Do Algorithms Rule the World? Algorithmic Decision-Making in the Framework of the GDPR and Beyond
A revised version of this paper has been published in International Journal of Law and Information Technology, 11 January 2019, DOI; 10.1093/ijlit/eay017
29 Pages Posted: 28 Feb 2018 Last revised: 31 Jan 2019
Date Written: August 1, 2017
Abstract
The purpose of this paper is to analyse the rules of the General Data Protection Regulation and of the and the Directive on Data Protection in Criminal Matters on automated decision making in the age of Big Data and to explore how to ensure transparency of such decisions, in particular those taken with the help of algorithms. Both legal acts impose limitations on automated individual decision-making, including profiling. While these limitations of automated decisions might come across as a forceful fortress strongly protecting individuals and potentially even hampering the future development of AI in decision making, the relevant provisions nevertheless contain numerous exceptions allowing for such decisions. Moreover, in case of automated decisions involving personal data of the data subject, the GDPR obliges the controller to provide the data subject with ‘meaningful information about the logic involved’ (Articles 13(2)(f) and 14(2)(g)), thus raising the much-debated question whether the data subject should be granted a right to explanation of the automated decision. While such a right would in principle fit well within the broader framework of GDPR’s quest for a high level of transparency, it also raises several queries: What exactly needs to be revealed to the data subject? How can an algorithm-based decision be explained? Apart from technical obstacles, we are facing also intellectual property obstacles and implementation obstacles to this ‘algorithmic transparency’. The paper seeks to find ways how to reconcile the potential recognition of the right to explanation with the transparency requirement.
Keywords: General Data Protection Regulation, automated decision-making, right to explanation, algorithmic transparency, Article 22 GDPR
Suggested Citation: Suggested Citation