Many countries classify data privacy and protection as fundamental rights as our personal data enables us who we are as a person. But with the increased accessibility of a substantial amount of human behaviour data and the advent of technologies such as AI boosted the usage of algorithmic decision-making. Machine Learning (ML) heightened the usage of algorithmic decision-making. As Yeung (2018) defined "Algorithmic decision-making is the use of knowledge generated by algorithms to make or inform decisions." This Algorithmic decision-making can be code-based decision-making or data-driven decision-making. Code-based Algorithmic decision-making is built on "if this then that" statements, in other words, the input and output decisions coded by developers. On the other side data-driven, decision-making deploys an advanced mechanism called ML to access available data and automatically learn and improve from experiences while making decisions based on the acumens without human intervention. It is believed that "Algorithmic decision-making processes might lead to more objective and thus potentially fairer decisions than those made by humans who may be influenced by greed, prejudice, fatigue, or hunger." (Lepri, Oliver, Letouzé, Pentland, and Vinck, 2018). 

However, with the surge of data-driven algorithmic decision-makings in our day-to-day life such as giving loans to driving an autonomous car, augmented risks and security issues. These algorithms have a potential risk to perpetuate bias, create filter bubbles, cut choices, kill creativity and serendipity, and could result in greater chaos that frightened many. Besides, algorithms can shape individuals' decisions without them even knowing it, and this threatens society by bestowing an unreasonable state of power to its controllers. Nevertheless, in an attempt to overcome such risk factors, greater accountability and transparency was demanded. A rights-based approach anchored in the fundamental right to the protection of personal data was introduced that empowers the data subject by providing greater control to their data and safeguard the basic essence of humanity.

One of the most influential rights-based approaches is the GDPR. There are several rights given to individuals under GDPR:

• It allows you to have information about the processing of your data.
• You get access to the personal data that has been held about you.
• If there is any incomplete or incorrect data about you, you can ask to correct it.
• You can ask to remove your data if it is no longer required or if processing it is unlawful
• You can object if your data is being processed for marketing purposes and can ask to stop the data processing in certain situations.
• If you want to send your data to another controller, you can get your data in a machine-readable format.
• You have the right to express your perspective, and you can request that you are concerned by the fact that decisions are being taken based on automated processing.

To exercise your rights you should contact the company or organisation processing your personal data, also known as the controller. If the company/organisation has a Data Protection Officer ('DPO') you may address your request to the DPO. The company/organisation must respond to your requests without undue delay and at the latest within 1 month. If the company/organisation doesn't intend to comply with your request they must state the reason why.  These rights apply across the EU, regardless of where the data is processed and where the company is established. These rights also apply when you buy goods and services from non-EU companies operating in the EU. 

This article was originally published in March 2021.