**Google Being Examined by EU Privacy Regulator for AI Data Procedures**
Google is currently under scrutiny by the European Union’s privacy authority, the Irish Data Protection Commission (DPC), regarding its management of personal data in the creation of its artificial intelligence (AI) systems. This investigation is part of a wider regulatory initiative to evaluate how major technology firms handle personal data during the development of AI solutions, which are increasingly critical to their business strategies.
### Investigation Focus: PaLM 2
The inquiry focuses on Google’s **Pathways Language Model 2 (PaLM 2)**, a sophisticated AI system launched in May 2023. PaLM 2 precedes Google’s latest **Gemini models**, released in December 2023, which are now fundamental to Google’s AI-based text and image generation offerings.
The DPC’s investigation seeks to assess whether Google has adhered to the **General Data Protection Regulation (GDPR)**, particularly concerning its processing of personal data from EU and European Economic Area (EEA) citizens. The GDPR serves as a comprehensive data protection statute that mandates companies to follow stringent protocols when handling personal data, especially when such activities might significantly impact individuals’ rights and freedoms.
### Data Protection Impact Assessment (DPIA)
A crucial part of the investigation is whether Google carried out a **Data Protection Impact Assessment (DPIA)** prior to utilizing personal data for training its AI systems. The GDPR stipulates that a DPIA is required when data processing endeavors are likely to result in elevated risks to individuals’ privacy and rights. This is especially pertinent when incorporating emerging technologies like AI.
The DPC stressed that performing a DPIA is “of vital significance” to ensure the essential rights and freedoms of individuals are sufficiently acknowledged and safeguarded. The regulator is currently reviewing Google’s DPIA as part of the investigative process.
### Google’s Reaction
In light of the inquiry, a Google spokesperson remarked, “We take our responsibilities under the GDPR very seriously and will actively collaborate with the DPC to respond to their inquiries.” This statement indicates that Google is engaging with the investigation and is dedicated to addressing any issues raised by the regulator.
### A Wider Trend: Big Tech Facing Oversight
This investigation is indicative of a broader trend of heightened regulatory oversight on major tech firms, particularly those involved in the creation of large language models (LLMs) and other AI technologies. The DPC, tasked with enforcing GDPR compliance for many of the globe’s largest tech enterprises, has been particularly vigilant in this domain.
In June 2023, **Meta** (previously known as Facebook) halted its initiatives to train its AI model **LLaMA** on public content shared by adults on Facebook and Instagram within Europe. This choice followed discussions with the Irish regulator, which expressed concerns about the application of personal data in AI training. Consequently, Meta restricted some of its AI products’ availability to users in the area.
Similarly, in July 2023, users of **X** (formerly Twitter) learned that their posts were being utilized to train AI systems created by **xAI**, a startup established by Elon Musk. Following legal actions initiated by the DPC, X paused processing several weeks’ worth of European user data that had been collected to train its **Grok AI** model. This marked the initial instance of the DPC wielding its authority to take such measures against a tech company, indicating a firmer regulatory approach.
### The Increasing Relevance of AI Regulation
As AI technologies progress and become more embedded in everyday activities, regulators are paying closer attention to the development and training of these systems. Large language models like PaLM 2 and Gemini depend on extensive data sets, often containing personal information, to enhance their efficiency. However, this raises considerable privacy issues, particularly in regions such as the EU, where data protection regulations are strict.
The outcome of the DPC’s investigation into Google’s data management practices could establish a benchmark for the regulation of AI models moving forward. If the inquiry concludes that Google contravened GDPR, it could result in substantial fines and stricter governance of AI development throughout the tech sector.
### Conclusion
The inquiry into Google’s PaLM 2 model by the Irish Data Protection Commission underscores the escalating conflict between rapid advancements in AI technologies and the imperative to safeguard individuals’ privacy rights. As regulators like the DPC intensify their examination of Big Tech’s AI pursuits, companies will need to guarantee full compliance with data protection regulations such as the GDPR. This case could act as a precursor for future regulatory measures in the AI domain, as governments and oversight entities globally navigate the challenges posed by the emergence of artificial intelligence.
—
*Image Credit: Getty Images | Cesc Maymo*
*Source: The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.*
