Why a Right to Legibility of Automated Decision-Making Exists in the General Data Protection Regulation

• Published in: International data privacy law Vol. 7; no. 4; pp. 243 - 265
• Main Authors: Malgieri, Gianclaudio, Comandé, Giovanni
• Format: Journal Article
• Language: English
• Published: Oxford Oxford University Press 01.11.2017; Oxford Publishing Limited (England)
• Subjects: Administrative procedure; Algorithms; Automation; Data security; Decision making; Freedom of information; General Data Protection Regulation; Laws, regulations and rules; Questionnaires; State laws
• ISSN: 2044-3994; 2044-4001
• DOI: 10.1093/idpl/ipx019

In the data-driven economy, the importance of algorithms has grown exponentially while artificial Intelligence applied to customer data management remains problematic for several reasons. Automated decision-making based on complex algorithms can not only determine the acceptance of a mortgage, the price of an insurance policy,1 but can also lead to ‘subtler’ issues. For instance, they can be used to exploit consumers’ specific vulnerabilities in order to distort their purchasing attitudes.2 Oftentimes, these algorithms are not only unknown but also unintelligible by individuals. In some cases, eg where machine-learning technologies are deployed, decision-making algorithms may be unintelligible also to their data controller.3 This situation has led to define the current Information Society as a ‘black box’ society.4 In other terms, as we have explained elsewhere,5 the problem of these algorithms is the lack of ‘readability’ and ‘legibility’ from individuals directly concerned by them.