Ireland’s Data Protection Commission (DPC) has launched a cross-border investigation into Google Ireland Limited to assess whether the company adhered to EU data protection regulations during the development of its artificial intelligence (AI) model, PaLM2.
The inquiry focuses on the handling of EU citizens’ personal data in training Google’s advanced Pathways Language Model 2 (PaLM2). The DPC’s statement, issued on September 12, emphasizes the importance of compliance with the General Data Protection Regulation (GDPR) when processing personal data, particularly for high-risk AI applications.
PaLM2, introduced on May 10, 2023, is a sophisticated AI model designed with enhanced multilingual capabilities, reasoning skills, and coding efficiency. It comes in four versions—Gecko, Otter, Bison, and Unicorn—each tailored for specific use cases, including mobile applications. Google highlighted that the Gecko version is lightweight enough to perform efficiently on mobile devices, even in offline mode.
The DPC stressed that a Data Protection Impact Assessment (DPIA) is critical in ensuring that the fundamental rights of individuals are adequately protected. The inquiry is part of broader efforts by the DPC, in coordination with EU and European Economic Area (EEA) regulators, to oversee the processing of personal data in AI model development.
This investigation comes in the wake of the DPC’s recent probe into X (formerly Twitter), where the company agreed to halt its use of EU and EEA user data for training its AI chatbot, Grok. X also committed to deleting data collected between May 7 and August 1 and refraining from further collection for AI development purposes.
The DPC’s ongoing actions align with increased regulatory scrutiny across the globe. Regulators are tightening their oversight of Web3, AI, cryptocurrency, and related businesses to ensure compliance with data protection laws and safeguard users from potential harm.
For instance, in Brazil, X faced suspension after failing to designate a legal representative in the country. Similarly, in July, Coinbase’s UK division was fined £4.5 million for breaches related to user onboarding. South Korea’s Financial Supervisory Service (FSS) is also conducting inspections of virtual asset exchanges to ensure adherence to regulations. Meanwhile, operating an unlicensed virtual asset platform became a criminal offense in Hong Kong as of June 1, 2023, with several exchanges still awaiting full licensing.
The DPC’s investigation into Google highlights the growing regulatory pressure on tech companies to prioritize data protection and privacy compliance in the development of emerging technologies like AI.
Comments