Automated credit assessment: The data subject is entitled to an explanation as to how the decision was taken in respect of him or her

In its Judgment (27.2.2025) in Case C-203/22 (Dun & Bradstreet Austria) as regards the automated credit assessment, the Court of Justice ruled that the data subject is entitled to an explanation as to how the decision was taken in respect of him or her. The explanation provided must enable the data subject to understand and challenge the automated decision.

In Austria, a mobile telephone operator refused to allow a customer to conclude a contract on the ground that her credit standing was insufficient. The operator relied in that regard on an assessment of the customer’s credit standing carried out by automated means by Dun & Bradstreet Austria, an undertaking specialising in the provision of such assessments. The contract would have involved a monthly payment of €10.

In the ensuing dispute, an Austrian court found, by final decision, that Dun & Bradstreet had infringed the General Data Protection Regulation (GDPR). [1]. Dun & Bradstreet had failed to provide the customer with ‘meaningful information about the logic involved’ in the automated decision-making in question. At the very least, the undertaking had failed to give a sufficient statement of reasons as to why it was unable to provide that information.

The court before which the customer brought the matter for the purposes of the enforcement of that judicial decision wonders what Dun & Bradstreet must do in practice in that regard. That court therefore referred the matter to the Court of Justice, seeking guidance on the interpretation of the GDPR and the directive on the protection of trade secrets. [2].

READ AS WELL: Obligation of a creditor to check a consumer’s creditworthiness - Credit agreement void and creditor’s entitlement to payment of the agreed interest forfeited / Article by George Kazoleas, Lawyer

According to the Court, the controller must describe the procedure and principles actually applied in such a way that the data subject can understand which of his or her personal data have been used, and how they have been used, in the automated decision-making.

In order to meet the requirements of transparency and intelligibility, it could in particular be appropriate to inform the data subject of the extent to which a variation in the personal data taken into account would have led to a different result. By contrast, the mere communication of an algorithm does not constitute a sufficiently concise and intelligible explanation.

Where the controller takes the view that the information to be provided contains protected data of third parties or trade secrets, the controller must provide that allegedly protected information to the competent supervisory authority or court. It is for that authority or court to balance the rights and interests at issue with a view to determining the extent of the data subject’s right of access to that information.

The Court states in that regard that the GDPR precludes the application of a national provision which excludes, as a rule, the right of access in question where it would compromise a trade secret of the controller or of a third party. (curia.europa.eu/photo freepik.com)

Read the Decision here

_________________

1 Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

2 Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure.

Comments

Post a Comment

Popular posts from this blog

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

Image
The European Ombudsman inquiry into the Commission’s handling of a request for text messages between its President and the CEO of a pharmaceutical company is a wake-up call for all EU institutions about ensuring accountability in an era of instant messaging. One year after the initial request by a journalist, the Commission has still not clarified whether messages reported to concern major vaccine procurement deals exist and whether the public is entitled to see them. The Ombudsman had asked the Commission, in a finding of maladministration in January, to conduct a more thorough search for the text messages. The Commission’s recent response failed to say whether it had looked directly and correctly for the text messages and if not, why not. While the response recognised that work-related text messages can be EU documents, it reiterated that the Commission’s internal policy is, in effect, not to register text messages. The Ombudsman has closed  the inquiry  and upheld...
Read more

The “Green Maze”: Environmental Obligations for Cement Companies in Greece and Cyprus

Image
Written by Efi Thoma * The cement industry plays a crucial role in the infrastructure development of both Greece and Cyprus. However, this essential sector also carries a significant environmental footprint. From quarrying raw materials to the energy-intensive production process, cement companies face increasing scrutiny and stringent legal obligations aimed at mitigating their impact on the environment. This article delves into the key environmental issues and the pertinent legal frameworks in Greece and Cyprus that cement manufacturers must navigate. Both Greece and Cyprus, as members of the European Union, are bound by a substantial body of EU environmental law. This includes cornerstone directives such as the Environmental Impact Assessment (EIA) Directive, the Industrial Emissions Directive (IED), the Waste Framework Directive, and legislation addressing climate change and biodiversity. These EU regulations are transposed into national law in both countries, forming the bedrock ...
Read more

Air passenger rights: A boarding pass may be sufficient to prove a confirmed reservation on a flight

Image
According to the Judgment of the European Court of Justice in Case C-20/24, a boarding pass may be sufficient to prove a confirmed reservation on a flight. Payment by a third party of the price of the package tour, including a flight, does not exclude the right to compensation in the event of long delay of a flight.  An air carrier offering charter flights concluded a contract with a tour operator. Under that contract, the carrier operated, on specific dates, flights for which that tour operator, after paying for the flights, sold tickets to air passengers. Two air passengers participated in a package tour, including a flight from Tenerife to Warsaw, the arrival of which was delayed by more than 22 hours. The contract relating to the package tour was concluded between a third company, on behalf of those passengers, and that tour operator. The passengers concerned claimed compensation from the air carrier under EU law. [1]  The latter refused to pay that compensation. It argued...
Read more

The first international convention on protecting lawyers adopted by the Council of Europe

Image
The Council of Europe has adopted the first-ever international treaty aiming to protect the profession of lawyer. This is to respond to increasing reports of attacks on the practice of the profession, whether in the form of harassment, threats or attacks, or interference with the exercise of professional duties (for example, obstacles to access to clients). Lawyers play a key role in upholding the rule of law and securing access to justice for all, including to vindicate possible human rights violations. Therefore, public confidence in justice systems also depends on the role played by lawyers. The  Council of Europe Convention for the Protection of the Profession of Lawyer  covers lawyers and their professional associations, whose role is vital in defending lawyers’ rights and interests as a profession. The Convention addresses entitlement to practise, professional rights, freedom of expression, professional discipline and specific protective measures for lawyer...
Read more

Status of long-term resident in Cyprus: Appeal against the rejection decision

Image
By Giorgos Kazoleas, Lawyer in Cyprus Third-country nationals residing in areas controlled by the Government of the Republic legally and continuously for the last five years prior to the submission of the application and holding a valid residence permit in the Republic can apply along with the required original documents in order to obtain the status of long-term resident in Cyprus. It often happens that the Administration (in this case the Immigration Department) does not properly assess the facts and circumstances of the applicant and does not properly check the requirement for obtaining the status, resulting in a rejection decision. This decision is notified to the applicant and must contain clear justification for the reasons for the rejection of the application. It must also state that the applicant has the right to appeal against the rejection decision within 75 days from the notification of the decision. According to the Aliens and Immigration Law, [1]   in order to...
Read more