A tough week for one of the largest technology companies on the planet. The European Court confirmed last Tuesday that Google will not be able to avoid a fine of 2.4 billion euros imposed more than five years ago in a case of abuse of dominant position. Now, the Irish Data Protection Commission (CPD), the body responsible for ensuring compliance with the General Data Protection Regulation (GDPR), has launched an investigation into the search giant.
The CDP wants to know whether Google should have carried out a data protection impact assessment (DPIA) before starting to process personal data of EU users associated with the development of the PaLM 2 artificial intelligence model. This model, it should be recalled, was launched in May 2023 to boost the defunct Bard assistant and thus compete against ChatGPT. Later, however, it was overtaken by the Gemini family of models.
Google did not conduct an impact assessment. And now…
Article 35 of the GDPR states that companies must carry out a data protection impact assessment when their data processing activities may pose a high risk to the rights and freedoms of individuals. The CDP notes that this type of measure allows Identify and mitigate data protection risksGoogle has not yet carried out any assessments related to PaLM 2, so the Irish body wants to know whether it should have done so.
As many of you already know, training AI models often requires a huge amount of data. The origin of this data is a matter of debate. Companies do not usually provide many details about it. We know that PaLM 2 It has been trained on a corpus consisting of millions of lines of text from web pages, books, code, mathematics and conversational data. All of this presumably includes data from residents of the European Union.
We will have to wait to see what the CPD’s investigation finds. It should be noted, however, that this body can impose fines of up to 4% of global annual turnover companies that breach the GDPR. It should also be added that even if a breach is confirmed, the proceedings often result in multiple appeal processes. For now, Financial Times points outGoogle has said it will answer all questions from authorities.
While the European Data Protection Board (EDPB) is made up of around twenty members like the Spanish Data Protection Agency (AEPD), any move by the Irish Data Protection Commission (DPC) is important for several reasons. Firstly, Google’s European headquarters are located in IrelandSecondly, the CPD works together with its peers to regulate the processing of EU personal data generally.
Image | Guillaume Périgois | Brett Jordan | Christian Lue
At Xataka | Enough of photocopying our ID everywhere: this is how the AEPD asks to put an end to this unnecessary practice
Add Comment