EveryAILaw.comDoes UK Data Protection Act 2018 — Automated Decision-Making require Human Oversight?
United Kingdom • enforcing
Yes — 1 provision
Requirements at a glance
This regulation imposes 7 specific requirements for Human Oversight across 1 provision:
- ADM definition — Decisions based solely on automated processing (including profiling) with legal or similarly significant effects
- Permitted bases — ADM allowed on any Article 6 basis except Recognised Legitimate Interests; stricter rules for special category data
- Right to information — Individuals must be clearly informed when ADM is used and the logic/criteria in meaningful terms
- Right to human intervention — Right to obtain genuine human review of automated decisions
- Right to contest — Right to make representations and challenge automated decisions
- Suitable safeguards — Controllers must implement safeguards including transparency, practical exercise of rights, and DPIA for high-risk ADM
- Special category restriction — ADM using special category data (health, biometrics, etc.) remains prohibited except under narrow conditions
Automated Decision-Making Rights (Articles 22A-22D UK GDPR) #
Requirements
| Requirement | Details |
|---|---|
| ADM definition | Decisions based solely on automated processing (including profiling) with legal or similarly significant effects |
| Permitted bases | ADM allowed on any Article 6 basis except Recognised Legitimate Interests; stricter rules for special category data |
| Right to information | Individuals must be clearly informed when ADM is used and the logic/criteria in meaningful terms |
| Right to human intervention | Right to obtain genuine human review of automated decisions |
| Right to contest | Right to make representations and challenge automated decisions |
| Suitable safeguards | Controllers must implement safeguards including transparency, practical exercise of rights, and DPIA for high-risk ADM |
| Special category restriction | ADM using special category data (health, biometrics, etc.) remains prohibited except under narrow conditions |
Penalties
| Violation | Fine |
|---|---|
| Non-compliance | Up to GBP 17.5M or 4% global turnover |