CYIL vol. 16 (2025)

CYIL 16 (2025) AUTOMATING CONSUMER RIGHTS ENFORCEMENT IN THE EU Notably, CTIA’s more structured rejection framework and the mandatory timeline for resolution create strong incentives for operational efficiency. This regulatory clarity provides a robust foundation for incorporating automation in admissibility screening, deadline tracking, and communication scheduling—areas where AI can deliver measurable gains. Both institutions, however, share the obligation to maintain neutrality, transparency, and fairness in all proceedings. Accordingly, AI tools must remain subordinate to human decision making, operate under principles of explainability, and be carefully monitored for bias. 4. Regulatory problems As illustrated in the preceding analysis, both the ECC-NET and the CTIA ADR could benefit from the integration of AI tools at various stages of their respective consumer dispute resolution procedures. These tools—ranging from document classification and communication assistance to sentiment analysis and predictive analytics—promise increased efficiency, consistency, and responsiveness in dealing with ever-growing caseloads. However, the deployment of such systems also triggers important regulatory considerations. I have identified two key legal frameworks in the EU 21 : the General Data Protection Regulation (GDPR) 22 and the Artificial Intelligence Act (AI Act) 23 . Article 22 of the GDPR With the General Data Protection Regulation (GDPR), this chapter does not address general legal obligations—such as confidentiality, data retention, or non-discrimination— that already apply to consumer enforcement bodies irrespective of AI deployment. These obligations are not AI-specific and remain fully in force regardless of the use of automated tools. The analysis here is therefore limited to the provisions of the AI Act and GDPR that are uniquely triggered or substantively altered by the integration of AI systems into dispute resolution processes. Article 22 of the GDPR establishes a specific data subject right not to be subject to a decision based “solely” on automated processing, including profiling, which produces legal effects or similarly significantly affects the individual. At first glance, this provision appears directly relevant to AI applications in consumer enforcement contexts, particularly if such tools were to issue outcome recommendations, determine case admissibility, or generate legally persuasive assessments. 21 National legislation on administrative processes and national body-specific legislation might introduce additional legislative obstacles. The main one being, whether a process under specific consumer ADR requires certain standards of due process that might differ on national level or whether it ends in a decision in that would be scrutinized under national and EU regulation, such as Article 22 of the GDPR. 22 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 23 Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act).

237