Google faces GDPR probe over PaLM2 AI programme

Google Palm 24Google has become the latest tech giant to have its collar felt by the data protection authorities over its AI programme, with a new investigation to examine whether its system poses a “high risk” to the rights and freedoms of individuals under GDPR.

The probe into Google’s PaLM2 AI model by the Irish Data Protection Commission follows action against both Meta and X, which have been forced to abandon their programmes after being found to have been using user data without consent.

The Irish DPC, acting as Google’s lead regulator in the EU due to its European headquarters in Dublin, is focusing on how the AI model handles personal data.

PaLM2, a large language model, powers various Google services, such as email summarisation.

In a statement, the Irish DPC said: “The statutory inquiry concerns the question of whether Google has complied with any obligations that it may have had to undertake an data protection impact assessment, pursuant to Article 35 of the GDPR, prior to engaging in the processing of the personal data of EU/EEA data subjects associated with the development of its foundational AI model, PaLM 2.

“A data protection impact assessment, where required, is of crucial importance in ensuring that the fundamental rights and freedoms of individuals are adequately considered and protected when processing of personal data is likely to result in a high risk.”

In response to the probe, Google stated: “We take seriously our obligations under the GDPR and will work constructively with the DPC to answer their questions.”

Earlier this month X agreed to permanently halt training its AI chatbot Grok on personal data lifted from public posts made by the platform’s 60 million EU users without consent.

The move followed court action by the Irish DPC in early August, although whether that will be the end of the matter depends on privacy campaigner Max Schrems, who has also rifled off a barrage of complaints over the issue to nine other authorities.

His privacy organisation, NOYB maintains that the Irish DPC has not gone for the core violations and filed the GDPR complaints to ensure that the core legal problems around X AI training are fully addressed.

In June, Schrems’ action against Facebook owner Meta forced the tech giant to pause its own AI training programme, which was using years of personal posts, private images or online tracking data from its social media sites to build a new platform.

Related stories
Musk bows to pressure to ditch ‘illegal’ AI training plan
Schrems guns for Musk over X ‘illegal’ AI training data
Mass GDPR complaints force Meta to pause AI data grab
Meta’s mega AI data grab sparks mass GDPR complaint
Germans back fight against ChatGPT data inaccuracies
Industry in peril as Schrems declares war on ChatGPT

Print Friendly