Ireland’s data regulator investigates X’s use of European user data to train Grok.

Investigation into X’s Use of Personal Data

Background

Ireland’s data regulator, the Data Protection Commission (DPC), has opened an investigation into Elon Musk’s X over the social media platform’s use of personal data collected from European users to train Grok, a generative AI model.

Concerns Over Data Processing

The DPC will investigate how X processes personal data “comprised” in publicly accessible posts by European users for the purposes of training generative AI models. The regulator has expressed concerns that X may not have a valid legal basis for processing this data, which is a requirement under the EU’s General Data Protection Regulation (GDPR).

Previous Fines

The DPC has a history of imposing significant fines on companies that fail to comply with GDPR regulations. In the past, the agency has fined Microsoft, TikTok, and Meta a total of almost €3 billion (approximately $3.38 billion).

X’s Data Sharing Practices

In 2024, X quietly opted users in to sharing their data with xAI, Musk’s AI company, to train its AI chatbot Grok. Last month, Musk announced that xAI had acquired X. This move has raised concerns about the use of user data for AI training purposes.

Investigation Details

The DPC has the authority to impose fines of up to 4% of a company’s global revenue under GDPR rules. The agency’s latest inquiry comes after it sought a court order last year to restrict X from processing European user data for AI training.

Conclusion

The investigation into X’s use of personal data highlights the importance of transparency and accountability in the processing of user data. The DPC’s actions demonstrate its commitment to enforcing GDPR regulations and protecting the rights of European users.

FAQs

Q: What is the purpose of the investigation?

A: The investigation is to determine whether X has a valid legal basis for processing personal data from European users for the purposes of training generative AI models.

Q: What are the potential consequences of non-compliance with GDPR regulations?

A: Under GDPR rules, companies can face fines of up to 4% of their global revenue for non-compliance.

Q: Has X been fined by the DPC before?

A: No, this is the first time X has been investigated by the DPC.

Q: What is the significance of the DPC’s actions?

A: The DPC’s actions demonstrate its commitment to enforcing GDPR regulations and protecting the rights of European users.