The California Privacy Rights Act (CPRA) defines profiling as the automated processing of personal information to evaluate specific personal aspects of an individual. These aspects can include performance at work, economic situation, health, preferences, interests, reliability, behavior, location, or movements. Profiling is often used in marketing, risk analysis, or credit scoring.

While automated decision-making can improve efficiency and personalization, CPRA introduces new requirements to protect consumers from potential misuse.

When Profiling Requires Extra Transparency

Under CPRA, businesses must disclose if they use automated decision-making, especially when it significantly affects consumers. Examples include:

• Targeted advertising based on online behavior

• Creditworthiness evaluation

• Eligibility decisions for jobs, housing, or loans

The California Privacy Protection Agency (CPPA) is empowered to issue regulations giving consumers the right to access information about profiling, and potentially opt out of certain forms of automated decision-making.

Businesses may be required to:

• Explain the logic used in profiling

• Disclose the expected impact on the consumer

• Provide ways to opt out or contest profiling outcomes

These provisions align CPRA more closely with GDPR’s stance on algorithmic transparency and individual rights.

Why It Matters

Profiling can raise fairness, bias, and discrimination concerns. CPRA empowers California residents to better understand how their data is used and to object to potentially harmful automated decisions. For businesses, transparent and ethical profiling is key to building trust and maintaining compliance.