当前位置: X-MOL 学术Int. Data Priv. Law › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
The right to object to automated individual decisions: resolving the ambiguity of Article 22(1) of the General Data Protection Regulation
International Data Privacy Law ( IF 2.6 ) Pub Date : 2021-01-14 , DOI: 10.1093/idpl/ipaa024
Luca Tosoni

Key Points
  • This article provides a critical analysis of Article 22(1) of the European Union’s General Data Protection Regulation (‘GDPR’).
  • In particular, the article examines whether, as a matter of lex lata, the enigmatic ‘right not to be subject to a decision based solely on automated processing’ provided for in Article 22(1) should be interpreted as a general prohibition or a right to be exercised by the data subject.
  • These two possible interpretations offer very different protection to the interests of data subjects and controllers: if the basic rule in Article 22(1) were interpreted as a prohibition, controllers would basically not be allowed to make individual decisions solely based on automated processing, unless one of the specific exceptions specified in Article 22(2) applies; conversely, if that in Article 22(1) were interpreted as a right to be actively exercised, the use of automated individual decisions would normally be restricted under the GDPR only where the data subject has expressly objected to it.
  • Thus, resolving the ambiguity of Article 22(1) is critical to understand what is the scope left for automated decision-making under EU data protection law.
  • Based on a textual, contextual, systematic, and teleological interpretation of Article 22(1), the article concludes that such a provision is better characterized as conferring upon data subjects a right that they may exercise at their discretion, rather than establishing a general ban on individual decisions based solely on automated processing.


中文翻译:

反对自动化个人决策的权利:解决《通用数据保护条例》第 22(1) 条的歧义

关键点
  • 本文对欧盟通用数据保护条例 (“GDPR”) 第 22(1) 条进行了批判性分析。
  • 特别是,该条款审查了作为lex lata的问题,第 22(1) 条规定的神秘的“不受仅基于自动化处理的决定的权利”是否应被解释为一般禁止或权利由数据主体行使。
  • 这两种可能的解释为数据主体和控制者的利益提供了截然不同的保护:如果第 22 条第 1 款中的基本规则被解释为禁止,则控制者基本上不会被允许仅基于自动化处理做出个人决定,除非第 22(2) 条规定的特定例外之一适用;相反,如果第 22(1) 条中的规定被解释为积极行使的权利,则只有在数据主体明确表示反对的情况下,才会根据 GDPR 限制使用自动化的个人决策。
  • 因此,解决第 22(1) 条的歧义对于了解欧盟数据保护法下自动化决策的剩余范围至关重要。
  • 基于对第 22 条第 1 款的文本、上下文、系统和目的论的解释,该文章得出的结论是,这样的条款被更好地描述为授予数据主体可以自行决定行使的权利,而不是建立普遍的禁令仅基于自动化处理的个人决策。
更新日期:2021-01-14
down
wechat
bug