> But, there is a balance between automation and manual review. When someone like me gets caught up in an automated system there needs to be better ways of letting support help that person.
This keeps happening, again and again. It's not just Stripe, Google is a huge offender when it comes to automated decision-making and next-to-no human support when it inevitably goes wrong.
GDPR explicitly requires that companies provide a right to human intervention to data subjects, and this is the sort of regulation that needs adopting in other jurisdictions:
> The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
> In the cases referred to in points (a) and (c) of paragraph 2 [explicit consent given/necessary for contract], the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
In the case of finance, anti-money laundering laws triump GDPR.
If you as a financial institution suspect money laundering by your client i.e. a spike in transaction volume, you as a financial institution have an unlimited time to not to reply, can freeze the assets and cannot be held responsible for any inconvenience. Even suspecting money laundering is enough, you do not need to have an evidence. In fact it is opposite and it is a criminal offensive to tip off anyone about AML issues. The law is very one sided.
I imagine once you're locked out of the account whatever that is, relying on GDPR will mean getting a lawyer and all that - by no means a quick or cheap way to sort out your problem. GDPR will only be helpful after applying enough fines and lost processes, finally forcing Google/Stripe/etc to rethink their support strategy. Which means continuous hassle for today's customers and blaming GDPR for being "toothless" (blame set usually by the same people which claim the invisible hand would sort it out automagically).
This keeps happening, again and again. It's not just Stripe, Google is a huge offender when it comes to automated decision-making and next-to-no human support when it inevitably goes wrong.
GDPR explicitly requires that companies provide a right to human intervention to data subjects, and this is the sort of regulation that needs adopting in other jurisdictions:
> The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
> In the cases referred to in points (a) and (c) of paragraph 2 [explicit consent given/necessary for contract], the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.