The Data Protection Commission (DPC) has initiated a cross-border statutory inquiry into Google Ireland Limited regarding its compliance with European Union data protection laws. Announced in September, the inquiry will focus on whether Google conducted a Data Protection Impact Assessment (DPIA) as required by the General Data Protection Regulation (GDPR) before using personal data from EU and European Economic Area (EEA) residents in developing its foundational AI model, Pathways Language Model 2 (PaLM 2).

This inquiry aims to determine whether Google followed its obligations under Article 35 of the GDPR. According to this provision, organizations must conduct a DPIA when data processing activities, particularly those involving new technologies like AI, pose a high risk to the fundamental rights and freedoms of individuals. The DPIA helps identify and mitigate potential data protection risks, ensuring that the processing is necessary, proportionate, and subject to appropriate safeguards.

The DPC emphasized that conducting a DPIA is essential when dealing with high-risk data processing, as it helps ensure the protection of individuals’ rights and freedoms. This inquiry into Google’s handling of personal data is part of a broader effort by the DPC and its peer regulators across the EU and EEA to oversee how companies process personal data in the development of AI models and systems.

Cross-border processing, which is the focus of the inquiry, typically involves either the processing of personal data by companies with establishments in multiple EU member states or processing that significantly affects individuals in multiple member states. Google, which operates across the EU, is under scrutiny to ensure it followed these regulations when developing its AI systems.

Broader Implications for AI Oversight

This case arrives at a time of heightened global scrutiny of AI and privacy practices. PaLM 2, one of Google’s most advanced AI systems, powers a range of applications that process vast amounts of data. The DPC’s findings could shape how future AI models are audited and regulated across Europe. The inquiry also underscores regulators’ increasing attention to AI governance, particularly around data used in training large models. Authorities across the EU are working to ensure that companies adopt responsible data-handling practices aligned with both the GDPR and forthcoming AI regulations.

Need Help?

With every day comes a new AI regulation or bill, and you might have questions and concerns about how it will impact you. Don’t hesitate to reach out to BABL AI. Their Audit Experts are ready to provide valuable assistance.