Algorithmic consumer credit scoring has caused anxiety among scholars and policy makers. After a significant legislative effort by the European Union, the General Data Protection Regulation (GDPR) that has provisions tailored to automated decision-making (ADM) was implemented. When the EU Commission and the US Department of Commerce negotiated for US organizations to whom data from EU data controller is transferred to comply with the key principles of EU Data Protection Law under the EU-US Privacy Shield (PS) Framework, the Department of Commerce refused to incorporate the GDPR principles governing ADM in the PS Framework. The EU Commission accepted this refusal reasoning that where US companies make automated decisions with respect to EU data subjects, such as in consumer credit risk scoring, there are laws in the US that protect the consumer from adverse decisions. This view contradicts recommendations for implementing GDPR-Inspired law in the US to tackle the challenges of automated consumer credit scoring.

This article argues that despite the differences in the approach to the regulation of automated consumer credit scoring in the EU and the US, consumers are similarly protected in both jurisdictions. Furthermore, US consumer credit laws have the necessary flexibility to ensure that adverse automated decisions are tackled effectively. This article, through analyzing statutes, cases, and empirical evidence, demonstrates that the seemingly comprehensive legal rules governing ADM in the GDPR do not make the EU consumers better off. In addition, the challenges presented by the increasing sophistication of Artificial Intelligence (AI), especially machine learning, place both the EU and the US legal regimes in similar position as neither jurisdiction is equipped to respond to autonomous, unpredictable, and unexplainable algorithms making decisions. While the EU’s risk-based approach to AI regulation adopted by the Draft AI Regulation which also contains provisions on regulatory sandboxing is a significant improvement, it does not significantly change the rules regarding algorithmic consumer credit scoring. Nevertheless, this is the approach that regulation should primarily adopt for the future.