"In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."
C‑634/21 is also somewhat relevant to understand how courts have applied ADM in general context of credit reporting https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... though it didn't specify what information actually needs to provided for 13(2)(f).
How's that work? Got a link handy to explain to a dummy?
Article 13(2)(f)
"In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject."
EDPB Guidelines on automated decision making: https://ec.europa.eu/newsroom/article29/items/612053 especially page 25 is relevant
C‑634/21 is also somewhat relevant to understand how courts have applied ADM in general context of credit reporting https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... though it didn't specify what information actually needs to provided for 13(2)(f).
We have a EU dev we tried to have submit a GDPR request for human review on something on Facebook.
There’s no apparent mechanism to do so. Support was clueless. The privacy email address responded weeks later with “not out department”.
As expected. However, since it's the law, there's some way to enforce it.
That's because the correct department is legal. GDPR is a legal mechanism, not a support and privacy thing.
"I'm doing it wrong and it doesn't work" means you're doing it wrong, not that it doesn't work.
Even Facebook calls them "privacy rights".
And https://www.facebook.com/help/contact/178402648024363 doesn't work either. Black hole, as far as I can determine.
Their chatbot, when asked, sends you to https://help.meta.com/support/privacy/ and says:
> To submit a GDPR objection request on Facebook, you can use the Privacy Rights Request channel.
> Select Facebook as the product you want to submit an objection about.
> Choose the option "How can I object to the use of my information" and follow the instructions.
But that option doesn't exist.