Indhold

05.12.17 15:59

KL's Høringssvar vedr. Artikel 29-gruppens Guidelines om automatiske individuelle afgørelser

KL har afgivet høringssvar til Artikel 29-gruppens Guidelines om "Automated individual decision-making and Profiling for the purposes of Regulation 2016/679".

Artikel 29-gruppen har den 3. oktober 2017 vedtaget en ny vejledning (guideline) om databeskyttelsesforordningens artikel 22 om automatiske individuelle afgørelser, herunder profilering.

Læs mere om vejledningen på Datatilsynets hjemmeside. (link)

KL har den 28. november 2017 afgivet følgende høringssvar til Artikel 29-gruppen:

Comments on Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679

Local Government Denmark (LGDK) welcomes the opportunity to comment on "Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679" from The Article 29 Data Protection Working Party.

The Municipalities of Denmark use digitization to develop a better citizen service. Automated decision-making plays an important role in this development. It is therefore in the interest of the Danish municipalities that the interpretation of Article 22 leaves no doubt.

LGDK are surprised by the interpretation of Article 22 as described in the Guidelines. According to Article 22 the data subject shall have the right not to be subject to a decision based solely on automated processing. In other words, a right to object as part of the rights of the data subject in Chapter III in Regulation 2016/679. Not a general prohibition on automated processing as explained on page 9, 12, 15 and 31 in the Guidelines.

LGDK would therefore welcome it if this could be further clarified.

The obligation to carry out Data protection impact assessments (DPIA) will require many ressources from the Danish municipalities. It is therefore in the interest of the municipalities that the obligations to carry out these assessments are not expanded. According to the Guidelines the obligation always applies in the case of automated decision-making. In our opinion, a DPIA is only required in cases of high risk processing.

LGDK would therefore welcome it if this could be further clarified as well.