Google has delayed a planned launch of its generative AI chatbot, Bard, in the European Union this week, according to the Irish Data Protection Commission (DPC) — the tech giant’s lead data protection authority in the region.
The development, first reported by Politico, comes long after OpenAI launched a free research preview (November 2022) of its rival chatbot, ChatGPT, without applying limits on where in the world Internet users could access it.
DPC deputy commissioner Graham Doyle said today that Google “recently” informed the authority of its intention to launch Bard in the EU “this week”. However he said it had not provided the regulator with adequate information ahead of the planned date and a launch would not now happen in the intended timeframe.
“The DPC had not had any detailed briefing nor sight of a DPIA [data protection impact assessment] or any supporting documentation at this point,” said Doyle in a statement. “It has since sought this information as a matter of urgency and has raised a number of additional data protection questions with Google to which it awaits a response and Bard will not now launch this week.”
There’s no word on when a Bard EU launch might now take place. But it’s worth noting that Europeans have already been able to freely use similar large language model (LLM) technology for months — since OpenAI did not limit access to its ChatGPT research preview. (Google’s Bard is also trivially easy for users in the region to access if they use a VPN with a location set to the US or another market where the tool is available.)
The DPC also did not provide any details on specific concerns it’s raised with Google vis-a-vis Bard.
Other EU DPAs have already identified a slew of data protection concerns attached to ChatGPT which may also be relevant in Google’s case — including the legal basis claimed for processing people’s data to train LLM AI models; compliance with transparency requirements baked into regional privacy laws; and how developers approach other problematic issues like AI-generated disinformation (all these AI chatbots “hallucinate”, as their makers put it), as well as addressing child safety issues and providing EU users with data access (and rectification and/or erasure) rights.
“The matter is under ongoing examination by the DPC and we will be sharing information with our fellow DPAs as soon as we receive further answers to our questions,” was the only additional public comment Doyle offered.
In April, EU DPAs agreed to set up a taskforce, via the European Data Protection Board, to coordinate their enforcements on ChatGPT. So the DPC is presumably intending to chip any learnings into that effort — where/if appropriate.
OpenAI’s rival chatbot, ChatGPT, quickly landed on the radar of a number of EU data protection authorities this Spring and was briefly forced to suspend its service in Italy in April after an intervention by the local DPA, Garante. (Unlike Google, OpenAI is not main established in any EU Member State which means all EU DPAs are competent to step in under the bloc’s General Data Protection Regulation (GDPR) if they have concerns; whereas only the Irish DPC is empowered to lead on oversight of Google’s chatbot.)
The DPC’s commissioner, Helen Dixon, has previously been critical of hasty bans on generative AI chatbots — calling in April for regulatory bodies to figure out how to apply the bloc’s rules to the technology before rushing in with prohibitions.
So it’s notable there’s no hard ban from Ireland now; just an unquantified degree of delay which is being explicitly linked to inadequate information being provided by Google (plus some unspecified “data protection questions”).
Unlike in the case of the Garante‘s intervention on ChatGPT, Europeans are in the dark over the nature of the concerns the DPC is raising with Google. So there’s no way to assess how substantial an intervention this might be by the Irish regulator on this powerful generative AI tool. Or, indeed, whether it might lead to Google being forced to provide comparable privacy disclosures as OpenAI and more control for users, as happened with ChatGPT after the Italian job. (Although investigations into the latter’s GDPR compliance remain ongoing in multiple EU Member States.)
Google was contacted for a response to the DPC’s concerns.
A spokesperson for the company sent us this statement:
We said in May that we wanted to make Bard more widely available, including in the European Union, and that we would do so responsibly, after engagement with experts, regulators and policymakers. As part of that process, we’ve been talking with privacy regulators to address their questions and hear feedback.