Desafíos actuales de la Inteligencia Artificial

The interplay between AI act and GDPR 41 protecting public interests, including the explicit protection of individual fundamental rights. Consequently, both regulations strive to achieve a balance between ensuring a free market and protecting economic and public interests in the processing of personal data and the use of AI, while also safeguarding Union values, fundamental rights, and principles that may be endan- gered by these activities, which demonstrates parallelism in their regulatory purposes. However, the AI Act and the GDPR differ essentially in their scope of application. Ac- cording to Article 2 of the AI Act, it applies to providers, users, and other actors in the AI value chain, including importers and distributors of AI systems used in or placed on the EU market, regardless of their location, whereas referring to Articles 2 and 3 of the GDPR, it applies to controllers and processors of personal data within the EU, or to entities offering goods or services to, or monitoring the behavior of, individuals within the EU. Moreover, the GDPR, does not address AI as a specific method of data processing, since there are no special AI provisions in the GDPR apart from Article 22. 36 Besides, not all AI or machine learning systems need to process personal data; therefore, in those cases, the GDPR will not be applicable. 37 Therefore, AI systems that do not process personal data or handle the personal data of non-EU individuals may be subject to the AI Act but not the GDPR. 38 For example, a com- pany developing an AI system that analyses non-personal data for market trends would fall under the AI Act but would not be governed by the GDPR. The GDPR applies to AI systems, insofar as personal data is involved at any stage of an AI system’s lifecycle. Under Article 5(1)(a) of the GDPR, “processing” does not denote a spe- cific technical processing method. 39 Instead, it encompasses a wide range of automated (al- gorithm-based) processing techniques that produce outputs aligned with predetermined hu- man-defined objectives. 40 Compared to the GDPR, the AI Act has a broader scope in terms of application to entities, yet is more limited regarding the methods and purposes of processing. 41 As a result, there is an overlap of matters when personal data is processed within an AI system. 42 In the light of this, it is clear that the regulatory objectives of both legal instruments share sig- nificant similarities. 36 I. SPIECKER and G. DÖHMANN, ‘AI and Data Protection’ in L. A. DIMATTEO, C. PONCIBÒ, M. CAN- NARSA (eds.), The Cambridge Handbook of Artificial Intelligence, (Cambridge University Press, 2022), pp. 132–45 p. 133. 37 CEDPO AI Working Group, AI and Personal Data A Guide for DPOs “Frequently Asked Questions” , p. 10. 38 ‘International: The interplay between the AI Act and the GDPR - AI series part 1’ (November 2023). 39 M. WINAU, ‘Areas of Tension in the Application of AI and Data Protection Law’, 124. 40 For more detail and critical regarding the definition of Article 5(1)(a) of the AI Act M. EBERS, V. R. S. HOCH, F. ROSENKRANZ, H. RUSCHEMEIER, and B. STEINRÖTTER, ‘The European Commission’s Proposal for an Artificial Intelligence Act—A Critical Assessment by Members of the Robotics and AI Law Society (RAILS)’ (2021) 4 J 589–603 at 589–90. 41 M. WINAU, ‘Areas of Tension in the Application of AI and Data Protection Law’, 124. 42 Ibid.