Key Points

• Policymakers, scholars, and commentators are increasingly concerned with the risks of using algorithms for profiling and automated decision-making.
• This article addresses how a Data Protection Impact Assessment (DPIA), applied as an algorithmic impact assessment (AIA), links the two faces of the General Data Protection Regulation (GDPR) approach to algorithmic accountability: individual rights and systemic governance.
• We propose that AIAs simultaneously provide systemic governance of algorithmic decision-making and serve as an important ‘suitable safeguard’ (Article 22) of individual rights.
• As a nexus between the GDPR’s two approaches to algorithmic accountability, DPIAs have a heretofore unexplored link to individual transparency rights.
• Our examination of DPIAs suggests that the current focus on the right to explanation is far too narrow. We call, instead, for data controllers to consciously use the mandatory DPIA process to produce what we call ‘multi-layered explanations’ of algorithmic systems.
• This concept of multi-layered explanations not only more accurately describes what the GDPR is attempting to do, but also normatively fills potential gaps between the GDPR’s two approaches to algorithmic accountability.

中文翻译：

---

GDPR 下的算法影响评估：产生多层次的解释

关键点

• 政策制定者、学者和评论员越来越关注使用算法进行分析和自动决策的风险。
• 本文介绍了作为算法影响评估 (AIA) 应用的数据保护影响评估 (DPIA) 如何将通用数据保护条例 (GDPR) 方法的两个方面联系到算法问责制：个人权利和系统治理。
• 我们建议 AIA 同时提供算法决策的系统治理，并作为个人权利的重要“适当保障”（第 22 条）。
• 作为 GDPR 的两种算法问责方法之间的纽带，DPIA 与个人透明度权利之间存在着前所未有的联系。
• 我们对 DPIA 的审查表明，目前对解释权的关注太狭窄了。相反，我们呼吁数据控制者有意识地使用强制性 DPIA 流程来生成我们所谓的算法系统的“多层解释”。
• 这种多层次解释的概念不仅更准确地描述了 GDPR 试图做的事情，而且还规范地填补了 GDPR 两种算法问责制方法之间的潜在差距。