[F1Article 22CU.K.Safeguards for automated decision-making
1.Where a significant decision taken by or on behalf of a controller in relation to a data subject is—
(a)based entirely or partly on personal data, and
(b)based solely on automated processing,
the controller must ensure that safeguards for the data subject’s rights, freedoms and legitimate interests are in place which comply with paragraph 2 and any regulations under Article 22D(3).
2.The safeguards must consist of or include measures which—
(a)provide the data subject with information about decisions described in paragraph 1 taken in relation to the data subject;
(b)enable the data subject to make representations about such decisions;
(c)enable the data subject to obtain human intervention on the part of the controller in relation to such decisions;
(d)enable the data subject to contest such decisions.]
Textual Amendments
F1Ch. 3 Section 4A substituted for Art. 22 (19.6.2025 for specified purposes) by Data (Use and Access) Act 2025 (c. 18), ss. 80(1), 142(1)(2)(h)