The Data Protection Commission (DPC), acting in its role as a privacy watchdog for the state, has begun an investigation into Google Ireland’s use of artificial intelligence (AI). The aim of the enquiry is to examine whether the AI model, referred to as Pathways Language Model 2, or “PaLM 2”, has breached the General Data Protection Regulation (GDPR) of the EU, particularly in relation to processing the personal data of EU nationals.
The DPC’s Dublin-based team will scrutinise Google’s adherence to the GDPR obligatory procedures prior to initiating the processing of EU nationals’ personal data. Relevance to the investigation is the foundational development of Google’s generative AI model, PaLM 2, a system employed in training machine learning models for multiple tasks.
The origins of Google’s interest in AI technology advancement can be traced back to 2022 when the San Francisco tech firm OpenAI launched ChatGPT. Responding swiftly, Google has since been investing in AI technology, with PaLM 2 going live last March.
Stressing the significance of the enquiry, the DPC emphasised the necessity for a data protection impact assessment (DPIA). Such an assessment is vital in ensuring individuals’ basic rights and freedoms are shielded when processing personal data has considerable risk implications.
This latest statutory investigation aligns with the DPC’s ongoing endeavour, alongside other EU privacy regulators, to govern how personal data of EU citizens is processed in the formation of AI models and systems. Google Ireland has been a previous subject of DPC probes. Early this year, prior to any ruling by the DPC, Google sought a legal review of a privacy investigation which questioned if the method for creating Google accounts on its platforms contravened data protection law.
Established in 2018, the GDPR seeks to enhance the regulation over personal data utilisation by large tech corporations such as Google. These firms risk substantial penalties, amounting to hundreds of millions of euros, for any infringement of GDPR laws. Since 2018, the DPC has handed out fines close to €3 billion, the highest being a €1.2 billion penalty last year against Meta, the parent company of Facebook.