Even today, using data for a purpose for which the individual gave no explicit permission is risky. Witness "NHS illegally handed Google firm 1.6m patient records, UK data watchdog finds".
It only gets more complicated when combinations of algorithms, machine learning and AI analyse "Big Data".
With GDPR it is no use using a defence that " It was the algorithm wot did it, not me guv!"
Whatever decisions were made automatically must be auditable and using data that expressly has the agreement of the data owners to be used in that way. Customers which demand access to and ability to correct or redact data involved in AI will cause a few headaches!
In Britain, InsurTech firms put their focus on social media to assess the probability of claims, fueling concerns about data security. Last year, Admiral, an automobile insurance company in Britain, had to abandon its plans to take data from Facebook to set insurance premiums following objections from the social media company. The Federation of German Consumer Organisations (VZBV), also sees big risks from using big data in fixing insurance rates, fearing the trend will end up assigning risk based on social media norms, something many people see as discrimination. Needless to say, insurance companies are being told to consider the legal implications of using social media data.