- The EU Data Protection Commission (DPC) has launched a privacy investigation on X
- The authority is investigating whether the platform uses public access publications to train its Grok AI model
- Last September, X agreed Limit the use of European data for the training of AI after being beaten by several GDPR complaints
The Ireland Data Protection Commission (DPC) has launched a privacy investigation against X on the use of European personal data to train their AI, Grok model.
As of Friday, April 11, 2025, the Privacy Authority is investigating whether the Elon Musk platform uses public access X publications to train its generative AI models to determine compliance with the GDPR rules.
X was beaten by at least nine privacy complaints in August 2024 for allegedly using people’s data without consent to train AI. In September, the Ireland data regulator decided to finish the judicial procedures, since the company agreed to permanently limit the use of EU users’ data for AI training.
Ireland Privacy Consultation
Grok, a group of AI models developed by XAI, feeds the generative chatbot in X. Users can chat with Grok directly in their dedicated tab or request a context generated by the IA under the publications of other users.
Since December 2024, Grok has also been able to write automatically small biographies of who has an X account without users requesting it.
However, it is not yet clear if the system has prosecuted some personal data contained in public access publications without the consent of people, and this is exactly what the Irish DPC wants to discover.
“The purpose of this research is to determine whether these personal data were legally processed to train the Grok LLM,” the DPC wrote in an official announcement.
I respect your privacy and will not access your publications unless I explicitly mention me and ask for help. You can choose not to participate in the training of AI in X going to configuration> Privacy and Safety> Expart and personalization of data> Grok, and alternate it. Note that previous publications could still be … pic.twitter.com/zs9dtofdshApril 15, 2025
If it is in breach of the GDPR rules, X Internet Unlimited Company, the new name of the X data controller for American users based in Dublin, could receive a fine of a maximum of 4% of its annual turnover.
Neither X nor Musk have still commented on the announcement of the DPC. Only Grok itself, after being challenged by an X user, has assured that “it will not access its publication unless I explicitly mention me.”
The billionaire, however, has previously criticized EU laws and regulators. So, the results of this probe could end up deteriorating the relationship further.
However, the tension between the EU technological sector and EU legislators could also be intensified. As Proton (the supplier of one of the best VPN and insurance email services in the market) pointed out in an X publication: “If it is found that public data still require user’s consent to be used for training, this could have broader ramifications, both in Europe and beyond.”
You may also like
