The fast evolution and penetration of Artificial Intelligence (AI) in commercial ecosystems has revolutionized how businesses capture, process and leverage consumer data. AI based consumer profiling, which includes behaviour tracking, forecasting and automated determination has enormous economic potential, but is also destroying basic privacy. This paper examines how the profiling capabilities of AI clash with the principles and values of data protection as articulated under contemporary data protection frameworks such as the “European Union's General Data Protection Regulation” (GDPR), the “California Consumer Privacy Act” as amended by the “California Privacy Rights Act” (CCPA/CPRA) and the “Digital Personal Data Protection Act, 2023” (DPDPA) in India.

The present research through doctrinal analysis, comparative legal methodology and empirical case studies, identifies six main challenge domains: (i) algorithmic opacity and the right to explanation; (ii) the legal adequacy of the consent frameworks; (iii) the cross-border data flows and the fragmentation of jurisdictions; (iv) profiling of sensitive and inferred attributes; (v); children's data in AI-powered environments and (vi) the emerging tension between AI innovation imperatives and privacy-by-design obligations. The paper proposes a policy toolbox which features harmonized international standards, algorithmic impact assessments and enforcement, and the identification of inferred data as a specific type of sensitive data. The main topic is the idea that current legal frameworks, which serve as the bedrock, are structurally deficient to cope with the “scale, velocity, and opacity of today's AI profiling systems”.....