| I agree that it probably does not include the vast majority of automated bans.. but I'd prompt anyone interested to read the relevant guidelines to understand what might be in scope as far as legal effects or "significant effects" are concerned; it goes well beyond profiling by authorities, and commercial data controllers are far from exempt. One example of a legal effect is cancellation of a contract. Examples of significant effect include automatic refusal of an online credit application, and e-recruiting practices without any human intervention. Advertising is in scope too: "For example, someone known or likely to be in financial difficulties who is regularly targeted with high interest loans may sign up for these offers and potentially incur further debt." Pricing is in scope too: "Automated decision-making that results in differential pricing based on personal data or personal characteristics could also have a significant effect if, for example, prohibitively high prices effectively bar someone from certain goods or services." Finally, there's an example of profiling reducing a credit card limit. "This could mean that someone is deprived of opportunities based on the actions of others." Anecdotally, getting kicked out of my email account has had far bigger effects on me than being rejected my credit card application. https://ec.europa.eu/newsroom/article29/items/612053/en |