Blog Post

Automated Decisions Based on Profiling Under GDPR – Information, Explanation, or Justification? That is the Question!

Oxford Business Law Blog

27 Apr 2018

The GDPR explicitly requires controllers to inform individuals of decisions made about them by automated or artificially intelligent algorithmic systems. The controller must inform the individual up front about the existence of the decision making activity, as well as provide information about its underlying logic, significance, and envisaged consequences. There is increased debate, however, about whether the GDPR also provides individuals with a right to explanation about an output of the automated decision making.

In their post for Oxford Business Law Blog, Morrison & Foerster Senior of Counsel Lokke Moerel and Associate Marijn Storm argue that the GDPR indeed provides individuals with a right to explanation but also note that both sides to this debate may be losing the forest through the trees.  Under the GDPR, controllers will ultimately be accountable for the outcome of their automated decision making processes, so in addition to informing individuals, they should also be able to justify that the correlations applied in the algorithm are meaningful and unbiased.

Read more, including steps controllers can take to ensure Algorithmic Accountability (guidelines for white-box development) in the Oxford Business Law Blog.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.