Automated Processing of Personal Data for the Evaluation of Personality Traits: Legal and Ethical Issues
33 Pages Posted: 23 Jan 2018 Last revised: 7 Feb 2018
Date Written: January 16, 2018
This paper examines the approach under the General Data Protection Regulation (GDPR) to profiling and (automated) decision-making as well as the corresponding legal and ethical implications. The definition of profiling under the GDPR is analysed in relation to different degrees of automation when it comes to decision-making based on the processing of personal or non-personal data. A two-step approach to profiling and decision-making, which can be found in the structure and wording of the GDPR, is described and analysed. It is argued that the use of this model helps understand how profiling and decision-making are conducted and how the two steps are interconnected. Furthermore, the two-step approach allows to identify various legal implications of profiling and the corresponding decision-making, such as those related to privacy and economic freedom. Further, the discussion of ethical aspects draws on two recent and controversial use cases. The first example deals with discriminatory effects that may result from profiling. The second one concerns opaque automated decision-making in the context of credit scoring. This ethical assessment is based on the ethical framework supplied by the wording of the GDPR.
Keywords: data-driven economy, big data, profiling, credit scoring, automated decision-making, GDPR, data protection, privacy
Suggested Citation: Suggested Citation