Scenario 3: use of food orders to adapt health insurance premiums Claudia’s pizza consumption habits, including the time and nature of food orders, are sold by the chain to an insurance company, which uses them to adapt its health insurance premiums. Brief analysis: the health insurance company may have a legitimate interest - to the extent applicable regulations allow this - in assessing the health risks of its customers and charge differentiated premiums according to the different risks. However, the way in which the data are collected and the scale of the data collection in itself are excessive. A reasonable person in the situation of Claudia would be unlikely to have expected that information about her pizza consumption would have been used to calculate her health insurance premiums. In addition to the excessive nature of the profiling and possible inaccurate inferences (the pizza could be ordered for someone else), the inference of sensitive data (health data) from seemingly innocuous data (take-away-orders) contributes to tipping the balance in favour of the data subject's interests and rights. Finally, the processing also has a significant financial impact on her. On balance, in this specific case the interests and rights of the data subject override the legitimate interests of the health insurance company. As a consequence, Article 7(f) should not be relied on as a legal ground for the processing. It is also questionable whether Article 7(a) could be used as a legal ground, considering the excessive scale of the data collection, and possibly, also due to further specific restrictions under national law.
The above scenarios and the possible introduction of variations with other elements underline the need for a limited number of key factors that can help focus the assessment, as well as the need for a pragmatic approach that allows the use of practical assumptions ('rules of thumb') based primarily on what a reasonable person would find acceptable under the circumstances ('reasonable expectations') and based on the consequences of the data processing activity for data subjects ('impact'). III.3.4. Key factors to be considered when applying the balancing test Member States have developed a number of useful factors to be considered when carrying out the balancing test. These factors are discussed in this Section under the following four main headings: (a) assessing the controller’s legitimate interest, (b) impact on the data subjects, (c) provisional balance and (d) additional safeguards applied by the controller to prevent any undue impact on the data subjects.69 To carry out the balancing test it is first important to consider the nature and source of the legitimate interests on the one hand and the impact on the data subjects on the other hand. This assessment should already take into account the measures that the controller plans to adopt to comply with the Directive (for example, to ensure purpose limitation and proportionality under Article 6, or to provide information to the data subjects under Articles 10 and 11). 69
Due to their importance, some specific issues related to safeguards will be further discussed under separate headings in Sections III.3.5 and III.3.6.
33
