Desafíos actuales de la Inteligencia Artificial

Enforcing AI regulation in France: a legal framework beyond the AI act 57 influence on industry practices with regards to the handling of personal data elevates data protection law at the forefront of AI regulation. Figure 1: Highest fines imposed under the GDPR as of August 2024 Sources: AP, CNIL, CNPD, DPC Despite all of the affected companies having their EU establishments in Ireland, Luxem- bourg, and the Netherlands – thus giving data protection authorities there a preponderant influence in enforcing the GDPR due to its one-stop-shop mechanism –, the graph shows the active role of the CNIL, which imposed three of the highest fines under the GDPR. 12 The CNIL’s enforcement action will further be discussed in Section 4 below. 12 Even when not directly fining undertakings, the CNIL has played an important role in some of the cases men- tioned here by cooperating with the lead data protection authorities. For instance, it closely cooperated with the Dutch data protection authority regarding Uber’s illegal data transfers to the United States, leading to a fine of €290 million (AUTORITEIT PERSOONSGEGEVENS, “Dutch DPA imposes a fine of 290 million euro on Uber because of transfers of drivers’ data to the US”, 26 August 2024, https://www.autoriteitpersoonsge- gevens.nl/en/current/dutch-dpa-imposes-a-fine-of-290-million-euro-on-uber-because-of-transfers-of-drivers- data-to-the-us) .