Desafíos actuales de la Inteligencia Artificial

The interplay between AI act and GDPR 43 of AI systems, data is processed on two levels: one for training and the other for validation purposes. 50 A small amount of personal data that is not eliminated from anonymized pro- cessed data can trigger the application of the GDPR at one of these levels. 51 As a result, it can be argued that the interpretation and application of these overlapping areas must be done in coordination with each other for the sake of an effective application of both regulations, which the AI Act does not address it. 52 2.2.1. Overlapping Principles in the Both Regulations Both the GDPR and the AI Act impose transparency obligations; however, the scope and requirements differ between the two regulations. 53 Article 12 of the GDPR is important for the governance of machine learning systems, as in many cases, deployers are not aware of their data being processed. 54 Article 50(4) of the EU AI Act contributes to this general requirement by imposing obligations for the creation of deep-fakes. 55 Another example is the right to explanation and human intervention/oversight 56 . Article 22(3) of the GDPR mandates human intervention and provides a right to meaningful information for decisions based solely on automated processing, which also includes profiling under Article 15(1)(h). In contrast, the AI Act requires human oversight under Article 14, along with a right to explanation of individual decision-making in Article 86 specifically for high-risk AI systems. These regulations demonstrate significant differences in both content, prerequisites, and legal consequences. Hence, under the provisions of the AI Act, it appears that, in principle, an AI system categorized as posing low or minimal risk may be permitted to make decisions that are entirely automated, as defined by the GDPR. 57 Based on this, the ECJ has ruled with its 50 Ibid. 51 Ibid. 52 M. WINAU, ‘Areas of Tension in the Application of AI and Data Protection Law’, 124. 53 The GDPR establishes the principle of transparency to facilitate the exercise of data subjects’ rights under Article 15-22, including the right to erasure, to rectification and to data portability, whereas transparency ob- ligations under the AI Act are imposed only for high-risk AI systems under Article 13 and for other certain AI systems under Article 50. Furthermore, Article 13 of the AI Act addresses the interests of the deployer of an AI system rather than those of the final user and/or data subject. 54 CEDPO AI Working Group, AI and Personal Data A Guide for DPOs “Frequently Asked Questions” , p. 11. 55 CEDPO AI Working Group, AI and Personal Data A Guide for DPOs “Frequently Asked Questions” , p. 11. 56 See also for the limitations of this provision S. WACHTER, B. MITTELSTADT, and L. FLORIDI, ‘Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regula- tion’ (2016). 57 ‘Key Issue 6: Interplay with GDPR - EU AI Act’.