On Thursday, the Data Protection Commission (DPC) of Ireland announced that it has initiated an investigation into Google's Pathways Language Model 2 (PaLM2) over potential data privacy issues. This inquiry is part of a broader examination by EU regulators into how artificial intelligence systems handle personal data in compliance with the General Data Protection Regulation (GDPR).
As Google’s European headquarters are located in Dublin, the Irish DPC serves as the lead regulator for privacy matters concerning the tech giant within the EU. The commission's investigation aims to determine whether Google has adequately assessed the risk that PaLM2’s data processing might pose to the rights and freedoms of individuals in the EU.
PaLM2, a large language model developed by Google, supports various generative AI services, including email summarizing. Given its vast data processing capabilities, the inquiry will focus on whether Google has conducted a thorough evaluation of potential risks related to GDPR compliance.
Google has stated that it is committed to complying with GDPR and will cooperate fully with the DPC’s investigation. "We take seriously our obligations under the GDPR and will work constructively with the DPC to answer their questions," a Google spokesperson said.
This investigation into PaLM2 follows a series of regulatory actions across Europe concerning AI and data privacy. Earlier this month, the DPC successfully obtained a court order to halt X’s processing of user data for its AI chatbot, Grok, following a legal battle. Additionally, Meta Platforms decided to pause its plans to use content from European users to train its latest AI model after intensive discussions with the Irish regulators.
Last year, Italy’s data privacy authority temporarily banned ChatGPT due to data privacy breaches and required OpenAI to address specific demands before the service could resume.
The ongoing scrutiny highlights the EU’s rigorous approach to regulating AI and ensuring that personal data is handled in accordance with GDPR standards.