Employee Rights When AI Makes HR Decisions

As AI tools become more common in UK HR processes, employees are gaining increasing awareness of their rights. Employers who use AI in performance management, recruitment, monitoring, or disciplinary processes need to understand these rights in order to build compliant processes - and to be prepared when employees exercise them.

The Legal Foundation: UK GDPR Article 22

UK GDPR Article 22 is the primary legal protection for individuals affected by automated decision-making. It states that individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces a legal or similarly significant effect concerning them.

In the employment context, "legal or similarly significant effect" covers a broad range of HR decisions:

• Dismissal
• Disciplinary warnings
• Performance improvement plans
• Pay increases or decreases
• Promotion or demotion
• Changes to working conditions
• Redundancy selection
• Shortlisting in recruitment

The threshold is "significantly affects" - this is deliberately broad and the ICO interprets it expansively.

The Three Core Rights Under Article 22

When a decision that triggers Article 22 has been made or is being made, employees have three specific rights:

1. The right to human review: The employee can request that the decision be reviewed by a human who has the authority to consider the matter and override the automated output. This human review must be genuine - not simply a manager who rubber-stamps whatever the AI produced.

2. The right to express their view: The employee must be given a meaningful opportunity to express their viewpoint on the decision, the data used, and the conclusions drawn. This means more than simply being told the outcome and asked if they have any questions.

3. The right to contest the decision: The employee can challenge the decision and the automated process that produced it. You must have a mechanism for handling such challenges.

Transparency Rights: What Employees Are Entitled to Know

Beyond Article 22, employees have transparency rights under UK GDPR Articles 13 and 14 that apply regardless of whether a significant automated decision has been made:

• That AI tools are used in HR processes
• What categories of data are processed by those tools
• How the tools work (in general terms)
• What the purposes of processing are
• Their rights in relation to the processing
• Who has access to the data

This information must be included in your employee privacy notice. Providing it after an employee raises a concern is too late.

Subject Access Requests in the AI Context

An employee who believes AI has been used to make a decision affecting them can make a subject access request (SAR) for all personal data held about them. In the context of AI performance management or monitoring, this may include:

• Productivity scores and metrics
• AI-generated performance assessments
• Monitoring data (activity logs, communication analysis)
• Automated absence flags
• Any other data the AI system has processed or generated about them

You must respond to a SAR within one calendar month. You cannot charge for this (unless the request is manifestly unfounded or excessive). Refusing to provide AI-generated data about an employee on the basis that "it's a system output, not personal data" is not a valid position - if the data relates to an identifiable individual, it is personal data.

The Right to an Explanation

Employees subject to automated decisions have the right to obtain meaningful information about the logic involved. This does not require you to produce the source code of an AI system, but it does require you to be able to explain:

• What data was used as input
• What factors the system considered
• What output the system produced and what it means
• How that output was used in the HR decision

If you cannot explain these things because the AI tool is a black box that even you do not understand, you have a problem. Using AI tools whose decision logic you cannot explain is not ICO-compliant.

Specific Scenarios and Employee Rights

Automated CV shortlisting in recruitment: Candidates have the right to be informed their application may be subject to automated processing. If shortlisted or rejected by an automated system, they can request human review. Note that this applies to candidates as well as employees - discrimination law protects job applicants.

AI performance scoring: An employee who receives a low performance score generated by an AI system can request sight of all data used, an explanation of how the score was calculated, and human review of whether the score fairly reflects their performance. They can raise a grievance if they believe the process was unfair.

Automated monitoring leading to disciplinary action: If monitoring data generated by an AI tool (productivity tracker, keystroke logger, communication analysis) is used as the basis for disciplinary proceedings, the employee has the right to access all that data, challenge its accuracy, and contest any conclusions drawn from it. Evidence generated by unlawful monitoring may be excluded from tribunal proceedings.

AI-assisted redundancy selection: Redundancy selection criteria scored by an AI system must be capable of explanation. The employee has the right to see their scores, understand how they were calculated, and challenge inaccurate scoring.

What Employers Must Have in Place

To comply with employee rights in the AI HR context, you need:

1. An employee privacy notice that discloses all AI tools used in HR processes and explains their purpose
2. A documented process for handling requests for human review of automated decisions
3. Trained managers who understand that they must make genuine human judgements rather than simply approving AI outputs
4. Accessible AI outputs: the ability to provide employees with data about them held or generated by AI tools within the SAR timeframe
5. An explanation capability: the ability to explain AI decisions in terms employees can understand
6. A grievance mechanism: a clear route for employees to challenge AI-influenced decisions

When Employees Can Go to the ICO or Tribunal

If you fail to comply with employee rights in the AI HR context, employees have remedies:

• ICO complaint: Employees can complain to the ICO about breaches of UK GDPR. The ICO can investigate, issue enforcement notices, and impose fines.
• Employment tribunal: Unfair dismissal claims, discrimination claims, and claims for breach of the implied term of trust and confidence can all arise from AI HR decisions that were not handled lawfully.
• County court: Employees can seek compensation for UK GDPR breaches through the courts, including damages for distress.

---

This is guidance, not legal advice. If an employee has raised a concern about AI use in a decision affecting them, or if you are uncertain whether your AI HR processes comply with UK GDPR, take advice from an employment solicitor or data protection specialist.