In brief:
What is automated individual decision-making and profiling?
Automated individual decision-making is a decision made by automated means such as online or by a computer without any human involvement.
Examples of this include:
* an online decision to award a loan; and
* a recruitment aptitude test which uses pre-programmed algorithms and criteria.
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
What does the Act say about automated individual decision-making and profiling?
Data subjects have the right not to be subject to a decision based solely on automated processing which significantly affect them (including profiling). Such processing is permitted where:
| * it is authorised by law; or
|
|---|
| * the data subject has explicitly consented and appropriate safeguards are in place.
|
|---|
Any automated processing of personal data intended to evaluate certain personal aspects relating to an individual should not be based on special categories of personal data. Furthermore, the information to be provided by the controller under section 23 (collection of personal data) should include information as to the existence of processing for a decision of the kind referred to subsection in 38 (1) and the envisaged effects of such processing on the data subject.
In addition, the controller should implement suitable measures to safeguard the data subject's rights, freedoms and legitimate interests.
