Skip to content
Intric Intric Help Center

Things you can't do right away

Introduction

Section titled β€œIntroduction”

🎯 Learning goals

  • Understand why fully automated decisions about people are restricted
  • Know what profiling is and why it requires extra steps
  • Understand the higher bar that applies to special category data

Some uses of AI with personal data are restricted regardless of which assistant you use. These restrictions exist because the risks to individuals are considered too high without additional safeguards. You’ll notice some overlap with the EU AI Act’s high-risk categories β€” see the AI Act course for that angle.

Fully automated decisions

Section titled β€œFully automated decisions”

You cannot use an AI assistant to make a final decision that significantly affects a person β€” for example, whether they receive a benefit, a permit, or access to a service β€” without a human reviewing and being accountable for that decision.

This isn’t just good practice; it’s a legal requirement. Individuals have the right not to be subject to a decision based solely on automated processing if that decision has significant consequences for them.

The key word is solely. AI-assisted decision support is completely fine β€” the assistant can summarize a case, flag relevant factors, or give a recommendation. What it can’t do is be the only decision-maker. A human must genuinely review the output and be in a position to override it, not just sign off on whatever the assistant produced.

Example: A colleague suggests having the assistant automatically approve or reject permit applications with no human check β€” that’s not allowed. A person must be responsible and in a position to disagree.

Profiling

Section titled β€œProfiling”

A related restriction is profiling β€” using AI to systematically evaluate personal aspects of someone, like their performance, behavior, or reliability. Even an internal AI-generated profile requires a clear legal basis.

Example: Using an assistant to generate a β€œperformance score” for employees falls here. A person must be responsible and able to override the assessment.

Special category data β€” higher bar

Section titled β€œSpecial category data β€” higher bar”

As discussed in section 1, health data, religious beliefs, political opinions, ethnic origin, and similar categories require stricter handling. You should generally avoid feeding this data into an assistant unless:

  • The specific assistant has been approved for it
  • Your organization has confirmed there is a valid legal basis
  • A DPIA has been completed if required

When in doubt, anonymize β€” if you can accomplish your task without including the sensitive details, do so.

Test your knowledge

3 questions Β· 100% correct to pass Β· Review your answers when done