The Irish Data Protection Commission probes Google’s handling of EU citizens’ data in the development of its advanced AI model, PaLM2.
The Irish Data Protection Commission (DPC) has opened an inquiry into Google Ireland Limited to assess whether the tech giant adhered to European data protection laws while developing its latest AI model, PaLM2. The investigation, which was announced on September 12, focuses on how Google handled personal data from EU citizens during the training of PaLM2, particularly whether the company complied with the General Data Protection Regulation (GDPR).
Why Is This Investigation Important?
The DPC’s investigation centers on the use of personal data in the training of Pathways Language Model 2 (PaLM2), an advanced AI model launched by Google in May 2023. PaLM2 boasts enhanced abilities in multilingual processing, reasoning, and even coding, making it one of Google’s most advanced language models to date. The model comes in several sizes, each tailored for different use cases, from mobile devices (the lightweight Gecko version) to larger, more powerful configurations like Bison and Unicorn.
The core of the DPC’s inquiry is whether the personal data of EU citizens was used appropriately and legally in training the model. According to the DPC, companies are required to conduct a Data Protection Impact Assessment (DPIA) when processing personal data in ways that could pose a high risk to individuals’ privacy. Given the scale of AI development and the potential for sensitive personal data to be involved, the DPC emphasizes that such assessments are crucial to ensure that users’ rights and freedoms are safeguarded.
“The processing of personal data in AI model development must always take into account the potential risks to individuals’ privacy,” the DPC stated in its official release. “This statutory inquiry is part of the broader efforts of the DPC, alongside other EU/EEA regulators, to ensure compliance with GDPR during AI development.”
What’s at Stake for Google?
While Google has emphasized that PaLM2 is faster and more efficient than previous models, the scrutiny over data use highlights the increasing regulatory pressures facing tech giants in Europe. The DPC’s investigation isn’t just about ensuring compliance with GDPR; it’s also part of a larger trend of regulators across the globe tightening their oversight of tech companies, particularly in the realms of AI, Web3, and cryptocurrencies.
For Google, the inquiry represents another layer of scrutiny in an already complex regulatory landscape. Any failure to meet GDPR standards could result in significant fines and reputational damage. However, the DPC has also noted that this investigation will be part of a larger, cross-border effort with regulators from across the European Economic Area (EEA) to establish consistent standards for AI model development.
A Broader Trend of Tightening Tech Oversight
This probe into Google comes on the heels of another significant development in data protection. Just one week earlier, the DPC concluded its investigation into social media platform X (formerly Twitter). X agreed to meet compliance requirements after it was found to have misused EU citizens’ personal data for the training of its AI chatbot, Grok. As part of the resolution, X agreed to delete data collected between May 7 and August 1, 2023, and committed to stopping the use of personal data for Grok’s development going forward.
The increasing regulatory activity around AI and data privacy reflects a growing concern among global regulators about the potential misuse of personal information, especially as AI models become more sophisticated. As AI technologies like PaLM2 and Grok evolve, the need for clear guidelines on data usage and user protection has become a top priority for authorities around the world.
Global Regulatory Crackdowns on Tech Companies
The scrutiny of tech companies’ data practices isn’t limited to Ireland. Brazil recently suspended X after its owner, Elon Musk, refused to appoint a legal representative for the company in Brazil. This suspension was upheld by Brazil’s Supreme Court in September, signaling the country’s growing commitment to holding tech giants accountable for their actions in the region.
Meanwhile, in the UK, Coinbase was slapped with a $4.5 million fine by the country’s Financial Conduct Authority (FCA) for breaching a voluntary agreement on user onboarding. The FCA also announced plans to inspect crypto exchanges for compliance with regulations, including potential issues around suspicious or illegal transactions.
Other countries are tightening their grip on the tech and crypto sectors as well. For example, in Hong Kong, operating an unlicensed virtual asset trading platform has now become a criminal offense, with some companies still waiting to complete the licensing process. Meanwhile, South Korea’s financial regulator has been inspecting crypto exchanges for suspicious activity, signaling its commitment to enforcing anti-money laundering (AML) laws.
The EU’s Role in AI and Data Protection
As AI and data privacy concerns grow, the European Union has positioned itself at the forefront of regulation. The GDPR, which came into effect in 2018, has set a global standard for how personal data should be handled, particularly when it comes to tech companies operating across borders. In addition to the GDPR, the EU is actively working on the Artificial Intelligence Act, a framework designed to regulate the development and deployment of AI technologies. This is expected to include specific provisions around transparency, accountability, and the ethical use of AI—an area where companies like Google, X, and others will face increasing scrutiny.
The investigation into Google’s PaLM2 is just one example of how regulators are adapting to the rapid growth of AI while trying to balance innovation with data protection. For tech giants, this means being prepared for more intense scrutiny, greater compliance burdens, and higher risks if they fail to meet evolving regulatory standards.
What’s Next for Google?
As the investigation unfolds, it will be crucial for Google to demonstrate that it has taken all necessary steps to protect user data and comply with European data protection laws. The outcome of this inquiry could have significant implications not only for Google but also for the broader AI and tech industries as regulators look to set clearer, more stringent guidelines for AI model development and data handling moving forward.
In the fast-evolving world of AI, one thing is clear: regulators are stepping up their efforts to ensure that user privacy and data protection are not sacrificed in the race to build smarter technologies. The DPC’s investigation into Google is just the beginning of what could be a more comprehensive global effort to rein in the power of AI while safeguarding individuals’ fundamental rights.
