The right not to be subject to automated decision making, including profiling is one of the rights enshrined in the #GDPR.
– It forbids subjecting DS to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects the DS (art. 22 GDPR)
– While it is not a novel provision, since a similar one can be found in art. 2 loi relative à l’informatique, aux fichiers et aux libertés du 06/01/1978 (FR), it is a right whose borders are still contested.
– Recently, the Agencia Española de Protección de Datos – AEPD found that CaixaBank violated arts. 13-14 and 6 and imposed a €6m fine (the largest ever registered), found that art. 22 was not compromised. The ES DPA, however, provided little guidance on how art. 22 should be interpreted (see p. 152-155 fine PS/00477/2019 link in comments)
– Take a look at the rationale and elements of art. 22 in a visually friendly way in ‘Data Protection Law in charts’
Links
Data Protection Law in Charts. A Visual Guide to the GDPR
CaixaBank fine (ES DPA) PS/00477/2019
0 comentarios