The statutory inquiry[1] concerns the question of whether Google has complied with any obligations that it may have had to undertake an assessment, pursuant to Article 35[2] of the General Data Protection Regulation (Data Protection Impact Assessment), prior to engaging in the processing of the personal data of EU/EEA data subjects associated with the development of its foundational AI model, Pathways Language Model 2 (PaLM 2).
A Data Protection Impact Assessment (DPIA)[3], where required, is of crucial importance in ensuring that the fundamental rights and freedoms of individuals are adequately considered and protected when processing of personal data is likely to result in a high risk.
The DPC pointed out that, under Article 35 of the GDPR, data processors should carry out an impact assessment when data processing “is likely to result in a high risk to the rights and freedoms of individuals.”
This statutory inquiry forms part of the wider efforts of the DPC, working in conjunction with its EU/EEA peer regulators, in regulating the processing of the personal data of EU/EEA data subjects in the development of AI models and systems.
[1] Cross-Border processing means either:
[2] Article 35 of the General Data Protection Regulation (GDPR) provides that a Data Protection Impact Assessment (DPIA) is required where a type of processing, in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of individuals. A DPIA assessment is a key process for building and demonstrating compliance, which ensures that data controllers identify and mitigate against any data protection risks arising from a type of processing that entails a high risk. It seeks to ensure, among other things, that the processing is necessary and proportionate and that appropriate safeguards are in place in light of the risks.
[3] For further information regarding DPIA requirements, please see: Know your obligations - Data Protection Impact Assessments.
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more