interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- data 8
- subject 8
- shall 4
- controller 4
- based 3
- which 3
- referred 3
- suitable 3
- rights 3
- measures 3
- safeguard 3
- interests 3
- freedoms 3
- legitimate 3
- right 2
- article 2
- automated 2
- point 2
- profiling 2
- including 2
- decision 2
- implement 1
- least 1
- paragraph 1
- in 1
- obtain 1
- consent 1
- cases 1
- points 1
- view 1
- unless 1
- article 1
- personal_data 1
- applies 1
- place 1
- restrictions 1
- section 1
- categories 1
- special 1
- express 1
- part 1
- intervention 1
- explicit 1
- contest 1
- paragraph 1
- decisions 1
- human 1
- also 1
- effects 1
- legal 1
Article 22
Automated individual decision-making, including profiling
1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
2. paragraph 1 shall not apply if the decision:
(a) | is necessary for entering into, or performance of, a contract between the data subject and a data controller; |
(b) | is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or |
(c) | is based on the data subject's explicit consent. |
3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
4. Decisions referred to in paragraph 2 shall not be based on special categories of personal_data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
whereas
dal 2004 diritto e informatica