The General Data Protection Regulation and Automated Decision-making: Will it deliver?

Wolfgang Schulz and Stephan Dreyer analyze in detail the relevant articles of the GDPR and elucidate whether the new regulation can promote more comprehensible and verifiable algorithmic decision-making systems. They examine to what extent the new regulation can safeguard individual interests such as personality rights on the one hand and societal goals such as non-discrimination and social inclusion on the other. In addition to this, they explore certain additions to the GDPR and alternative regulatory tools, which could complement its provisions. Such additional approaches are needed for algorithmic systems. The regulation has a restricted area of application and in view of its focus on safeguarding individual rights it is not capable of safeguarding group interests and societal values such as non-discrimination. In order to broaden the scope of what is possible within the framework of the GDPR, there is above all a need for a more active data protection supervisory authority which is prepared to look at the societal risks of ADM systems. Moreover, beyond the GDPR’s scope, there is a need for additional approaches which can facilitate a more far-reaching evaluation and rectification of automated decisions. Besides provisions to open ADM systems to scrutiny by independent third parties, consumer protection law provides additional regulatory starting points.