Artificial Intelligence and How It is Regulated in Terms of Employee Screening

The AI Act is a European regulation on artificial intelligence (AI)—the first comprehensive regulation of AI by a significant regulator anywhere.  

The Act assigns AI applications to three risk categories.  

  • First, applications and systems that create an unacceptable risk, such as government-run social scoring of the type used in China, are banned.  
  • Second, high-risk applications, such as a CV-scanning tool that ranks job applicants, are subject to specific legal requirements.  
  • Lastly, applications not explicitly prohibited or listed as high-risk are mainly unregulated. 

South Africa is actively working towards establishing a comprehensive policy and regulatory framework for Artificial Intelligence, with the Department of Communications and Digital Technologies (DCDT) initiating the process. 

When we examine the specific mention of employee screening, iFacts and their verification service providers will play a fundamental role in Automated Decision-Making across all jurisdiction’s bureaus. 

These systems include algorithms, that can process data and make decisions without human intervention. While they can analyse vast amounts of data rapidly, making them valuable for efficiency and scalability in decision-making processes, their surge in use, especially in sensitive areas such as credit scoring and law enforcement, raises significant concerns about privacy, fairness, and accountability.  

The Protection of Personal Information Act (POPIA), which came into effect in July 2021, is South Africa’s equivalent to the GDPR. POPIA governs the processing of personal information by public and private bodies. Key provisions relevant to Automated Decision Making, include compliance with all the requirements of lawful processing of personal data set down in Parts A and B of Chapter 3 and Section 71 of POPIA. 

Section 71(1) states that a data subject may not be subject to a decision that:  

a) affects him/her to a substantial degree,  

b) is based solely on automated processing or personal information,  

c) is intended to provide a profile of such a person, 

d) including their performance at work, or their creditworthiness, reliability, location, health, personal preference or conduct.  

There is no specific definition for profiling in South Africa, but the GDPR defined profiling in Article 4(4) as, “Profiling” means any form of automated processing of personal data consisting of the use of that data to evaluate certain personal aspects relating to a natural person, in particular, to analyse

or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.” 

The journey towards robust AI regulation in South Africa is ongoing. The dynamic nature of AI technology means that regulations must continually evolve to keep pace with innovations. Legislators are thus challenged to draft flexible laws that can adapt to new developments, while still being firm enough to enforce fundamental rights and ethical standards. 

iFact’s employment of profiling and Automated Decision-Making technologies through our verification suppliers, which are crucial in providing accurate and reliable information to our clients, will ensure compliance with regulatory frameworks like the Protection of Personal Information Act (POPIA). To protect our clients, we will continuously utilise technological innovations to stay ahead.  

Additionally, iFacts will prioritise ethical considerations by setting stringent internal guidelines to prevent bias and protect against the inadvertent prejudice of data subjects.  

Hire with confidence, hire with iFacts.  

Jenny Reid

Founder

www.ifacts.co.za

011 453 1587