section one

What is automated decision-making?

Lead consultant at Test Partnership, Ben Schwencke, explains what is automated decision-making.

0:55 Quickly understand automated decision-making.

In the context of the General Data Protection Regulation (GDPR), automated decision making is “the process of making a decision by automated means without any human involvement.” Although automated decision making reduces the administrative burden placed on organisations, it does entail certain risks for customers and other stakeholders. Often, automated decisions are made without the stakeholder’s knowledge or consent, usually based on data that they did not originally wish to share with that organisation.

From a data-protection perspective, stakeholders must be informed that automated decision making will occur, and then seek the users consent to continue.

Often, automated decisions are made on the basis of “profiling”, which has added implications from a GDPR perspective. Naturally, automated decisions must be made on the basis of data, usually variables which are meaningful to the organisation’s aims. As with automated decision making, profiling has significant commercial applications, but users must be made aware that their data is being collected for profiling purposes.

In the context of psychometric assessments, the very purpose of these assessments is to profile candidates.

As businesses have a legitimate business interest in selecting competent employees, organisations are within their rights to profile their candidates. Automated decision making itself is also permitted, i.e. whereby a candidate’s score on an online test form the basis of automated selection decisions. Nevertheless, organisations must be transparent with candidates about the use of profiling and automated decision making, ensuring they agree to these terms and are able to provide informed consent to participate.