The Irish Data Protection Commission (DPC) has opened an investigation into Google regarding its use of personal information in developing the Pathways Language Model 2 (PaLM 2) AI model. The investigation focuses on whether Google adhered to the General Data Protection Regulation (GDPR) when processing personal data from European Union (EU) and European Economic Area citizens. We’ll keep you updated as more information becomes available.
PaLM 2 and Google’s AI Evolution
Released in May 2023, PaLM 2 preceded the Gemini AI models, which now power many of Google’s services. Gemini, launched later in December 2023, has become the primary tool for generating text and images across Google platforms. The DPC is concerned about how data protection laws were handled in the creation of these models, which could involve high-risk processing of personal data. Under GDPR rules, companies must carry out data protection impact assessments when there is potential for such risks, especially with new technologies.
According to the DPC, ensuring that fundamental human rights and freedoms are adequately considered and safeguarded during the development of these technologies is a critical requirement. Google’s compliance with these principles is now under scrutiny.
Past Actions and Broader Implications
This is not the first time the DPC has investigated major tech companies over AI development, reminds NIXSOLUTIONS. In June 2023, Meta paused training its AI models on publicly available content from Facebook and Instagram in Europe after discussions with the DPC. The company subsequently restricted access to some of its AI tools for European users.
Similarly, in July, the DPC intervened in a case involving X (formerly Twitter), when users found their data being used to train AI systems at Elon Musk’s startup, xAI. Following a legal dispute with the DPC, X halted the processing of European user data in August to train its AI chatbot Grok.
As the DPC continues to monitor tech giants’ compliance with GDPR in the context of AI development, it remains crucial to ensure that user data is handled responsibly.