Evaluating GDPR right to information implementation in automated insurance decisions
Automated decision-making algorithms are increasingly prevalent in consumer-facing industries, particularly in insurance risk assessments. The traceability of these decisions is crucial for trust, acceptance, and individual autonomy. While the General Data Protection Regulation (GDPR) grants individ...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
De Gruyter
2025-04-01
|
| Series: | i-com |
| Subjects: | |
| Online Access: | https://doi.org/10.1515/icom-2024-0071 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Automated decision-making algorithms are increasingly prevalent in consumer-facing industries, particularly in insurance risk assessments. The traceability of these decisions is crucial for trust, acceptance, and individual autonomy. While the General Data Protection Regulation (GDPR) grants individuals the right to information about such decisions, the implementation of this right remains under-researched from a usable privacy perspective. This study employs a qualitative exploratory approach with 12 participants exercising their right to be informed about automated decision-making with German household insurers. Through interviews and observations, we investigate consumer requirements and prevailing implementation practices. Our findings unveil actual process design practices that may undermine the usability and efficacy of this data subject right. By identifying these concerns and correlating them to existing deceptive patterns, our research contributes to usable security by alerting process designers, data protection authorities, and enterprises to the significance of user-centric implementations. Furthermore, this study advances research on GDPR data subject rights, emphasizing the need for secure and usable interfaces in the context of automated decision-making systems. Our work highlights the practical challenges of safeguarding usable implementation of regulatory compliance in the realm of data protection. |
|---|---|
| ISSN: | 2196-6826 |