GDPR and the right for an explanation

With less than 2 months to go, GDPR is one of the major topics discussed on conferences, newsletters and social media, fueled even more by the news around Facebook and Cambridge Analytica. Looking beyond all these “top 10 GDPR actions to do now” posts, it’s interesting to see what potential impact GDPR has on RPA and AI-enabled processes…

Artificial Intelligence and Robotic Process Automation are mostly presented as technology solutions for GDPR issues, automatically pseudonymizing customer data or fulfilling requests related to the “right to be forgotten”. However, if your organization has already implemented automation, you might want to review GDPR article 22 on the rights related to automated decision making, including profiling. This could potentially impact your business model if you are using RPA and AI in any automated decision making without employee intervention, affecting an individual person. Examples are automatically rejecting a loan, calculating a risk score, and even clustering for marketing purposes. You might also need to explain how such an automated decision was reached, which can be a challenge if you are using a black-box decision making approach that doesn’t allow inspection.

Nobody knows for sure how this article and the “right for an explanation” will be interpreted: as any other GDPR article, it provides enough ambiguity to keep lawyers busy. With this in mind, it is probably a good idea to include GDPR as one of your criteria when choosing the right processes to automate.

Leave a Reply

Your email address will not be published. Required fields are marked *