What is the right not to be subject to automated processing?

Posted byGDPRsimple Leave a comment on What is the right not to be subject to automated processing?

The right not to be subject to a decision based solely on automated processing, including profiling, gives the individual the ability not to be subject to such a decision which produces legal effects concerning him or her or similarly significantly affects him or her.  This right does not apply if the decision:

  • Is necessary for entering into, or performing, a contract between the individual and a data controller, and suitable measures to safeguard the individual’s rights and freedoms, especially the ability to obtain human intervention in order for an individual to be able to express his or her point of view and to contest decisions, must be implemented;
  • Is authorized and lays down suitable measures to safeguard the individual’s rights and freedoms and legitimate interests; or
  • Is based on the individual’s explicit consent, and suitable measures to safeguard the individual’s rights and freedoms, especially the ability to obtain human intervention in order for an individual to be able to express his or her point of view and to contest decisions, must be implemented.

Such decisions that are authorized must not be based on special categories of personal data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning  an individual’s sex life or sexual orientation – unless explicit consent has been given or the processing is necessary for reasons of substantial public interest.  Furthermore, suitable measures to safeguard the individual’s rights and freedoms and legitimate interests must be in place.

This blog is the eleventh in a series of blogs that describes and explains the eight individual rights set forth in the GDPR.  If you don’t want to wait until the next blog to learn more about the GDPR and the individual rights in the GDPR, take a look at GDPRsimple, http://www.keepgdprsimple.com, an automated web and mobile tool, that can help SMEs implement the GDPR and demonstrate their implementation.

Next blog:  How does the GDPR change individual rights?

Leave a comment

Your email address will not be published. Required fields are marked *