is likely to become more widespread as the amount of personal information collected increases, particularly with the arrival of new technologies. The paper notes that the development of artificial intelligence and neural networks technologies may in time replace the use of profiling.

The paper highlights the main concerns relating to the use of profiling:

• unfair assumptions may be made about individuals simply because they fit a certain profile;
• reversal of the presumption of innocence;
• arbitrary action may be taken against individuals who fit a profile;
• reuse of data for unrelated purposes;
• discrimination;
• profiling can be distorted by poor quality data;
• individuals' access to and correction of data;
• profiling may become highlight intrusive; and
• the security of personal information.

The last chapter discusses controls on profiling, including the specific provisions of the European Union Directive relating to profiling which prevents an adverse decision on an individual being made entirely on the basis of automated decision making. It highlights the lack of controls over profiling in Australia, but states that it has not been thought necessary as yet for the Privacy Commissioner to issue guidelines covering profiling in Commonwealth administration.

The paper concludes that the lack of openness among organisations about their information practices, and in particular their use of profiling, makes them less accountable both in terms of the impact of profiling on an individual and its financial merits. The paper does not come to any conclusion about whether or not profiling is desirable in particular circumstances.

Tim Dixon