Automated Decision Making: European (GDPR) and Indian Perspective (Indian Personal Data Protection Bill, 2018)

15 Pages Posted: 14 Oct 2020

Date Written: November 21, 2019


Collection of the personal data can reveal a lot about an individual, including its behavior or preferences or outlook. For example, the fact or combination of facts that an individual called a criminal lawyer for advice and then, browsed for criminal law books or videos online or bought gardening tools (such as shovel or leveler) online or searched for keywords such as ‘destruction of evidence’ or ‘remove blood stains’ could let anyone to infer that the individual has committed either some felony or at least something incriminating in nature. The collection of such information (including personal data) at a larger scale is called ‘Big Data’, and any form of automated processing which is used to analyze the same for assessing or revealing patterns, sets and trends or human behavior or its attributes is, in simple terms, called ‘profiling’.

Once an individual profile is created, then the same can be used to take decisions for the same individual and if this process of taking decision is exclusively done by automated means, then it is called as ‘Automated decision making’. In order to quickly analyze or make cost-effective profiles out of the Big Data, the humans started to deploy machines (based on algorithms and machine-learning systems) and the capacity of these machines to do the same is called ‘artificial-intelligence’ (AI). The combination of the Big Data, AI and Machine Learning is called as ‘Big Data-Analytics’ and profiling or automated decision making is one of the facets of it.

There are a lot of advantages of automated decision making and profiling in the modern world viz. customers gets advertisements according to their preferences and tastes or it helps public and private entities to screen out unqualified applicants for the jobs or to detect fraud-activities in advance. But this is not that simple as it looks from the outside. Organizations lay their hands upon loads of personal information of different types of data from different sources such as browsing activities, purchases made or internet searches from social networks, mobile phones or Internet of things and make decisions about the data subjects on their own. That is why, in recent years, a lot of serious concerns are being raised against the profiling or automated decision making system, especially the ones which invite substantial consequences, such as what if the decision making system is designed to be biased and unfair or what if data subjects are being discriminated on basis of sensitive-data or what if the profiling is being undertaken without obtaining explicit consent from the data subjects, or what is the logic behind the machines which are taking a particular decision or what kind of rights a data subject can exercise if it wants to contest the decision taken.

This Paper discusses the level of recognition accorded to 'Automated Decision Making' in Europe and in India and the kind of approach taken thereto.

Keywords: Artificial Intelligence, Right to Privacy, Data Protection, Automated Decision Making, Big Data, Article 22, GDPR, Personal Data, Indian Personal Data Protection Bill, Right to contest

JEL Classification: K1, K38, K39

Suggested Citation

Arora, Himanshu, Automated Decision Making: European (GDPR) and Indian Perspective (Indian Personal Data Protection Bill, 2018) (November 21, 2019). Available at SSRN: or

Himanshu Arora (Contact Author)

ARS & Associates ( email )

Ranjit Avenue
Amritsar, Punjab 143001


Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics