Open menu
07July2021

Algorithmic Transparency Within the Scope of GDPR

Algorithmic Transparency Within the Scope of GDPR

Although GDPR is a text that pursues and adopts the main principles stipulated by Directive 95/46, it has been introduced some regulations to be more compatible with today's requirements intended for the new needs arising from the latest technologies.1 However, the concepts of "consent" and "explicit consent" which are the elements that provide legal legitimacy for the processing of personal data in Directive 95/46, and the terminology that created within the framework of these concepts, continued to be used in the EU General Data Protection Regulation. It is required that consent must "unambiguously" given in Directive 95/46. In case of the processing of personal data, it is stipulated that the condition of explicit consent is required. The conditions for the validity of the consent are also regulated in Article 4 of the EU General Data Protection Regulation. The elements specified in this Article provide the validity of both types of consent.

"Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relation to him or her."

Besides the processing of sensitive personal data, the condition of "explicit consent" is also required for the data to be transferred abroad and subject to automatic decision-making processes in the EU General Data Protection Regulation. Explicit consent is related to the way the consent is expressed by the data subject. Explicit consent must be obtained in a written statement or in a way that the identity authentication procedure works on the internet.

Especially, the obligation to inform and the condition of freely given for the validity of any consent be of vital importance, and it should be considered together with the new technological advancement. The obligation to inform and the procedures regarding the withdrawal of consent are mainly aimed by ensuring the control of the data subject regarding their personal data and determining the position of the data subject against the data controller in an equal way since it is a rule that personal data is not processed with explicit consent, processing is an exceptional activity. Meeting these requirements can be difficult when it comes to algorithms. Processing personal data through algorithms can create an information asymmetry. Since the information asymmetry which arises due to non-transparent algorithms between the data processor and the data subject affects the ability of individuals to control their own personal data. This may appear as a situation that cripples the validity of consent in terms of inform and free will.

The Italian Court of Cassation has made a decision on May 25, 2021, to suspend the artificial intelligence system that analyzes and scores documents voluntarily uploaded by users regarding the decision of the Italian Data Protection Authority on Mevaluate Italia s.r.l in 2016, which was originally overturned by the Court of Rome. The decision of the Rome Court, which decided that the system was legal, was overturned on the grounds that the consent given by users for the data processing algorithm of Mevaluate was lacking in terms of transparency. In the decision, it was stated that the consent could only be valid if the data subject was informed appropriately about the purposes of the data processing, and if data subject's consents to a specific subject and with free will. In addition, it was emphasized by the Italian Court of Cassation that the consent given for their activity cannot be considered valid if the operating logic of the algorithm is not known and understood by the data subject. When the EU General Data Protection Regulation is evaluated together with the distinction and regulations regarding the concepts of "consent" and "explicit consent" as a legal justification that provides legitimacy for the processing of personal data, it is understood that algorithmic transparency is a part of the obligation to inform.

You can find the details of the Italian Court of Cassation's decision here.

Should you have any queries or need further details, please contact your customer representative.


1Elif Küzeci, Kişisel Verilerin Korunması, 3. Print, Turhan Bookstore, Ankara, 2019, p. 193.

Written by Onur Saygın, Posted in Personal Data Protection Law

  • Notification!

    Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

    Please consult your client representative if you are a customer of CottGroup® or consult a relevant party or an expert prior to taking any action in regards to the above content.

About The Author

This website is using cookies.
In this website, we use cookies to develop your user experience, obtain efficient work and track statistical data. You are agreeing to our use of cookies by browsing our website. Please review Çerezler (Cookies) page for detailed information of how we manage the cookies. This choice is valid for 30 days until you delete the cookies in your web browser.
x