Automated Decision Making and the GDPR
In today’s blog we delve into automated decision making and the GDPR.
Artificial Intelligence is increasingly becoming ingrained in all facets of our societies and lives. While it certainly heralds an age of cool futuristic technology and applications—facial recognition and self-driving cars for example!—what about when AI is utilized as an automated decision making tool? Can this pose an issue to an individual’s right? What are the possible implications? Is it fair? Are there any legal provisions to ensure fairness?
In our latest vlog we explore some frequently asked questions as it relates to Artificial Intelligence, automated decision making and the GDPR. Click here to take a look.
A deeper look: GDPR and Automated Individual Decision making, including profiling
Automated decision-making is described by the ICO as “the process of making a decision by automated means without any human involvement.”
These decisions, the ICO says, can be based on factual data, as well as on digitally created profiles or inferred data. Examples of this include:
Meanwhile Article 4 (4) defines profiling as “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”
The ICO offers the following examples of profiling:
Yet while automated decision making and profiling have several benefits for both businesses and consumers, they carry risks for people’s rights and freedoms. A false or unfair decision may lead to significant adverse effects for individuals, from discrimination to undue intrusion into private life.
Article 22 of the GDPR—referenced in our vlog—seeks to address this and other risks by setting the strict parameters that “the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”
Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.
Latest posts by Christine Chrycee Charlemagne (see all)
- Withdrawal of Consent Should be Easy - November 15, 2019
- Automated Decision Making and the GDPR - November 8, 2019
- Failure to adhere to GDPR’s Right to Object results in EUR 200,000 Fine - November 6, 2019