Google logo and sign on building in Dublin showing AI chatbot privacy concerns

Rollout of Google’s AI Chatbot Held up in EU Over Privacy Concerns

Google’s “Bard” AI chatbot is essentially still in a public beta phase, but is becoming more and more accessible around the world: it’s now available in 180 countries in multiple languages, and as of early May became available to the general public without a waitlist. The European Union (EU) members will have to wait a little longer, however, as a data protection impact assessment must first be conducted to address privacy concerns.

After several countries in the bloc took issue with ChatGPT’s transparency and handling of user data, the Irish Data Protection Commission (DPC) has opted to take a more cautious approach to assess whether the product is rolling out with any potential General Data Protection Regulation (GDPR) violations in place. Google had originally planned to roll the new AI chatbot out in the region in mid-June.

Bard AI chatbot facing greater scrutiny after ChatGPT missteps

The Irish DPC is the lead regulator for Google, given that it keeps its regional headquarters in Dublin. After being informed of the planned launch of the AI chatbot in the EU, the DPC instructed Google to file a data protection impact assessment (as required by regional privacy  laws). That assessment has not yet arrived, and the DPC has informed Google that it will not be launching the product in the bloc just yet.

Google has told media outlets that it is in discussion with regulators about privacy concerns, but has not yet provided a specific comment on the documents it has been asked to provide. That means an indefinite wait for the new AI chatbot in EU countries, as it remains unclear exactly what potential violations regulators are concerned about.

A general idea is provided by prior issues with ChatGPT that unfolded in recent months. Italy banned the popular AI chatbot over questions about whether it was adequately protecting the personal information of minors and being properly transparent about how general personal data is stored and used. That ban was lifted on May 15 after ChatGPT developer OpenAI committed to addressing the listed privacy concerns, but it has prompted deeper investigations in a number of other EU countries.

While it is not formally banned as of yet, Bard is the only one of the broadly available AI chatbots from major tech companies that remains out of reach throughout the EU. Though it remains under investigation by some EU data protection authorities, ChatGPT is now available as are other very similar options such as Bing AI.

Chatbot privacy concerns have yet to be seriously tested by GDPR complaints

Regulation is running behind AI chatbots as companies roll them out in “beta” or “test” versions, often lacking the full range of features they will eventually have. But even in these limited “test” forms they are already processing a tremendous amount of personal and sensitive information, and privacy concerns abound as there is often little insight into how this data might be used or where it might unexpectedly pop up.

Google Bard is comparable to the already available AI chatbots, but offers several added features such as the ability to have images from the company’s extensive search capabilities attached to responses. However, early tests of it found that it is having similar problems: coming back with factually incorrect answers, not knowing how to discern quality sources of information, and taking excessive amounts of time to answer questions. Its early performance was also markedly worse than that of primary rivals ChatGPT and Bing Chat, often failing to come up with answers to questions that other large language models were able to handle.

A long gauntlet of assorted legal challenges await AI chatbots, not the least of which are potential intellectual property violations in its sourcing and the possibility of its training models creating biases. Data privacy concerns appear to be first on the list, however, at least in the EU. Among the other concerns that OpenAI had to address to get ChatGPT re-listed in Italy were the ability of people to access and correct (or remove) their own stored personal data, recourse when the AI somehow generates a “falsity” about someone, and clear establishment of a legal basis to process data under GDPR terms.

The ChatGPT issue prompted the EU’s DPAs to set up a task force to coordinate enforcement, an immediate step toward bloc-wide standards for AI chatbots and penalty terms for potential incidents. The AI Act was also passed last week, creating more formalized review requirements for these apps before they can be made available as well as upholding a ban on real-time biometric identification systems. AI privacy concerns are also presently at the forefront of discussion in the UK, where Prime Minister Rishi Sunak has called for the first global AI safety summit to be held in London sometime in 2023.