40 Pages Posted: 10 Sep 2018 Last revised: 20 May 2019

Date Written: August 17, 2018

Abstract

The aim of this paper is to analyse the very recently approved national Member States’ laws that have implemented the GDPR in the field of automated decision-making (prohibition, exceptions, safeguards): all national legislations have been analysed and in particular 9 Member States Laws address automated decision making providing specific exemptions and relevant safeguards, as requested by Article 22(2)(b) of the GDPR (Belgium, the Netherlands, France, Germany, Hungary, Slovenia, Austria, the United Kingdom, Ireland).



The approaches are very diverse: the scope of the provisions can be narrow (just automated decisions producing legal or similarly significant effects) or wide (any decision with a detrimental impact) and even the specific safeguards proposed are very diverse.



Taking into account this overview, article will also address the following questions: are Member States free to broaden the scope of automated decision-making regulation? Are ‘positive decisions’ allowed under Article 22, GDPR, as some Member States seem to affirm? Which safeguards can better guarantee rights and freedoms of the data subject?



In particular, while most Member States mention just the three safeguards mentioned at Article 22(3) (i.e.subject’s right to express one’s point of view; right to obtain human intervention; right to contest the decision), three approaches seem very innovative: a) some States guarantee a right to legibility/explanation about the algorithmic decisions (France and Hungary); b) other States (Ireland and United Kingdom) regulate human intervention on algorithmic decision through an effective accountability mechanism (e.g. notification, explanation of why such contestation has not been accepted, etc.); c) another State (Slovenia) require an innovative form of human rights impact assessments on automated decision-making.