The State’s data privacy watchdog has opened an investigation into Google Ireland over the internet giant’s artificial intelligence (AI) model.
The Data Protection Commission said it had started a cross-border statutory inquiry to determine whether the AI model is in breach of the EU’s sweeping data privacy laws.
The Dublin-based regulator said the investigation will examine whether Google complied with any obligations it might have had under the General Data Protection Regulation (GDPR) before engaging in the processing of the personal data of EU citizens.
The inquiry relates to the development of the foundation of Google’s generative AI model, known as Pathways Language Model 2, or PaLM 2, a technology that helps train machine learning models to perform a variety of tasks.
Google has been rushing to tap into the boom in AI technology since the San Francisco-based company OpenAI released ChatGPT in 2022. The company has been focused on building more powerful AI technology. PaLM 2 was unveiled in March of last year.
Announcing the investigation, the DPC said a data protection impact assessment (DPIA), where required, is “of crucial importance in ensuring that the fundamental rights and freedoms of individuals are adequately considered and protected when processing of personal data is likely to result in a high risk”.
The regulator said the statutory inquiry forms part of the wider efforts by it, working with other EU data privacy watchdogs, to regulate the processing of the personal data of EU subjects in the development of AI models and systems.
Google Ireland has been the subject of past investigations by the Data Protection Commission. In January Google took a High Court case against the commission over a privacy investigation, taking the unusual step of initiating a legal challenge before any determination was made by the regulator in the case. The judicial review was taken over the regulator’s inquiry into whether procedures for opening Google accounts on its website and apps breached data protection law.
The GDPR regime, which dates to 2018, is intended to tighten controls over the use of personal data by Big Tech firms such as Google. Significant fines, running into hundreds of millions of euro, can be imposed on firms found to breach the privacy of EU citizens using their services.
The DPC has issued fines totalling almost €3 billion since 2018, including a record €1.2 billion fine last year against Facebook’s owner Meta.
- Sign up for push alerts and have the best news, analysis and comment delivered directly to your phone
- Join The Irish Times on WhatsApp and stay up to date
- Listen to our Inside Politics podcast for the best political chat and analysis