Google has launched its AI chatbot, Bard, in the European Union after implementing changes to enhance transparency and user controls.
The Irish Data Protection Commission (DPC), Google’s lead data protection regulator in the EU, plans to engage with the tech giant post-launch.
YOU MAY ALSO LIKE: Apple Releases Beta Versions For Its Latest Operating Systems
However, the bloc’s privacy regulators are closely monitoring the situation regarding the enforcement of data protection laws on generative AI.
The DPC stated that Google has agreed to conduct a review and provide a report after three months of Bard’s operation in the EU.
Additionally, the European Data Protection Board (EDPB) has a taskforce examining the compliance of AI chatbots with the General Data Protection Regulation (GDPR).
Initially focused on OpenAI’s ChatGPT, the taskforce will now include Bard-related matters to coordinate actions among different data protection authorities (DPAs) for harmonized enforcement.
Graham Doyle, the DPC’s deputy commissioner, confirmed that a critical compliance document called a data protection impact assessment (DPIA) has been reviewed for Bard.
This DPIA, along with other relevant documentation, will be part of the three-month review.
Google has not disclosed specific steps taken to reduce regulatory risk in the EU but has mentioned proactive engagement with experts, policymakers, and privacy regulators.
Google has implemented various changes related to transparency and user control for Bard’s EU launch.
Users must be 18 years or older and have a Google Account to access Bard. Google has introduced the Bard Privacy Hub, providing explanations of available privacy controls.
Legal bases for Bard’s operations include performance of a contract and legitimate interests, with the latter being the primary basis.
However, Google may seek consent for specific data processing purposes as the product evolves.
Regarding data deletion, Google offers a web form for users to report problems or legal issues.
Users can request corrections to false information generated about them or object to data processing, which is required when relying on legitimate interests under EU law.
Additionally, users can request content removal under Google’s policies or applicable laws, which serves as the closest option to requesting the deletion of personal data from the AI model.
Google also allows users to control the retention of their Bard activity data, with default storage of up to 18 months.
Users can adjust this to three or 36 months or completely disable activity logging and delete their Bard activity through a specific link.
Google’s approach to transparency and user control for Bard appears similar to changes OpenAI made to ChatGPT following regulatory scrutiny by the Italian Data Protection (DPA).
ChatGPT faced a temporary suspension in Italy, and OpenAI addressed data protection concerns by adding privacy disclosures, opt-out options for data processing, data deletion requests, and age-gating measures.
The Italian DPA initiated an investigation into ChatGPT, while other EU DPAs are also investigating it.
As OpenAI is not primarily established in any EU Member State, it faces greater regulatory risk and uncertainty compared to Google.
YOU MAY ALSO LIKE: Tesla Announces Tax Slashes For Some Of Its Models
The EDPB taskforce aims to mitigate regulatory uncertainties by establishing common enforcement positions on AI chatbots. However, different approaches by DPAs are expected.
France’s CNIL, for instance, has emphasized protecting publicly available web data against scraping, which impacts both OpenAI and Google.
