Ireland’s Data Protection Commission (DPC) has launched an investigation into the social media platform X (formerly Twitter) over its use of personal data from European Union (EU) users to train its AI system, Grok. The probe comes amid concerns about the company’s compliance with the EU’s stringent General Data Protection Regulation (GDPR), which governs how personal data is collected, processed, and used.
X has faced increasing scrutiny over the past months regarding its handling of personal data. In response to the investigation, X has agreed to halt the training of its AI systems with personal data gathered from EU users unless they were given an explicit opportunity to withdraw their consent. This development marks a significant step in addressing concerns raised by privacy advocates and regulators alike about how AI systems leverage vast amounts of personal information without users’ full awareness.
The DPC’s investigation will focus on whether X has violated GDPR provisions, particularly those related to transparency, consent, and the lawful processing of personal data. Under GDPR, companies must obtain clear and explicit consent from individuals before using their personal data for purposes such as training AI models. Furthermore, users must be informed about their rights and given the ability to opt out of such data usage.
As the lead EU regulator for X, Ireland’s DPC has the authority to impose significant penalties. If X is found to be in violation of the GDPR, the company could face fines as high as 4% of its global revenue, a potential financial blow given the platform’s vast user base and market value.
The outcome of this investigation could have far-reaching implications for AI development and data privacy standards across the tech industry. With AI’s increasing reliance on vast datasets, companies will likely face greater scrutiny on their data usage practices, especially in regions like the EU where privacy laws are among the strictest in the world.
