DPC probes Google’s AI model over personal data collection

12 Sep 2024

Image: © royyimzy/Stock.adobe.com

The DPC has been taking action against multiple companies making AI models, due to concerns they are breaching GDPR when using personal data to train these machines.

Ireland’s Data Protection Commission (DPC) is investigating Google to see if it complied with EU data laws when developing one of its AI models.

The investigation is looking into PaLM 2, a foundational model that Google revealed last year at its annual I/O event. At the time, Google said PaLM 2 was being used to power more than 25 of its upcoming products and features.

The DPC inquiry will assess whether Google properly followed GDPR when it comes to processing the personal data of EU citizens for the training of PaLM 2.

The Irish regulator said the investigation is part of a wider effort – “working in conjunction with its EU/EEA peer regulators” – to regulate the processing of personal data for the development of AI models.

AI and EU data

Large AI models such as PaLM 2 require vast amounts of data to be trained and to perform various tasks effectively. This creates privacy concerns when it comes to personal data being used to train these models.

Earlier this year, the DPC took legal action against X – formerly known as Twitter – when the platform started using posts and interactions from its site to train its Grok AI. The DPC said this was not compliant with GDPR, prompting X to permanently suspend processing the personal data of its EU and EEA users.

Meta also planned to train its large language models with public content shared by adults on Facebook and Instagram, but this was met with serious concerns by privacy advocacy group Noyb and eventually the DPC. Meta paused those plans in June after intensive discussion with the DPC.

The concerns and actions of the DPC should come as no surprise for these companies. At a conference last year, DPC deputy commissioner Ultan O’Carroll warned companies developing AI technology to be careful when launching their products, especially when the models are trained on public data.

“It might be too late for them to change their product when regulators get involved,” O’Carroll said. “It’s not a closed book at this stage, but I do think there will be more regulation. But at the same time, when it comes to personal data, GDPR is king at the moment.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com