Article 4(4). Profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Information Society ◽  
Personal Data ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 5 (Principles relating to processing of personal data); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services) (see also recital 38); Article 13(2)(f) (Information on the existence of automated decision-making, including profiling) (see also recital 60); Article 14(2)(g) (Information on the existence of automated decision-making, including profiling) (see also recital 60); Article 15(1)(h) (Right of access regarding automated decision-making, including profiling) (see also recital 63); Article 21 (Right to object) (see also recital 70); Article 22 (Automated decision-making, including profiling) (see also recital 71); Article 23 (Restrictions) (see also recital 73); Article 35(3)(a) (Data protection impact assessment) (see also recital 91); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling)/

Article 22 Automated individual decision-making, including profiling

2020 ◽  
Author(s):  
Lee A. Bygrave
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Individual Decision Making ◽  
Definition Of ◽  
Article 5 ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Legal Grounds

Article 3(2)(b) (Monitoring of data subjects’ behaviour); Article 4(4) (Definition of ‘profiling’); Article 5(1)(a) (Fair and transparent processing) (see also recitals 39 and 60); Article 5(2) (Accountability); Article 6 (Legal grounds for processing of personal data); Article 8 (Conditions applicable to children’s consent in relation to information society services); Article 12 (see too recital 58); Article 13(2)(f) (Information on the existence of automated decision-making); Article 14(2)(g) (Information on the existence of automated decision-making); Article 15(1)(h) (Right of access regarding automated decision-making); Article 21 (Right to object) (see also recital 70); Article 23 (Restrictions); Article 35(3)(a) (Data protection impact assessment) (see too recital 84); Article 47(2)(e) (Binding corporate rules); Article 70(1)(f) (EDPB guidelines on automated decisions based on profiling).

Article 30 Records of processing activities

2020 ◽  
Author(s):  
Waltraut Kotschy
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Flows ◽  
Right Of Access ◽  
Data Subject ◽  
General Conditions

Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 24 (Responsibility of the controller); Article 32 (Security of processing); Article 35 (Data protection impact assessment); Article 37 (Designation of a data protection officer); Article 49 (Derogations for specific situations concerning transborder data flows); Article 83 (General conditions for imposing administrative fines)

Article 4(11). Consent

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Information Society ◽  
Personal Data ◽  
Individual Decision ◽  
Individual Decision Making ◽  
Article 9 ◽  
Data Portability ◽  
Article 5 ◽  
Data Subject

Article 5 (Principles relating to processing of personal data) (see also recitals 33, 39 and 50); Article 6(1)(a) (Lawfulness of processing on basis of consent) (see too recital 40); Article 7 (Conditions for consent) (see also recital 42); Article 8 (Conditions applicable to child’s consent in relation to information society services) (see too recital 38); Article 9(2)(a) (Processing of special categories of personal data on basis of consent) (see too recital 51); Article 13 (Information to be provided where personal data are collected from the data subject) (see too recitals 60–62); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 17 (Right to erasure) (see too recital 65); Article 20 (Right to data portability) (see too recital 68); Article 22 (Automated individual decision-making, including profiling) (see too recital 71); Article 49(1)(a) (Transfer of personal data to third country or international organisation on basis of consent) (see too recitals 111–112).

The Right of Access under EU Data Protection Law

2021 ◽  
pp. 104-128
Author(s):  
Helena U. Vrabec
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
Shared Data ◽  
The Core ◽  
Data Protection Law ◽  
The Right ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Data Subject ◽  
Core Part

Chapter 5 focuses on Article 15 of the GDPR and explains the scope of the information that can be accessed under the right. The chapter then discusses the importance of the interface to submit data subject access requests. The core part of Chapter 5 is the analysis of the regulatory boundaries of the right of access and various avenues to limit the right, for instance, a conflict with the rights of another individual. Finally, the chapter illustrates how the right of access is applied in the data-driven economy by applying it to three different contexts: shared data, anonymised/pseudonymised data, and automated decision-making.

