Inferensys

Glossary

Right to Explanation

A data subject's right under GDPR to obtain meaningful information about the logic involved in automated decisions, including the significance and envisaged consequences.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
AUTOMATED DECISION-MAKING

What is Right to Explanation?

The Right to Explanation is a data subject's legal entitlement under GDPR to obtain meaningful information about the logic involved in automated decisions, including the significance and envisaged consequences.

The Right to Explanation is a data subject right under Article 22 of the GDPR and related provisions in Recital 71, granting individuals the ability to obtain meaningful information about the logic involved in solely automated decisions that produce legal or similarly significant effects. This right compels data controllers to disclose the underlying reasoning, significance, and envisaged consequences of algorithmic processing, moving beyond mere code disclosure to provide contestable, human-intelligible justifications.

Fulfilling this right technically requires bridging the gap between opaque black-box models and human interpretability through techniques like SHAP, LIME, or counterfactual explanations. Privacy engineers must architect systems that can dynamically generate localized, context-specific explanations—often via automated decision logging and model cards—without exposing proprietary model weights or violating the trade secret exemptions that controllers may invoke under Recital 63.

GDPR ARTICLE 22 & RECITAL 71

Key Features of the Right to Explanation

The Right to Explanation empowers data subjects to obtain meaningful information about the logic involved in automated decisions. Below are the core technical and legal components that define this right.

01

Meaningful Information About the Logic

The controller must provide meaningful information about the logic involved, not just a complex mathematical formula. This requires translating algorithmic decision-making into human-understandable terms.

  • Focuses on the rationale and reasoning, not the source code
  • Must explain why a specific decision was reached
  • Requires bridging the gap between model internals and lay comprehension
  • Often fulfilled through counterfactual explanations (e.g., 'You were denied a loan because your debt-to-income ratio exceeded 40%. If it were below 36%, you would have been approved.')
02

Significance and Envisaged Consequences

The explanation must convey the significance and the envisaged consequences of the processing for the data subject. This goes beyond the logic to address the real-world impact.

  • Must articulate the practical effects of the automated decision
  • Includes the severity, scope, and duration of the impact
  • Example: 'This credit denial will be reported to credit bureaus, potentially lowering your score by 50-100 points and affecting future loan applications for up to 7 years.'
  • Requires a socio-technical assessment, not just a technical one
03

Specific, Not Generic Disclosure

Explanations must be specific to the individual data subject and the particular decision, not a generic description of the system's overall functionality.

  • A generic model card or system overview is insufficient
  • Must reference the actual input features that drove the specific outcome
  • Requires local interpretability techniques like SHAP or LIME applied to the single inference
  • Contrast with ex-ante explanations (before processing) which can be more general
04

Safeguards for Automated Decisions

The right is intrinsically linked to the requirement for suitable safeguards under Article 22(3). The explanation itself is a safeguard, but it must be supported by:

  • Human intervention capability to contest the decision
  • A clear mechanism for the data subject to express their point of view
  • The ability to obtain human review of the automated decision
  • These safeguards must be real and meaningful, not a rubber-stamp process
05

Algorithmic Transparency vs. Trade Secrets

The right to explanation exists in tension with the protection of intellectual property and trade secrets. Controllers cannot refuse an explanation solely on grounds of proprietary algorithms.

  • Recital 63 states the right is not 'adversely affecting the rights and freedoms of others,' including trade secrets
  • However, trade secret claims cannot be used to completely deny an explanation
  • Controllers must find a balance, providing sufficient information without revealing the full model architecture
  • Model-agnostic explanation techniques are critical for navigating this tension
06

Ex-Ante and Ex-Post Explanations

The right encompasses two temporal dimensions of explanation:

  • Ex-Ante (Before Processing): Information provided at the point of data collection about the existence of automated decision-making, the logic involved, and the consequences. Required by Articles 13-15.
  • Ex-Post (After Decision): Specific explanations of a particular decision after it has been made. Grounded in Article 22 and Recital 71.
  • A robust compliance posture requires both layers of transparency
RIGHT TO EXPLANATION

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the GDPR's Right to Explanation, automated decision-making, and the technical requirements for meaningful algorithmic transparency.

The Right to Explanation is a data subject's entitlement under Articles 13-15 and 22 of the GDPR to obtain meaningful information about the logic involved in automated individual decision-making, including profiling. This right mandates that controllers disclose the existence of automated processing, provide meaningful information about the logic involved, and explain the significance and envisaged consequences of such processing for the data subject. Unlike a simple model card, this requires a counterfactual explanation tailored to the specific decision affecting the individual. The Article 29 Working Party (now the EDPB) clarified that controllers must provide sufficiently detailed explanations to allow the data subject to understand and contest the decision, not merely receive a complex mathematical formula. This right is distinct from the Right to Access in that it focuses specifically on the decision-making logic and its impact, not just the existence of the data.

CONCEPTUAL BOUNDARIES

Right to Explanation vs. Related Concepts

Distinguishing the Right to Explanation from adjacent transparency, interpretability, and access rights under the GDPR and AI governance frameworks.

FeatureRight to ExplanationData Subject Access Request (DSAR)Algorithmic Explainability (XAI)

Legal Basis

GDPR Articles 13-15, 22; Recital 71

GDPR Article 15

No direct legal mandate; driven by AI Act Art. 13 transparency requirements

Primary Trigger

Solely automated decision with legal or similarly significant effects

Any personal data processing by a controller

Model deployment, audit, or debugging need

Information Scope

Logic, significance, and envisaged consequences of the specific automated decision

Confirmation of processing, categories of data, recipients, and a copy of the data

Model internals: feature weights, decision boundaries, counterfactuals

Target Audience

Data subject (individual affected by the decision)

Data subject (individual requesting access to their data)

Data scientists, auditors, compliance officers, and regulators

Temporal Focus

Ex-ante (before decision) and ex-post (after decision) meaningful information

Ex-post (after processing has occurred)

Ex-ante (during development) and ex-post (during monitoring)

Output Format

Plain-language, human-readable narrative explanation

Structured data inventory and raw personal data copy

Feature importance plots, SHAP values, LIME explanations, decision trees

Technical Implementation

Automated decision logging combined with natural language generation of logic

Identity verification, data discovery, and secure data export pipelines

Model introspection libraries, surrogate models, and saliency maps

Scope of Automation

Applies only to decisions made without any meaningful human intervention

Applies regardless of automation level

Applies to any model, regardless of whether it drives automated decisions

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.