Automated processing of personal data to evaluate, analyse, or predict individual behaviour or characteristics.
Profiling is any form of automated processing of personal data that evaluates personal aspects relating to a natural person, particularly to analyse or predict their work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements. Under DPDPA, profiling requires clear consent disclosure and falls under the enhanced obligations for Significant Data Fiduciaries.
If your product builds user profiles for ad targeting, credit scoring, or personalisation, you must specifically disclose this in your consent notice. Users have the right to know they are being profiled and can withdraw consent.
A Mumbai adtech company tracks user behaviour across partner websites to build interest profiles for targeted advertising. Under DPDPA, this profiling must be clearly disclosed in the consent notice with a specific purpose statement, and users must be able to opt out.
Basic analytics (page views, session duration) is generally not profiling. Profiling specifically involves evaluating or predicting individual characteristics — not aggregate statistics.
DPDPA Shield automates Consent Management. See how →