Desafíos actuales de la Inteligencia Artificial

Enforcing AI regulation in France: a legal framework beyond the AI act 55 Therefore, this contribution first highlights the extent to which data protection regulation already regulates the use of AI systems. It also explores how competition and copyright laws further complement privacy rules in AI regulation. Second, it discusses the extent to which the AI Act brings novelties to further regulate AI systems developed and deployed by private and public entities and examines the interactions between the AI Act and the GDPR. Third, the analysis focuses on the case of France, where the data protection and competition author- ities have been handling important cases related to AI systems mainly in the fields of digital advertising, facial recognition, and generative AI. 2. BACKGROUND ON AI REGULATION The fact that new legislation aiming to regulate the use of AI systems is being adopted at the EU level does not mean that the law disregarded the issue previously. Tech companies have been using AI systems in consumer markets since the early days of the internet. AI sys- tems powering search engines, personalised advertising, and recommender systems made the fortunes of Google and Facebook over the past few decades. These companies are now among the most valuable on the planet. Yet, their use of AI systems for making huge quantities of information readily available and increasingly personalised has not been left unchecked. If the focus has mostly been on the regulation of AI through data protection law (Section 2.1), competition and intellectual property law is becoming increasingly relevant (Section 2.2). 2.1.AI Regulation Under Data Protection Law Data protection law has initially been used to regulate AI systems. This is not surprising given their dependency on data for their training and operations. Important cases actually predate the GDPR and relate to fundamental questions over the balance between the right to privacy, the right to commercial exploitation of personal data, and the freedom of expression and information. The issue of de-referencing is emblematic of this balance. In the landmark Google Spain case of 2014, the Court of Justice of the EU (CJEU) established the right to be forgotten in the context of search engine results. 6 The CJEU did so by interpreting the 1995 Data Protection Directive, 7 in light of the fundamental rights to privacy and to the protection of personal data guaranteed by the Charter of Fundamental Rights of the EU. This case raised the issue of an individual’s right to be de-referenced from a search engine’s results. Ultimate- 6 Judgment of 13 May 2014, Google Spain, C‑131/12, ECLI:EU:C:2014:317. 7 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, p. 31-50.