Google has postponed the planned launch of its generative AI chatbot, Bard, in the European Union (EU) due to privacy concerns raised by the Irish Data Protection Commission (DPC), Google’s lead data protection authority in the region. The decision comes after OpenAI launched its rival chatbot, ChatGPT, without imposing access limitations for users worldwide. The DPC stated that Google did not provide sufficient information ahead of the intended launch, leading to the postponement of Bard’s EU debut. This article explores the privacy concerns surrounding Bard, the regulatory challenges it faces, and the implications for Google’s compliance with EU data protection regulations.
Insufficient Information Provided to the DPC: According to the DPC, Google recently informed the authority of its intention to launch Bard in the EU but failed to provide the regulator with the necessary information, including a data protection impact assessment (DPIA) and supporting documentation. As a result, the DPC raised data protection questions with Google and awaits a response. Consequently, the launch of Bard in the EU will not proceed as initially planned.
EU Access to Similar Language Models: While the launch of Bard in the EU is delayed, it is worth noting that European users have already had access to similar large language models (LLMs), including OpenAI’s ChatGPT. OpenAI did not limit access to its ChatGPT research preview, allowing Europeans to freely use the technology. Users in the EU can also easily access Bard by using a virtual private network (VPN) with a location set to the United States or another market where the tool is available.
Data Protection Concerns and Coordination Among DPAs: Data protection authorities (DPAs) in the EU have raised concerns regarding ChatGPT, which may also be relevant to Bard. These concerns include the legal basis for processing user data, compliance with transparency requirements under regional privacy laws, addressing issues of AI-generated disinformation, ensuring child safety, and providing users with data access and rights. The DPC continues to examine these matters and plans to share information with fellow DPAs once it receives further answers from Google.
Delays and Regulatory Oversight: The DPC’s decision to postpone Bard’s EU launch is not a ban but rather a response to inadequate information provided by Google. Unlike the Italian Data Protection Authority’s intervention on ChatGPT, specific details of the concerns raised by the DPC have not been disclosed. The delay may prompt Google to provide privacy disclosures and enhanced user control similar to those required for ChatGPT. Investigations into ChatGPT’s compliance with the General Data Protection Regulation (GDPR) are ongoing in multiple EU Member States.
Google’s Response: Google has acknowledged its intent to make Bard more widely available, including in the EU, and has committed to engaging with experts, regulators, and policymakers to ensure responsible deployment. The company has been in discussions with privacy regulators to address their questions and receive feedback.
Conclusion: Google’s postponement of the EU launch of its AI chatbot Bard highlights the privacy concerns and regulatory challenges associated with large language models. The DPC’s intervention emphasizes the need for comprehensive information and compliance with EU data protection regulations. As discussions continue between Google and privacy regulators, the implications for Bard’s privacy disclosures and user control remain uncertain. Google’s engagement with experts, regulators, and policymakers will play a crucial role in addressing these concerns and ensuring responsible deployment of Bard in the EU.