Automated Decision Making and the GDPR

Automated decision making and GDPR

In today’s blog we delve into automated decision making and the GDPR.

Artificial Intelligence is increasingly becoming ingrained in all facets of our societies and lives. While it certainly heralds an age of cool futuristic technology and applicationsfacial recognition and self-driving cars for example!what about when AI is utilized as an automated decision making tool? Can this pose an issue to an individuals right? What are the possible implications? Is it fair? Are there any legal provisions to ensure fairness?

In our latest vlog we explore some frequently asked questions as it relates to Artificial Intelligence, automated decision making and the GDPR. Click here to take a look.

A deeper look: GDPR and Automated Individual Decision making, including profiling

Automated decision-making is described by the ICO  asthe process of making a decision by automated means without any human involvement.

These decisions, the ICO says, can be based on factual data, as well as on digitally created profiles or inferred data. Examples of this include:

an online decision to award a loan; and
an aptitude test used for recruitment which uses pre-programmed algorithms and criteria.

Meanwhile Article 4 (4) defines profiling as any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The ICO offers the following examples of profiling:

collect and analyse personal data on a large scale, using algorithms, AI or machine-learning;
identify associations to build links between different behaviours and attributes;
create profiles that you apply to individuals; or
predict individualsbehaviour based on their assigned profiles.

Yet while automated decision making and profiling have several benefits for both businesses and consumers, they carry risks for people’s rights and freedoms. A false or unfair decision may lead to significant adverse effects for individuals, from discrimination to undue intrusion into private life.

Article 22 of the GDPRreferenced in our vlogseeks to address this and other risks by setting the strict parameters that the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *