LThe ban on the automation of decisions is a fundamental point of European law on the protection of personal data, particularly under French leadership. As early as 1975 we read in the Tricot report, which preceded the creation of the National Commission for Information Technology and Liberties: “What a resignation it would be to rely entirely on the machine to assess human decisions! »
Human decision support, yes, decision automation when it has a significant effect on the human person, no. Where are we fifty years later? The Court of Justice of the European Union (CJEU), referred to a preliminary question by a German court, considered on December 7, 2023 that the scoring constitutes an automated individual decision prohibited within the meaning of the General Data Protection Regulation (GDPR).
The German company Schufa Holding had used profiling methods to provide banks with the solvency score of their customers for granting credit. The aim was, on the basis of mathematical and statistical calculations, to establish this score based on the characteristics of a person, by assigning it to a group of individuals with comparable characteristics and who behaved in a similar way. given manner.
Administration in an exceptional situation
The objective is to predict the behavior of the person, such as their ability to repay a loan. The CJEU affirms that the result of the solvency calculation is a decision taken by the Schufa company, without having to be limited to the final decision to refuse or grant credit taken by the bank (CJEU December 7, 2023, Schufa Holding, C-634/21).
Therefore, the risk score of a social assistance recipient, based on which the National Family Allowance Fund (CNAF) triggers home checks as part of its anti-fraud policy, also constitutes an individual decision. automated. Indeed, the data analysis algorithm (data mining) that the CNAF has used since 2010 notes beneficiaries each month in order to prioritize its controls.
The GDPR has, of course, provided for exceptions to the “right not to be subject to an automated decision” – consent, contract and authorization by law – as well as room for maneuver left to States. France used this room for maneuver to toughen the European principle, which has become in French law the ban on automated individual decisions… except for the administration.
You have 60.86% of this article left to read. The rest is reserved for subscribers.