Deceptive Patterns
‹ All reading

Evaluating GDPR right to information implementation in automated insurance decisions

Author
Timo Jakobi, Salih Arslan, Patrick Harms
Date
1 Apr 2025
Publisher
i-com
Focus
Law & Policy
Category
Academic Scholar

This work highlights the practical challenges of safeguarding usable implementation of regulatory compliance in the realm of data protection, and contributes to usable security by alerting process designers, data protection authorities, and enterprises to the significance of user-centric implementations.

Abstract Automated decision-making algorithms are increasingly prevalent in consumer-facing industries, particularly in insurance risk assessments. The traceability of these decisions is crucial for trust, acceptance, and individual autonomy. While the General Data Protection Regulation (GDPR) grants individuals the right to information about such decisions, the implementation of this right remains under-researched from a usable privacy perspective. This study employs a qualitative exploratory approach with 12 participants exercising their right to be informed about automated decision-making with German household insurers. Through interviews and observations, we investigate consumer requirements and prevailing implementation practices. Our findings unveil actual process design practices that may undermine the usability and efficacy of this data subject right.