Google's AI chatbot, Bard, has officially launched in the European Union (EU) after implementing several changes to enhance transparency and user controls. However, the EU's privacy regulators remain vigilant, as key decisions on enforcing the bloc's data protection law on generative AI are still pending.
The Irish Data Protection Commission (DPC), Google's leading data protection regulator in the region, will continue its engagement with Google on Bard post-launch. Google has agreed to conduct a review and report back to the DPC in three months.
Meanwhile, the European Data Protection Board (EDPB) has a taskforce studying AI chatbots' compliance with the pan-EU General Data Protection Regulation (GDPR). The taskforce initially focused on OpenAI's ChatGPT, but Bard's matters will be incorporated into the efforts to harmonize enforcement.
The EU launch of Bard faced a delay after the Irish regulator sought missing information from Google, including a data protection impact assessment (DPIA), a crucial compliance document. The DPC has now reviewed a DPIA for Bard, which will be part of the upcoming three-month review.
Google claims to have "proactively engaged with experts, policymakers, and privacy regulators" on this expansion. However, the tech giant did not provide specific details on steps taken to mitigate its regulatory risk in the EU. Key changes include a new Bard Privacy Hub for user transparency and control, limiting access to Bard to users aged 18+ with a Google Account, and provisions for users to delete their Bard usage activity.
Like OpenAI's ChatGPT, Google's Bard faces similar challenges of regulatory scrutiny, with the EDPB taskforce attempting to achieve a common enforcement stance on AI chatbots among EU DPAs. However, with varying strategic approaches among different authorities, achieving complete consensus may be unlikely.