Automated administrative decision-making under the influence of the GDPR – Early reflections and upcoming challenges

Abstract

This article examines the intersection of the GDPR and selected due process requirements in the context of automated administrative decision-making. It finds that the safeguards for decisions based solely on automated data processing provided by the GDPR coincide with or serve a comparable function to traditional administrative due process elements such as the duty to give reasons, the duty of care principle, and the right to a hearing. The automation of decision-making by public authorities across the EU will therefore be regulated by an overlap of national administrative procedures and the GDPR. This overlap, however, leads to a paradoxical problem: on the one hand, the GDPR is an inflexible legal instrument aimed at setting out in detail the rights of data subjects and the obligations of data controllers, and it does not offer national legislators much room to align its terms with national administrative procedures. On the other, the GDPR's broad language makes it susceptible to interpretations embedded in the elaborated practices of the national administrations. The unclear relationship between national administrative procedures and the GDPR may undermine its main purpose – to establish an equal level of protection in all EU Member States through its ‘consistent and homogenous application’. After outlining the main challenges in this regard, the article concludes with a call for further research and regulatory frameworks adjustments aimed at developing a better governance regime for automated administrative decision-making that would allow for embracing technological progress while keeping threats to individual rights in check.