Tech
Irish privacy watchdog awaiting clarity from EU on AI regulation
The incoming government will decide whether to make the Irish data protection authority also the national watchdog for the AI Act.
The Irish data protection authority waiting to hear from the European Data Protection Board – the umbrella organisation of the national privacy regulators – for details on how to deal with AI questions under the EU’s privacy rules, data protection commissioners Des Hogan and Dale Sunderland told Euronews.
Following the Irish request, the EDPB will now provide an opinion on the topic before the end of the year.
“That’ll then give us some further guidance on how to address these issues. For example, does personal data continue to exist within the training model?” asked Sunderland, speaking on Wednesday on the sidelines of a data privacy conference in Brussels.
“It’s the first time we made such a request, to ensure that there will be harmonisation in Europe so that all regulators by the end of the year will have that, by which we can then apply it locally,” Hogan added.
“Because what we were finding is that there were a lot of questions being raised. A lot of companies were doing things differently,” he added.
Sunderland and Hogan, who is also the chair of the Irish DPC, took up their roles in February, succeeding Helen Dixon, who held the job for almost ten years.
Over the summer, the authority has already become widely involved in AI related questions under the General Data Protection Regulation (GDPR), as online platforms including X, Meta and Google – many of which are headquartered in Dublin for European operations – seek to roll-out their large language models, often using personal data of EU users to train their AI.
They might see their role expand as the country’s incoming government will have to decide after the 29 November election which authority will oversee national compliance with the AI Act. National governments have until August next year to notify the European Commission about their choices.
Difficult regulatory environment
The Irish restrictions about Big Tech using EU data for their AI led to resistance by some of these big players. Meta, for example, complained about the difficult regulatory environment and the risk of Europe falling further behind in an open letter, together with CEOs from other tech companies.
Hogan said that the regulator has bilateral meetings with all the companies and they know the Irish position “very well”.
“Some companies from time to time are not happy with our approach. And sometimes we have to use more enforcement powers where there is not, in our view, GDPR compliance. So we have to do that by going to court, like we did in August,” he added.
Besides the rise of AI questions, the Irish regulator’s main task is still overseeing GDPR compliance. Big Tech takes up some 12% of all cases, the commissioners said.
“We have two more Big Tech decisions which we expect to finalise by the end of the year,” Hogan said.
Last month, the DPC fined LinkedIn €310m for failing to tell users how their data was being deployed for behavioural analysis and targeted advertising, and Meta was hit with a €91m fine for failing to protect users’ passwords.