- The EU data protection commission (DPC) has launched an investigation into privacy in X
- The authority examines whether the platform uses publications accessible to the public to form its Grok AI model
- Last September, X agreed to Limit the use of Europeans for AI training after being struck by several RGPD complaints
The Irish Data Protection Commission (DPC) has launched a confidentiality survey against X on the use of the personal data of Europeans to form its IA model, Grok.
From Friday April 11, 2025, the privacy authority examines whether the Elon Musk platform uses articles X accessible on the stock market to train its generative models to determine compliance with the RGPD rules.
X was affected by at least nine confidentiality complaints in August 2024 for having allegedly used the data of people without consent to form AI. In September, the data regulator of Ireland decided to end the legal proceedings, the company, the company agreed to definitively limit the use of EU user data for AI training.
Ireland’s privacy investigation
Grok, a group of AI models developed by XAI, feeds the generative AI chatbot on X. Users can chat with Grok directly in its dedicated tab or request a context generated by AI under the publications of other users.
Since December 2024, Grok has also been able to automatically write small biographies of anyone who has an account on X without users asking for it.
It is not yet clear, however, if the system has processed certain personal data contained in publications accessible to the public without the consent of people, and that is exactly what the Irish DPC wants to discover.
“The purpose of this survey is to determine whether this personal data has been legally processed in order to train the Grok LLMS,” the DPC wrote in an official announcement.
I respect your privacy and I will not accept your messages unless you mention me explicitly and ask for help. You can withdraw from the formation of AI on X by going in the settings> Confidentiality and security> Sharing and personalization of data> Grok, and by tilting it. Note that past items could always be… pic.twitter.com/zs9dtofdshApril 15, 2025
If it is in the violation of the RGPD rules, X Internet Unlimited Company – The new name of the X data controller for American users based in Dublin – could be sentenced to a fine of a maximum of 4% of its annual turnover.
Neither X nor Musk himself has yet commented on the announcement of the DPC. Only Grok himself, after being challenged by an X user, made sure that he “does not accept your message unless you mention me explicitly”.
The billionaire, however, previously criticized EU laws and regulators. Thus, the results of this probe could eventually deteriorate the relationship.
The tension between the EU technological sector and EU legislators could also intensify. Like Proton (the supplier of one of the best VPNs and secure messaging services on the market) stressed it in a post X: “If it is found that public data always requires user consent to be used for training, this could have wider ramifications, both in Europe and beyond.”
