Contact us
October 15, 2024

Google Faces EU Scrutiny Over Personal Data Use to Train AI Systems

Google is under investigation by the Irish Data Protection Commission (DPC) for failing to conduct a Data Protection Impact Assessment (DPIA) before using personal data to train its AI model, potentially violating the GDPR.

Share:

Google Faces Investigation Over Data Use in AI Training

The European Union has intensified its scrutiny of Google, specifically focusing on its use of personal data to train artificial intelligence (AI) models. The Irish Data Protection Commission (DPC) has launched an investigation to determine whether Google violated the General Data Protection Regulation (GDPR) by failing to conduct a Data Protection Impact Assessment (DPIA) before processing information from EU citizens in the development of its AI model, PaLM 2.

Launched in May 2023, PaLM 2 aimed to enhance the Bard virtual assistant and compete with ChatGPT, but it was soon surpassed by Google’s Gemini AI models. The DPC’s investigation will examine whether Google’s actions align with Article 35 of the GDPR, which mandates impact assessments for high-risk activities involving personal data.

Article 35 of the GDPR and Google’s DPIA Concerns

Article 35 of the GDPR requires companies to conduct a Data Protection Impact Assessment (DPIA) when their activities may pose a high risk to the rights and freedoms of individuals. To date, Google has not completed this assessment for PaLM 2, which has raised concerns with the DPC. The AI model was trained on vast amounts of data, including information from websites, books, code, and conversations, potentially involving EU citizen data.

The DPC’s investigation is set to determine whether Google should have taken further steps to protect the personal data used in AI model training. If it is confirmed that Google has violated the GDPR, the company could face penalties of up to 4% of its annual global revenue.

Google’s Compliance Challenges and Legal Landscape

This investigation adds to the mounting legal challenges that Google has faced recently. Earlier this week, the company lost an appeal against a €2.4 billion fine for abuse of market dominance in the EU. Despite the difficulties, Google has expressed its willingness to cooperate fully with the Irish Data Protection Commission (DPC) and respond to any inquiries regarding the case.

Implications for AI Regulation and Compliance in the EU

The outcome of this investigation may have broader implications for AI regulation and the enforcement of the EU AI Act, especially concerning the use of personal data in high-risk AI systems. As more companies implement AI technologies, the need for thorough AI audits and compliance with GDPR regulations becomes increasingly crucial.

 

 

You May Also Be Interested In

Articles

Operationalising AI Governance with a Strategic Mindset

What is AI Governance? And why is it Dominating The Enterprise AI Agenda?

Why Trump Reversed Biden’s AI Chip Export Ban

Why Modern Banking Systems Are Built to Break

Contact Us

Let us know how we can assist you by completing this short form.

Zertia
Services
Partners
Information
Social
Memberships
  • © 2025 Zertia | All Rights Reserved
Thank you for contacting us
Your message has been sent successfully, we will contact you as soon as possible.