Algorithmic accountability in public administration: the GDPR paradox

Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency Pub Date : 2020-01-27 DOI:10.1145/3351095.3373153

Sunny Kang

{"title":"Algorithmic accountability in public administration: the GDPR paradox","authors":"Sunny Kang","doi":"10.1145/3351095.3373153","DOIUrl":null,"url":null,"abstract":"The EU General Data Protection Regulation (\"GDPR\") is often represented as a larger than life behemoth that will fundamentally transform the world of big data. Abstracted from its constituent parts of corresponding rights, responsibilities, and exemptions, the operative scope of the GDPR can be unduly aggrandized, when in reality, it caters to the specific policy objectives of legislators and institutional stakeholders. With much uncertainty ahead on the precise implementation of the GDPR, academic and policy discussions are debating the adequacy of protections for automated decision-making in GDPR Articles 13 (right to be informed of automated treatment), 15 (right of access by the data subject), and 22 (safeguards to profiling). Unfortunately, the literature to date disproportionately focuses on the impact of AI in the private sector, and deflects any extensive review of automated enforcement tools in public administration. Even though the GDPR enacts significant safeguards against automated decisions, it does so with deliberate design: to balance the interests of data protection with the growing demand for algorithms in the administrative state. In order to facilitate inter-agency data flows and sensitive data processing that fuel the predictive power of algorithmic enforcement tools, the GDPR decisively surrenders to the procedural autonomy of Member States to authorize these practices. Yet, due to a dearth of research on the GDPR's stance on government deployed algorithms, it is not widely known that public authorities can benefit from broadly worded exemptions to restrictions on automated decision-making, and even circumvent remedies for data subjects through national legislation. The potential for public authorities to invoke derogations from the GDPR must be contained by the fundamental guarantees of due process, judicial review, and equal treatment. This paper examines the interplay of these principles within the prospect of algorithmic decision-making by public authorities.","PeriodicalId":377829,"journal":{"name":"Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3351095.3373153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

The EU General Data Protection Regulation ("GDPR") is often represented as a larger than life behemoth that will fundamentally transform the world of big data. Abstracted from its constituent parts of corresponding rights, responsibilities, and exemptions, the operative scope of the GDPR can be unduly aggrandized, when in reality, it caters to the specific policy objectives of legislators and institutional stakeholders. With much uncertainty ahead on the precise implementation of the GDPR, academic and policy discussions are debating the adequacy of protections for automated decision-making in GDPR Articles 13 (right to be informed of automated treatment), 15 (right of access by the data subject), and 22 (safeguards to profiling). Unfortunately, the literature to date disproportionately focuses on the impact of AI in the private sector, and deflects any extensive review of automated enforcement tools in public administration. Even though the GDPR enacts significant safeguards against automated decisions, it does so with deliberate design: to balance the interests of data protection with the growing demand for algorithms in the administrative state. In order to facilitate inter-agency data flows and sensitive data processing that fuel the predictive power of algorithmic enforcement tools, the GDPR decisively surrenders to the procedural autonomy of Member States to authorize these practices. Yet, due to a dearth of research on the GDPR's stance on government deployed algorithms, it is not widely known that public authorities can benefit from broadly worded exemptions to restrictions on automated decision-making, and even circumvent remedies for data subjects through national legislation. The potential for public authorities to invoke derogations from the GDPR must be contained by the fundamental guarantees of due process, judicial review, and equal treatment. This paper examines the interplay of these principles within the prospect of algorithmic decision-making by public authorities.

查看原文本刊更多论文

公共行政中的算法问责:GDPR悖论

欧盟通用数据保护条例(“GDPR”)通常被认为是一个巨大的庞然大物，将从根本上改变大数据的世界。从其相应的权利、责任和豁免的构成部分抽象出来，GDPR的适用范围可能会被过度放大，而在现实中，它更符合立法者和机构利益相关者的具体政策目标。由于GDPR的精确实施存在许多不确定性，学术和政策讨论正在讨论GDPR第13条(自动处理的知情权)、第15条(数据主体的访问权)和第22条(对分析的保障)中对自动决策的保护是否足够。不幸的是，迄今为止的文献不成比例地关注人工智能对私营部门的影响，而忽略了对公共行政中自动执法工具的广泛审查。尽管GDPR制定了针对自动化决策的重要保障措施，但它是经过深思熟虑设计的:在数据保护的利益与行政国家对算法日益增长的需求之间取得平衡。为了促进机构间数据流动和敏感数据处理，从而增强算法执行工具的预测能力，GDPR果断地将授权这些做法的程序自主权交给会员国。然而，由于缺乏关于GDPR对政府部署算法的立场的研究，人们并不普遍知道，公共当局可以从对自动决策限制的广泛措辞豁免中受益，甚至可以通过国家立法规避对数据主体的补救措施。公共当局援引GDPR减损的可能性必须受到正当程序、司法审查和平等待遇等基本保障的限制。本文探讨了这些原则在公共当局的算法决策前景中的相互作用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency

自引率

0.00%

发文量