Desafíos actuales de la Inteligencia Artificial

Enforcing AI regulation in France: a legal framework beyond the AI act 67 More recently, the CNIL fined Yahoo €10 million for placing advertising cookies on users’ devices without collecting their prior consent at all. 49 The CNIL found that requiring non-essential cookies for service use is not illegal if users can freely give or withdraw consent without negative consequences. However, the authority noted that, in Yahoo’s case, with- drawal was difficult due to service interruptions, lack of alternatives, and misleading interface elements that complicated the process for users. In total, just between 2020 and 2021, the CNIL adopted around 70 corrective measures (formal notices and sanctions) related to non-compliance with cookie regulation, especially related to consent. 50 In total, 80% of the affected entities rapidly complied with the authori- ty’s orders, with effects not only in France but at least across the EU. 51 Overall, if advertising might not be the first thing popping to mind when thinking about AI, it has played a key role in how the digital economy has developed, with relevance in today’s develop- ments around generative AI. Advertising has been described as the “lifeblood of the internet” 52 be- cause it has enabled business models offering free services, making possible the development of some of the largest online platforms, such as those operated byGoogle andMeta.Many of those platforms have now been designated as gatekeepers under the DMA because of their important market power and ability to raise barriers to entry for potential competition. In fact, most fines imposed by the CNIL in this space relate to the illegal placing of advertising cookies linked to both companies. In turn, companies like Alphabet, Amazon, Microsoft, and Meta – which have relied on scores of personal data and engaged in personalised advertising – are now among the main developers of, and investors in generative AI models. 53 Therefore, the link between personal- ised advertising and further AI development is more important than usually believed, yet at the core of the activities of some of the most valuable companies on the planet. Finally, the CNIL’s early GDPR enforcement has also focused on another domain relevant for its interaction with the AI Act: that of facial recognition. In 2022, ClearviewAI, which amassed over 20 billion images for its facial recognition service by scraping publicly accessible websites, was fined €20 million by the CNIL for multiple GDPR violations. 54 At any rate, the AI Act will now explicitly 49 CNIL, délibération SAN-2023-024 du 29 décembre 2023. 50 CNIL, “Refuser les cookies doit être aussi simple qu’accepter: bilan de la deuxième campagne de mises en demeure et actions à venir”, 14 September 2021, https://www.cnil.fr/fr/refuser-les-cookies-doit-etre-aussi- simple-quaccepter-bilan-de-la-deuxieme-campagne-de-mises-en. 51 Ibid. 52 COFONE, Ignacio; ROBERTSON, Adriana, “Consumer Privacy in a Behavioral World”, Hastings Law Jour- nal (2018) 69(6), p. 1472. 53 AUTORITE DE LA CONCURRENCE, “Avis 24-A-05 du 28 juin 2024 relatif au fonctionnement concurren- tiel du secteur de l’intelligence artificielle générative”, https://www.autoritedelaconcurrence.fr/sites/default/ files/integral_texts/2024-06/avisIA.pdf. 54 CNIL, délibération SAN-2022-019 du 17 octobre 2022. The investigation revealed Clearview’s unlawful data processing without user consent, and failure to respect individual data rights of access and erasure. Clearview AI also failed to cooperate with the CNIL in this initial investigation, as a result of which it was ordered to cease