The implementation of AI in tax administration is transforming the structure of tax audits, raising potential conflicts with the principles of EU law. This article explores how the automation of tax audits intersects with data protection law, requiring tax authorities to adhere to the provisions of the GDPR and, specifically, respect the rights and obligations related to automated decision-making. Building on this perspective, the authors elaborate on a two-rule framework that is meant to extend the provisions of the GDPR to individual tax proceedings, enhancing the safeguards of taxpayer protection in the field of automated tax audits.