The Irish Data Protection Commission (DPC) has initiated a statutory inquiry into Google’s PaLM 2 AI model to evaluate compliance with EU data protection laws.

Description

The DPC’s inquiry [5], conducted under Section 110 of the Data Protection Act 2018 [1], aims to ensure that Google’s AI development projects adhere to data protection regulations. Specifically, the focus is on safeguarding individuals’ rights and freedoms in high-risk AI initiatives. The investigation centers on whether Google conducted a Data Protection Impact Assessment (DPIA) before processing personal data of EU/EEA data subjects for PaLM 2 [3], as mandated by GDPR Article 35. The DPC is scrutinizing the data sources used to train the PaLM 2 model and assessing the potential risks posed by Google’s AI technologies to individuals’ rights and freedoms. As Google’s European headquarters are in Dublin [2] [4], the DPC serves as the primary regulator overseeing data privacy compliance in AI development projects. Google has affirmed its commitment to GDPR compliance and willingness to collaborate with the DPC to address any concerns raised during the inquiry. Similar inquiries have been faced by other tech companies, including X and Meta.

Conclusion

The outcome of the DPC’s inquiry into Google’s PaLM 2 AI model will have significant implications for data protection in AI development projects. It underscores the importance of conducting DPIAs and ensuring compliance with GDPR regulations to safeguard individuals’ rights and freedoms. Moving forward, tech companies must prioritize data protection in AI initiatives to mitigate risks and uphold privacy standards.

References

[1] https://www.infosecurity-magazine.com/news/irish-regulator-google-ai/
[2] https://thehackernews.com/2024/09/irelands-watchdog-launches-inquiry-into.html
[3] https://www.euronews.com/next/2024/09/12/googles-ai-model-subject-to-irish-privacy-inquiry
[4] https://fortune.com/europe/2024/09/12/ireland-privacy-inquiry-google-ai-data/
[5] https://techcrunch.com/2024/09/12/googles-genai-facing-privacy-risk-assessment-scrutiny-in-europe/