What Volker said. To add another layer - I'm not sure that "confusing" is where I land on this however - if anything it's rather convincing as to the seriousness of ensuring balance. An EU or member state law may impart a specific permission or authorization for such processing - or alternatively make it a legal obligation for controllers in that jurisdiction to process data in such instances, but the key point is that even where you make it the 'law' to automate - if that automation is not in line with the principles of proportionality, i.e. balance of the goal vs the impact to the rights of those impacted and transparency (with many shades of Art 25), then even that "legal basis" will fall. All comes down to the fact that data privacy is part of a basic human right, emanating specifically from Art 8 of the ECHR, and can't be legislated away; it's good (not to mention of some relief) to see the Courts are absolutely willing to censure governments who overstep their powers vis a vis data privacy.

I think we continue to be prudent in our own considerations to remember that our policy will be built on considerably less stable foundations than actual 'legislative' prerogative.

Alan

Alan Woods

Senior Compliance & Policy Manager, Donuts Inc.

Suite 1-31,

Block D, Iveagh Court

Harcourt Road

Dublin 2, County Dublin
Ireland

Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.

On Wed, Feb 19, 2020 at 9:26 AM Volker Greimann <vgreimann@key-systems.net> wrote:

Yeah, but this is governments who have a significantly larger ability to take actions that may impact private citizens rights. We are private sector acting without any legal basis other than what GDPR permits. We should not compare what appleas can do to what oranges can.

Volker

Am 18.02.2020 um 19:36 schrieb Mark Svancarek (CELA) via Gnso-epdp-team:
I think it’s an interesting case.

From the article:

On Wednesday, the Hague district court agreed with that [by collating swaths of data on entire neighborhoods, SyRI contravened the right to a private life guaranteed under European Human Rights Law], saying that it was legitimate for the government to use technology to address fraud, but that SyRI was too invasive.

There is legal or similarly significant impact, so it’s clearly covered by Article 22, but the court still seems to have comfort with some level of automation. It’s confusing.

From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Mueller, Milton L
Sent: Saturday, February 15, 2020 3:01 PM
To: EPDP <gnso-epdp-team@icann.org>
Subject: [EXTERNAL] [Gnso-epdp-team] On the legality of algorithmic decision making

Here is an interesting article for anyone here who still thinks that lawful balancing tests can be done by algorithms.

https://www.wired.com/story/europe-limits-government-algorithm-us-not-much/

Dr. Milton L Mueller

Georgia Institute of Technology

School of Public Policy
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
--
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.