Artificial intelligence and data protection: the interplay between the European Artificial Intelligence Regulation and the GDPR

Abstract

The widespread use of artificial intelligence systems and its impact on personal data protection calls for a thorough investigation of the regulatory governance adopted in this field by the European lawmaker and, in perspective, by the national one. In this sense, this paper first outlines the current European legislative framework on data and artificial intelligence, also tackling the related geopolitical dimension of the issue. The work then draws a systemic analysis of the recently approved European Regulation on Artificial Intelligence (so-called “AI Act”), showing lights and shadows of the complex interplay with (EU) Reg. no. 2016/679 (“GDPR”) and identifying similarities and differences between the two regulatory acts. The paper goes on to examine, from a comparative perspective, the sanctioning system and the governance framework defined by the AI Act, focusing on the difficult choice of a national supervisory authority to regulate artificial intelligence in Italy. Finally, the authors provide some closing remarks on the most significant challenges raised in the context of the paper and propose some de iure condendo perspectives in the light of the studies carried out on the matter.