[PeterisP]

It's article 22 (https://gdpr-info.eu/art-22-gdpr/) "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her." - with the emphasis on solely, and it does have certain caveats which perhaps maybe might make it permissible.

Like, this restricts automatic refusal of service due to automated profiling, but doesn't restrict automatic acceptance of service due to automated profiling, and it doesn't restrict automatic recommendation to refuse service which then is rapidly 'reviewed' by a human.

[d1sxeyes]

While I agree it doesn’t exclude “human in the loop” necessarily, but there is a lack of clarity as yet whether a decision made by an AI to flag something for manual review would also qualify as a “decision” in this context.

It’s also not explicit that the “legal effects” need be negative, just significant, which I think entering into a loan agreement probably is.

On the plus side, I don’t think it will take too long for case law to develop on these points.

[LunaSea]

Wouldn't this also forbid payment fraud detection algorithms for example?