Article 4(13). Genetic data

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Individual Decision ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Article 9 ◽  
Definition Of

Article 4(1) (Definition of ‘personal data’) (see too recital 26); Article 4(15) (Definition of ‘data concerning health’) (see also recital 35); Article 4(16) (Definition of ‘biometric data’) (see too recital 51); Article 9(1) (Processing of special categories of personal data) (see also recital 53); Article 22(4) (Automated individual decision-making, including profiling) (see also recital 71); Article 35(3)(b) (Data protection impact assessment) (see too recital 91).

Article 10 Processing of personal data relating to criminal convictions and offences

2020 ◽  
Author(s):  
Ludmila Georgieva
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Criminal Convictions ◽  
Article 9 ◽  
Article 5

Article 5 (Principles relating to processing of personal data); Article 6 (Lawfulness of processing) (see too recital 50); Article 9 (Processing of special categories of personal data); Article 27 (Representatives of controllers or processors not established in the Union) (see too recital 80); Article 30 (Records of processing activities) (see too recital 97); Article 35 (Data protection impact assessment) (see also recitals 75 and 91); Article 37 (Designation of the data protection officer) (see too recital 97).

Article 24 Responsibility of the controller

2020 ◽  
Author(s):  
Christopher Docksey
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Article 5 ◽  
General Conditions

Article 5 (Principles relating to processing of personal data) (see too recital 39); Article 25 (Data protection by design and by default) (see too recital 78); Article 30 (Records of processing activities) (see too recital 82); Article 32 (Security of processing) (see too recital 83); Article 35 (Data protection impact assessment) (see too recitals 84 and 89–93); Articles 37–39 (Data protection officer) (see too recital 97); Articles 40–41 (Codes of conduct) (see too recitals 98–99); Articles 42–43 (Certification) (see too recital 100); Article 47 (Binding corporate rules) (see also recitals 108 and 110); Article 83 (General conditions for imposing administrative fines) (see too recitals 148 and 150–151).

scholarly journals “Just” Algorithms: Justification (Beyond Explanation) of Automated Decisions Under the General Data Protection Regulation

2021 ◽  
Vol 1 (1) ◽  
pp. 16-28
Author(s):  
Gianclaudio Malgieri
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Assessment Model ◽  
Model Framework ◽  
General Data Protection Regulation ◽  
Sustainable Environment ◽  
General Data ◽  
Data Controller ◽  
Article 5

Abstract This paper argues that if we want a sustainable environment of desirable AI systems, we should aim not only at transparent, explainable, fair, lawful, and accountable algorithms, but we also should seek for “just” algorithms, that is, automated decision-making systems that include all the above-mentioned qualities (transparency, explainability, fairness, lawfulness, and accountability). This is possible through a practical “justification” statement and process (eventually derived from algorithmic impact assessment) through which the data controller proves, in practical ways, why the AI system is not unfair, not discriminatory, not obscure, not unlawful, etc. In other words, this justification (eventually derived from data protection impact assessment on the AI system) proves the legality of the system with respect to all data protection principles (fairness, lawfulness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability). All these principles are necessary components of a broader concept of just algorithmic decision-making and is already required by the GDPR, in particular considering: the data protection principles (Article 5), the need to enable (meaningful) contestations of automated decisions (Article 22) and the need to assess the AI system necessity, proportionality and legality under the Data Protection Impact Assessment model framework. (Article 35).

Article 4(15). Data concerning health

2020 ◽  
Author(s):  
Lee A. Bygrave ◽  
Luca Tosoni
Keyword(s):  
Decision Making ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Individual Decision ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Article 9 ◽  
Definition Of

Article 4(1) (Definition of ‘personal data’) (see too recital 26); Article 4(13) (Definition of ‘genetic data’) (see also recital 34); Article 4(16) (Definition of ‘biometric data’) (see too recital 51); Article 9(1) (Processing of special categories of personal data) (see also recital 53); Article 22(4) (Automated individual decision-making, including profiling) (see also recital 71); Article 35(3)(b) (Data protection impact assessment) (see too recital 91).

Sign in / Sign up

Export Citation Format

Share Document