PHG Foundation responds to new profiling provisions in the General Data Protection Regulation

PHG Foundation has submitted a response on profiling and automated decision-making provisions in the General Data Protection Regulation (GDPR) to the Information Commissioner's Office (ICO).

Healthcare and public health programmes could be using profiling and automated decision-making within the next few years in a variety of ways. One emerging application is to improve risk stratification approaches in the context of personalised prevention of disease.

Risk-stratification i.e.grouping individuals by level of risk so they can be offered tailored health interventions - as part of public health practice is not new (read more in our COGS work). However, its utilisation on an automated basis is novel.

In preparation for the General Data Protection Regulation coming into force on 25 May 2018 the ICO is assessing the GDPR’s key themes to help organisations understand the new legal framework. Profiling is one area in the GDPR the ICO has prioritised for guidance.

PHG Foundation Head of Humanities, Alison Hall, who drafted the response, said:

The EU General Data Protection Regulation will introduce new restrictions on profiling data. It is important that new requirements, such as for informed consent, do not prevent new technologies which could support improved health care from being adopted in the future. These include risk-stratification tools, decision-support systems and the use of patient/citizen held devices for monitoring or health improvement.

Read our full response here