Prohibition of Automated Individual Decision-making and Predicting Service Needs in the Health Sector

Activity: PresentationConference presentation

Description

Article 22(1) of the General Data Protection Regulation provides that the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. While the nature of this provision has been subject to debate, it can be understood as a general prohibition that applies to certain forms of fully automated decision-making. Article 22 also provides for exceptions to the general prohibition.

Artificial intelligence can be used in the healthcare sector in various ways, for example to predict future service needs. While this might bring health benefits to individual patients and improve the efficiency of the healthcare system in general, certain AI applications and use cases may be difficult to reconcile with data protection obligations.

In this presentation, I discuss whether and under which conditions Article 22 of the GDPR applies to AI-enabled predictions concerning future needs for healthcare services. In particular, this requires evaluating what it means for a decision to be based "solely" on automated processing, and what are the legal and otherwise comparable effects of such decisions. Conversely, it is possible to inquire whether the applicability of the prohibition could be avoided. From this perspective, it is crucial to determine how meaningful human participation could be added to the decision-making procedure, and what can be done to mitigate the significance of potential (negative) effects of such decisions.

In situations where Article 22 is applicable, I further examine whether the use of such AI systems could be based on the exceptions defined in Article 22(2) and what kind of safeguards required by Article 22(3) might be employed. Given that such AI systems are likely to rely on health data, the GDPR rules concerning special categories of data also warrant consideration.
Period15 Feb 2024
Event titleInternationales Rechtsinformatik Symposion IRIS 2024: Sprachmodelle – Juristische Papageien oder mehr?
Event typeConference
LocationSalzburg, AustriaShow on map
Degree of RecognitionInternational