Schufa 是否意味着自动决策的终结？.pdf

1、Does SCHUFA spell the end for Automated Decision Making?WELCOME AND INTRODUCTIONS Vivienne Artz,Data Strategy and Privacy Policy Advisor,CIPL(Moderator)Joanne Gillespie,EMEA Privacy Counsel,Visa Yukiko Lorenzo,Assistant General Counsel,MastercardA prospective borrower(referred to as OQ)was denied a

2、loan by a bank,which received a credit score relating to OQ from SCHUFA.OQ made a request to SCHUFA under Article 15(1)(h)of the EU GDPR for details about the automated decision-making(“ADM”),including profiling,defined in Article 22 of the GDPR,involved in SCHUFAs credit scoring processes.SCHUFA re

3、fused OQs request,citing trade secrets and explaining that SCHUFA had only performed preparatory acts for the lenders decision.SCHUFA claimed that the lender,not SCHUFA,made the decision to reject OQs loan application,and thus SCHUFA was not obligated to comply with OQs request under Article 15.Fact

4、ual BackgroundSCHUFAs credit score played a determining role in the granting of credit and therefore the“establishment of that value”in itself constituted a“decision”within the meaning of Article 22(1)GDPR para 50.Para 45 The broad scope of the concept of decision is confirmed by recital 71 of the G

5、DPR,according to which a decision evaluating personal aspects relating to a person,to which that person should have the right not to be subject,may include a measure which either produces legal effects concerning him or her,or,similarly significantly affects him or her.Under that recital,the term de

6、cision covers,for example,the automatic refusal of an online credit application or e-recruiting practices without human intervention.Article 22(1)GDPR must be interpreted as meaning that“the automated establishment”of a credit score by a credit information agency constitutes ADM