UK gov urged to protect human right to review AI decisions

BCS, The Chartered Institute for IT, is calling on the government not to remove Article 22 ‘while AI is still in its infancy'

The UK government is being urged to protect the right for human review of decisions made fully by artificial intelligence (AI), including in job recruitment or loan eligibility.

A consultation launched by the Department for Digital, Culture, Media & Sport (DCMS) last month aims to update the UK’s version of the EU’s General Data Protection Regulation (GDPR). This could include the removal of Article 22, which focuses on the right to review fully automated decisions.

The consultation document states that “the current operation and efficacy of Article 22 is subject to uncertainty”, which is why it could be subject to change or removed entirely.

However, BCS, The Chartered Institute for IT is urging the government not to remove Article 22 ‘while AI is still in its infancy’.

Dr Sam De Silva, Chair of BCS’ Law Specialist Group and a partner at law firm CMS, said that there needs to be “clarity on the rights someone has in the scenario where there is fully automated decision making which could have a significant impact on that individual”.

These could include situations where personal data is being used to determine which candidate should receive the job offer, or who is eligible for a loan.

According to De Silva, it needs to be taken into account that the right to review fully automated decisions “is currently in a piece of legislation dealing with personal data”, which creates a loophole:

Related Resource

How to manage AI risk

Recommendations from the Cyber Resilience Think Tank

Two red robots fly on a yellow backgroundFree download

“If no personal data is involved the protection does not apply, but the decision could still have a life-changing impact on us,” he said.

De Silva posed an example of an algorithm being used to determine who qualifies to receive a vaccine: “The data you need to enter into the system is likely to be DOB, ethnicity, and other things, but not name or anything which could identify you as the person. Based on the input, the decision could be that you’re not eligible for a vaccine. But any protections in the GDPR would not apply as there is no personal data. So, if we think the protection is important enough it should not go into the GDPR. It begs the question - do we need to regulate AI generally – and not through the 'back door' via GDPR?” he asked.

“It‘s welcome that [the] government is consulting carefully before making any changes to people’s right to appeal decisions about them by algorithms and automated systems – but the technology is still in its infancy,” De Silva added.

BCS, the Chartered Institute for IT stated that it supports the consultation and will be gathering views from across its membership. The DCMS consultation is open until 19 November.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021