Do algorithms rule the world? Algorithmic decision-making and data protection in the framework of the GDPR and beyond

Maja Brkan*

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

The purpose of this article is to analyse the rules of the General Data Protection Regulation (GDPR) and the Directive on Data Protection in Criminal Matters on automated decision-making and to explore how to ensure transparency of such decisions, in particular those taken with the help of algorithms. Both legal acts impose limitations on automated individual decision-making, including profiling. While these limitations of automated decisions might come across as a forceful fortress strongly protecting individuals and potentially even hampering the future development of Artificial Intelligence in decision-making, the relevant provisions nevertheless contain numerous exceptions allowing for such decisions. While the Directive on Data Protection in Criminal Matters worryingly does not seem to give the data subject the possibility to familiarize herself with the reasons for such a decision, the GDPR obliges the controller to provide the data subject with 'meaningful information about the logic involved' (Articles 13(2)(f), 14(2)(g) and 15(1)(h)), thus raising the much-debated question whether the data subject should be granted a 'right to explanation' of the automated decision. This article seeks to go beyond the semantic question of whether this right should be designated as the 'right to explanation' and argues that the GDPR obliges the controller to inform the data subject of the reasons why an automated decision was taken. While such a right would in principle fit well within the broader framework of the GDPR's quest for a high level of transparency, it also raises several queries: What exactly needs to be revealed to the data subject? How can an algorithm-based decision be explained? The article aims to explore these questions and to identify challenges for further research regarding explainability of automated decisions.

Original languageEnglish
Pages (from-to)91-121
Number of pages31
JournalInternational journal of law and information technology
Volume27
Issue number2
Early online date11 Jan 2019
DOIs
Publication statusPublished - 2019

Keywords

  • Article 11 Directive 2016/680
  • Article 22 GDPR
  • General Data Protection Regulation
  • PERSONAL DATA
  • algorithmic transparency
  • automated decision-making
  • right to explanation

Cite this