Desafíos actuales de la Inteligencia Artificial

38 Desafíos actuales de la Inteligencia Artificial Consequently, organisations need to carefully map the regimes of the GDPR and the EU AI Act carefully to determine which bodies are subject to the requirements of the AI Act, the GDPR, or both. 17 In some points, there are tensions and overlaps between the GDPR and AI. In this respect, the GDPR could be perceived as both insufficient and a hindrance to technological advancement. The legal analysis begins with the overlapping statutory objectives and scopes of ap- plication of the GDPR and the EU AI Act. Following this, the principal divergences of the chosen statutory notions of both legal instruments are outlined. In the following section, to delve into the tensions between the two legal acts, specific points will be addressed. Finally, it will become clear that for the purpose of proper interpretation and application of both AI regulation and the GDPR, procedural safeguards or concrete key provisions to reconcile conflicting legal norms will be necessary. 2. TENSIONS AND OVERLAPPING POINTS IN THE GDPR AND THE EU AI ACT 2.1.Areas of Tensions in the Application While some view the GDPR as a robust mechanism for safeguarding personal data, others argue the regulation inadequate for governing the processing of personal data by AI systems. 18 For instance, critics highlight that the GDPR’s requirements may not fully address the complexities of data processing in AI training processes. This divergence in perspectives highlights the tensions as well between the GDPR and AI Act, particularly in scenarios where AI systems process personal data. Such tensions create complexities that necessitate careful navigation of both legal frameworks. Since the AI Act and EU data protection law are enforced concurrently, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have emphasized during negotiations the necessity of clearly avoiding any inconsistencies or poten- tial conflicts between the AI Act and data protection regulations. 19 However, these concerns have largely been overlooked. 20 In some respects, there is a conflict between the GDPR and AI. There are specific concerns the alignment of AI technologies with core principles of data protection law such as purpose limitation, data minimisation, transparency and lawfulness. 21 17 ‘Key Issue 6: Interplay with GDPR - EU AI Act’. 18 N. WALLACE and D. CASTRO, ‘The Impact of the EU’s New Data Protection Regulation on AI’ (March 2018). 19 ‘EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) | European Data Protection Board’ para.57. 20 M. EBERS, ‘Truly Risk-Based Regulation of Artificial Intelligence - How to Implement the EU’s AI Act’ (2024) p. 19. 21 C. KUNER, F. H. CATE, O. LYNSKEY, C. MILLARD, N. NI LOIDEAIN, and D. J. B. SVANTESSON, ‘Ex- panding the artificial intelligence-data protection debate’ (2018) 8 International Data Privacy Law 289–92 at 289–90.