Case Study Discovering the Potential for Algorithmic DecisionMaking on Setting GDPR Fines

Abstract

Administrative fines for GDPR infringements are growing rapidly in number, yet companies are presented with an opaque process on how these fines are issued by the data protection authorities (DPAs). In particular, one principle described within the guidelines issued by the European Data Protection Board (EDPB) requires a case-by-case assessment, which is potentially offsetting the automation of administrative fines in the future. This paper is challenging this principle through algorithmic arguments. The suggested approach has its benefits in terms of scalability. Yet, this approach may well receive funded critics due to potential clashes with other principles.