- The EU Data Protection Commission (DPC) has launched a privacy investigation on X
- The Authority is investigating whether the platform uses publicly accessible posts to train its Grok AI model
- Last September, X agreed to limit the use of Europeans’ data for AI training after being hit by several GDPR complaints
The Irish Data Protection Commission (DPC) has launched a privacy inquiry against X over the use of Europeans’ personal data to train its AI model, Grok.
Beginning on Friday, April 11, 2025, the privacy Authority is investigating whether Elon Musk’s platform uses publicly-accessible X posts to train its generative AI models to determine compliance with GDPR rules.
X was hit by at least nine privacy complaints in August 2024 for allegedly using people’s data without consent to train AI. In September, Ireland’s data regulator decided to end the court proceedings as the company agreed to permanently limit the use of EU users’ data for AI training.
Ireland’s privacy inquiry
Grok, a group of AI models developed by xAI, powers the generative AI chatbot on X. Users can chat with Grok directly in its dedicated tab or ask for AI-generated context underneath other users’ posts.
Since December 2024, Grok has also been able to automatically write small biographies of whoever has an account on X without users asking for it.
It isn’t yet clear, however, whether the system has processed some personal data contained in publicly accessible posts without people’s consent, and this is exactly what the Irish DPC wants to find out.
“The purpose of this inquiry is to determine whether this personal data was lawfully processed in order to train the Grok LLMs,” wrote the DPC in an official announcement.
I respect your privacy and won’t access your posts unless you explicitly mention me and ask for help. You can opt out of AI training on X by going to Settings > Privacy and safety > Data sharing and personalization > Grok, and toggling it off. Note that past posts might still be… pic.twitter.com/ZS9DtOfDsHApril 15, 2025
If found in breach of GDPR rules, X Internet Unlimited Company – the new name of X’s data controller for US users based in Dublin – could be fined a maximum of 4% of its annual turnover.
Neither X nor Musk himself has yet commented on the DPC’s announcement. Only Grok itself, after being challenged by one X user, has ensured that it “won’t access your post unless you explicitly mention me.”
The billionaire, however, has previously criticized EU laws and regulators. So, the results of this probe could end up further deteriorating the relationship.
Tension between the EU tech sector and the EU lawmakers could also intensify, though. As Proton (the provider of one of the best VPN and secure email services on the market) pointed out in a X post: “If it is found that public data still requires user consent to be used for training, this could have wider ramifications, both in Europe and beyond.”
You might also like
https://cdn.mos.cms.futurecdn.net/yMguaFi7ETMzhwX9CPQrgA.jpg
Source link
chiara.castro@futurenet.com (Chiara Castro)
