In 2023, the Parliament of Georgia adopted a new Law “On Personal Data Protection”, which encompasses the main provisions of the General Data Protection Regulation (GDPR) of the European Union and introduces several innovations in the field of national personal data protection. 

This time, we will focus on the concept of “profiling”. 

In non-legal terms, profiling refers to the use of a person’s personal characteristics, behavior, interests, habits, etc., to make predictions or decisions about that person. For example, when you apply for a loan through an online bank, the bank uses an algorithm to analyze information about you, such as your economic status and behavior, to determine whether to grant you a loan and in what amount. 

Profiling can be beneficial for companies and consumers in sectors such as healthcare, education, and financial services. 

However, as profiling is often an invisible process, many people are unaware that their personal data is being used for this purpose. This lack of transparency raises concerns about potential threats, including discrimination, depersonalization, and stigmatization. 

To address these concerns, The GDPR and, accordingly, the new Law of Georgia “On Personal Data Protection” stipulates that the data subject has the right not to be subject to a decision made solely on an automated basis, including profiling, which gives rise to legal or other types of to a significant result (the new law also establishes exceptions to this basic rule). In addition, the data subject has the right to request information about the decision made through automated processing, including profiling, and the logic used to make such decision.

Furthermore, companies and institutions are required to conduct a data protection impact assessment when making decisions that have legal, financial, or other significant consequences for individuals through fully automated processes, including profiling.