Google’s AI Token‑maxxing and 24/7 Agents Raise Fresh GDPR and CCPA Compliance Questions

Google’s I/O keynote was a showcase of raw compute power: the company now processes 3.2 quadrillion AI tokens per month and plans to spend up to $190 billion on capital expenditures this year. While the headline numbers impress developers, they also trigger serious data‑protection red flags for regulators and users alike.

---

What happened?

Sundar Pichai used the stage to brag about “tokenmaxxing” – the massive increase in the number of data units fed to Google’s Gemini models. He also unveiled Gemini 3.5 Flash, a faster, cheaper model, and Gemini Spark, a 24/7 AI agent that can act on a user’s behalf across Gmail, Docs, Chrome and third‑party tools.

Key points:

• Token volume: 3.2 quadrillion tokens/month, up from 480 trillion a year ago.
• Capital spend: $180‑190 billion projected for 2026, a six‑fold jump from 2022.
• New agents: Spark runs continuously on dedicated VMs, can read emails, schedule meetings, and even generate slide decks without user interaction.
• SynthID expansion: Google will embed AI‑watermarking and C2PA content‑credential checks into Search and Chrome.

These announcements are technically impressive, but they also widen the surface area where personal data is collected, processed, and acted upon.

Legal basis – why regulators are watching

GDPR (EU)

• Article 5(1)(b) – Purpose limitation: Tokens may contain personal data (e.g., email text, document excerpts). Using them for “general AI inference” must be compatible with the original purpose for which the data was collected.
• Article 6 – Lawful basis: Google must rely on explicit consent or a legitimate interest assessment for each token‑processing activity. Continuous agents that act autonomously raise the bar for demonstrating a legitimate interest.
• Article 25 – Data‑by‑design and by‑default: Deploying agents that run 24/7 requires built‑in safeguards (e.g., minimisation, purpose‑specific token filters). The GDPR expects privacy‑preserving defaults, not a “set‑and‑forget” model.
• Article 32 – Security of processing: The sheer volume of tokens increases the risk of a breach. GDPR demands appropriate technical and organisational measures proportionate to the risk.
• Article 83 – Administrative fines: Violations can lead to penalties up to €20 million or 4 % of global turnover, whichever is higher. For a company with a 2025 revenue of $300 billion, that ceiling is roughly $12 billion.

CCPA / CPRA (California)

• Section 1798.100 – Right to know: California residents must be able to request a copy of the personal information processed, including any token‑derived insights.
• Section 1798.105 – Right to delete: Users can demand deletion of personal data. Continuous agents that store snapshots of emails or calendar events must honor such requests promptly.
• Section 1798.115 – Non‑discrimination: Offering cheaper pricing tiers (e.g., the $100/month Ultra plan) while restricting certain privacy controls could be seen as discriminatory under the CPRA.
• Penalties: Up to $7,500 per intentional violation and $2,500 per unintentional violation; statutory damages can quickly climb into the millions for large‑scale infractions.

Emerging AI‑specific rules

• The EU AI Act (proposed) classifies high‑risk AI systems that affect personal data. Continuous agents that make decisions on behalf of users could fall under the “high‑risk” category, triggering conformity assessments and mandatory transparency logs.
• California’s AI Transparency Act (effective 2026) requires clear disclosures when AI systems generate content or take actions. Spark’s “was this generated with AI?” prompt is a step forward, but regulators will expect a full audit trail for every automated action.

---

Impact on users and companies

Users

• Privacy erosion: Tokens derived from emails, documents, or even PDFs can contain sensitive identifiers. When processed at quadrillion‑scale, the risk of inadvertent leakage or re‑identification grows.
• Control loss: Autonomous agents can schedule meetings, send messages, or modify files without a real‑time user click. If a token‑filter fails, personal data could be exposed to third‑party APIs (e.g., OpenAI, Kakao, ElevenLabs) that have different privacy standards.
• Transparency gaps: While SynthID adds watermarks, users still lack a clear view of which tokens were used to generate a particular output, complicating the right‑to‑explain under GDPR.

Companies (Google’s enterprise customers)

• Compliance burden: Enterprises must verify that any downstream use of Google’s agents complies with their own GDPR/CCPA obligations. This often means additional contractual clauses, data‑processing agreements, and audit rights.
• Financial exposure: If a breach linked to token processing occurs, both Google and its customers could face joint liability under data‑controller/processor rules, potentially inflating fines.
• Competitive pressure: Smaller cloud providers may market “privacy‑first” AI APIs that limit token‑level access, positioning themselves as safer alternatives for regulated industries.

---

What changes are needed?

1. Granular token consent – Google should allow developers and end‑users to opt‑in to token collection on a per‑use basis, with clear UI prompts that satisfy GDPR’s consent standards.
2. Built‑in minimisation – Tokens should be stripped of identifiers before entering the inference pipeline. Techniques such as differential privacy or on‑device preprocessing can reduce exposure.
3. Audit‑ready logs – Every Spark action must generate an immutable log that records the originating token, the decision made, and the data accessed. This satisfies both GDPR’s accountability principle and the upcoming EU AI Act’s logging requirement.
4. Right‑to‑delete automation – When a user exercises the CCPA deletion right, Spark’s VMs should purge any cached tokens or state instantly, with a confirmation receipt.
5. Third‑party vetting – Partners adopting SynthID (OpenAI, Kakao, ElevenLabs) must sign GDPR‑compliant data‑processing addenda and undergo security assessments before receiving token streams.
6. Regulatory engagement – Google should proactively publish a Data Protection Impact Assessment (DPIA) for Spark and tokenmaxxing, demonstrating risk mitigation and inviting supervisory authority review.

---

Bottom line

Google’s AI ambitions are undeniable, but the regulatory environment is tightening around massive data‑processing operations. The EU’s GDPR, California’s CCPA/CPRA, and nascent AI‑specific statutes demand that token‑level handling be transparent, purpose‑limited, and fully controllable by data subjects. Failure to embed these safeguards could expose Google to fines that dwarf its projected $190 billion capex spend, while eroding user trust in a market that is increasingly sensitive to privacy.

Watchdog note: Keep an eye on the European Data Protection Board’s upcoming guidance on “AI token processing” and the California Attorney General’s enforcement priorities for autonomous agents. Both will shape how Google and its partners must adapt their AI pipelines in the months ahead.