Abstract Automated decision-making algorithms are increasingly prevalent in consumer-facing industries, particularly in insurance risk assessments. The traceability of these decisions is crucial for trust, acceptance, and individual autonomy. While the General Data Protection Regulation (GDPR) grants individuals the right to information about such decisions, the implementation of this right remains under-researched from a usable privacy perspective. This study employs a qualitative exploratory approach with 12 participants exercising their right to be informed about automated decision-making with German household insurers. Through interviews and observations, we investigate consumer requirements and prevailing implementation practices. Our findings unveil actual process design practices that may undermine the usability and efficacy of this data subject right.
‹ All reading
Evaluating GDPR right to information implementation in automated insurance decisions
This work highlights the practical challenges of safeguarding usable implementation of regulatory compliance in the realm of data protection, and contributes to usable security by alerting process designers, data protection authorities, and enterprises to the significance of user-centric implementations.