Bertelsmann Stiftung (ed.)

Stephan Dreyer and Wolfgang Schulz

The General Data Protection Regulation and Automated Decision-making: Will it deliver?

Format Type
Date of publication
50 pages, PDF


Free of charge


Wolfgang Schulz and Stephan Dreyer analyze in detail the relevant articles of the GDPR and elucidate whether the new regulation can promote more comprehensible and verifiable algorithmic decision-making systems. They examine to what extent the new regulation can safeguard individual interests such as personality rights on the one hand and societal goals such as non-discrimination and social inclusion on the other. In addition to this, they explore certain additions to the GDPR and alternative regulatory tools, which could complement its provisions. Such additional approaches are needed for algorithmic systems. The regulation has a restricted area of application and in view of its focus on safeguarding individual rights it is not capable of safeguarding group interests and societal values such as non-discrimination. In order to broaden the scope of what is possible within the framework of the GDPR, there is above all a need for a more active data protection supervisory authority which is prepared to look at the societal risks of ADM systems. Moreover, beyond the GDPR’s scope, there is a need for additional approaches which can facilitate a more far-reaching evaluation and rectification of automated decisions. Besides provisions to open ADM systems to scrutiny by independent third parties, consumer protection law provides additional regulatory starting points.

Related projects

Cover Ethics of algorithms

From 2017 to 2022, the Ethics of Algorithms project explored the societal consequences of automated decision-making processes. The project’s objective was to put the digital transformation at the service of society. It was founded in the belief that the guiding principle should not be what is technically feasible, but what is best for society.