Every day around the world, an incredible amount of data is gathered and processed by individuals, companies and governments. The purpose of gathering this data is often to make certain decisions, be it to offer an individual a personal loan on the basis that they earn above the required income threshold in order to qualify for said loan or to target a particular group of people in a particular geographical location with product discounts for new motor vehicles as it has been determined that people in that area are more inclined to spend money on luxury goods.
The decisions illustrated above are for the most part performed by employees at companies who
have obtained the necessary data, in the form of personal information, so as to make said decisions. As such there is an application of a person’s intellect in order to arrive at the aforementioned decision, this intellect being affected by, for example, personal biases, company policy or education. With the rise and use of machine learning and artificial intelligence as common place in internal data processing systems, the application of human intellect to make decisions will decline and be replaced with systems that make decisions, based on certain designed parameters, without the need for human intervention and are thus done autonomously thereby automating the decision making
From a privacy and data protection point of view, having decisions that in some cases determine the economic, personal, legal or financial future of an individual could be considered problematic.
What does automated decision making mean in law?
The current South African legislative framework does make provision for automated decision making under Section 71(1) of the Protection of Personal Information Act, Act 4 of 2013 (POPIA) which states that: