Connor Humphreys
DUBLIN (Reuters) – The world's biggest internet companies are working closely with European Union regulators to ensure their artificial intelligence products do not breach the bloc's tough data protection rules, Ireland's powerful data regulator said on Wednesday.
The Irish Data Protection Commission, the EU regulator for Alphabet Inc's Google, Meta, Microsoft, TikTok and OpenAI, said its broad powers have not yet been tested in AI and could in future force changes to business models to ensure data privacy is protected.
The two top Irish data protection commissioners said in an interview on Tuesday that AI raises a number of potential issues regarding data privacy.
Regulators will need to decide whether companies should be allowed to search the internet for public data to train their AI models, and on what legal basis they can use personal data.
AI providers will also have to demonstrate how they can guarantee individuals' data rights, including the right to erasure, and they will also need to address the risk that AI models will provide inaccurate personal data about individuals, the Irish authorities said.
Dale Sunderland, one of the Irish regulator's two data protection commissioners, said there had been “extensive engagement” from major US tech companies, including Google, Meta, TikTok, LinkedIn and Open AI.
“They've asked us for our opinion on some new products in the AI space, especially in the large-scale language model space.”
He said Google had agreed to the delay and changes to its Gemini AI chatbot following discussions with Irish regulators.
Ireland is the main regulator for major U.S. internet companies as most of them have their EU headquarters in Ireland, but other regulators can also have a say in the decision through the European Data Protection Board, which is currently drawing up guidance on how AI should work under EU data protection law, he said.
Starting next month, AI model operators will have to comply with the EU's groundbreaking new AI law, but they will also have to comply with the union's main data protection law, the General Data Protection Regulation, which can impose fines of up to 4% of a company's total global turnover.
“National regulators, including ours, have very broad powers,” said Des Hogan, Ireland's other data protection commissioner and chair of the commission.
“If you don't do proper due diligence on the impact of new products and services, you run the risk of having to make design changes downstream.”
(Reporting by Conor Humphreys in Dublin; Editing by Matthew Lewis)
