Losing transparency? : Accountable processing of personal data in automated decision-making
Parviainen, Hanna (2018-06-12)
Losing transparency? : Accountable processing of personal data in automated decision-making
Parviainen, Hanna
(12.06.2018)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Tiivistelmä
The aim of this thesis is to observe, how the transparency can be reached in automated decision-making. Automated decision-making means decision-making which has legal or similarly significant effects on the data subject, as it is defined in the European Union General Data Protection Regulation, (EU) 2016/679. Automated decision-making can be solely automated, or it can be human decision-making assisted by automated means.
Transparency of decision-making is linked to the fairness of processing and to the information which has been disclosed to the data subject at the time of the data collection and during processing. A data subject shall be provided the information in the Articles 13 and 14, and in addition the data controller is obliged to give the data subject meaningful information of the logic and envisaged consequences of the automated decision-making.
The aim of the EU General Data Protection (GDPR) regulation is to strengthen the data subject’s right to control his or her personal data. In this thesis, it is analysed the data subject’s right to be informed when personal data concerning him or her is collected directly from the data subject or obtained elsewhere, the right of access to personal data, and the disputed/conflicted right to an explanation. Additionally, it is analysed measures for the controller to demonstrate its compliance with the GDPR’s accountability obligation. The analysed measures are data protection officer, Data Protection Impact Assessment, code of conduct, certification, auditing and record of processing activities.
The conclusion of this thesis is that transparency and accountability cannot be demonstrated with only one measure or action, but it requires a combination of several means depending on the nature of the controller’s processing activities.
Transparency of decision-making is linked to the fairness of processing and to the information which has been disclosed to the data subject at the time of the data collection and during processing. A data subject shall be provided the information in the Articles 13 and 14, and in addition the data controller is obliged to give the data subject meaningful information of the logic and envisaged consequences of the automated decision-making.
The aim of the EU General Data Protection (GDPR) regulation is to strengthen the data subject’s right to control his or her personal data. In this thesis, it is analysed the data subject’s right to be informed when personal data concerning him or her is collected directly from the data subject or obtained elsewhere, the right of access to personal data, and the disputed/conflicted right to an explanation. Additionally, it is analysed measures for the controller to demonstrate its compliance with the GDPR’s accountability obligation. The analysed measures are data protection officer, Data Protection Impact Assessment, code of conduct, certification, auditing and record of processing activities.
The conclusion of this thesis is that transparency and accountability cannot be demonstrated with only one measure or action, but it requires a combination of several means depending on the nature of the controller’s processing activities.