It depends.
While most modern data privacy statutes allow individuals to request access to the personal information held by an organization about the individual, they do not confer upon individuals a right to understand how or why a business has made decisions about them. That said, one privacy statute – the California Privacy Rights Act
No.
Modern state privacy statutes in the United States (set to go into effect in 2023) and European privacy regulations adopt a similar definition of “profiling,” which occurs when three elements are met:
While state privacy statutes in the United States scheduled to go into force in 2023 and modern European privacy regulations adopt a similar definition of “profiling,” the term has yet to judicially interpreted or applied in the United States. Within Europe, the Article 29 Working Party took the position that for an action to constitute
Modern U.S. data privacy laws (e.g., the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act) will impose three types of obligations upon companies that engage in profiling when they go into effect in 2023.
First, the general rights given to individuals under modern
Possibly.
While modern privacy statutes in the United States and Europe adopt a similar definition of “profiling,” the term has yet to be judicially interpreted or applied in the United States. Within Europe, the Article 29 Working Party took the position that for an action to constitute profiling three elements must be met:
Modern privacy statutes create special rules for activities that involve “profiling.” As the following chart indicates, the term is defined in a similar way between modern United States and European privacy statutes:
| Source | GDPR | CCPA | CPRA (effective 2023) | VCDPA (effective 2023) | CPA (effective 2023) |
| Term | Profiling | Profiling | Profiling | Profiling | Profiling |
| Definition | “Profiling” means any form |
The Virginia Consumer Data Protection Act, which is scheduled to go into effect in 2023, states that a consumer has the right to “opt out of the processing of the personal data for purposes of [] targeted advertising . . . .”1 Unlike other state statutes, such as the CPRA, the Virginia Consumer Data
The Colorado Privacy Act, which is scheduled to go into effect in 2023, states that a consumer “has the right to opt out of the processing of personal data” for the purposes of “targeted advertising.”1 Unlike other state statutes, such as the CPRA, the Colorado Privacy Act does not contain an exemption for situations
So much has been said about the new Cross-Border standard contractual clauses (SCC), which the EU Commission finally adopted on 4 June 2021 (see GT blog post from 9 June 2021), that it almost went unnoticed that the Commission published two different kinds of SCC that day. The other set of SCC (the DPA-SCC)
The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report on the average