Addressing the relation between the EU General Data Protection Regulation (GDPR) and artificial intelligence (AI) this report considers challenges and opportunities for individuals and society, and the ways in which risks can be countered and opportunities enabled through law and technology. The study led by Professor Sartor for the Future of Science and Technology (STOA), within the Secretariat of the European Parliament, discusses the tensions and proximities between AI and data protection principles, such as purpose limitation and data minimisation. The report makes a thorough analysis of automated decision-making, considering the extent to which it is admissible, the safeguard measures to be adopted, and whether data subjects have a right to individual explanations. The study then considers the extent to which the GDPR provides for a preventive risk-based approach, focused on data protection by design and by default. Read the report here.