Loading…
Loading…
Processing that uses personal data to evaluate, analyze, or predict aspects of an individual's circumstances, behavior, or attributes, with no meaningful human involvement in reaching or implementing the decision. GDPR Article 22 grants data subjects the right to opt out of purely automated decisions that produce legal or similarly significant effects — such as credit decisions, employment screening, or benefits eligibility. The EU AI Act reinforces these protections by classifying automated decision-making in high-stakes domains as high-risk AI, requiring human oversight mechanisms.
Why this matters for your team
If your AI makes or significantly influences decisions about people — scoring, ranking, hiring, or access to services — you likely have GDPR Article 22 obligations. Document whether a human meaningfully reviews each decision before it takes effect, and provide a process for affected individuals to request reconsideration.
A lending platform uses an AI model to approve or reject loan applications automatically. Because this constitutes automated decision-making with significant legal effects, GDPR Article 22 requires that applicants be able to request human review of any rejection.