The Irish Data Protection Commission (DPC) has launched an investigation into the AI model Grok. Grok is owned by Elon Musk’s company xAI. This probe is being conducted under the European Union’s General Data Protection Regulation (GDPR).
Role of GDPR and Data Processing Concerns
Since December 2024, Grok has been available to users on the social media platform X. X is also owned by Musk’s xAI. The AI model has been able to generate biographies of individuals who have accounts on X. However, concerns have arisen regarding the processing of personal data of X users in the EU. It remains unclear whether this was done in compliance with GDPR. It remains unclear whether the company followed the required transparency guidelines and other mandatory requirements outlined in the regulation.
DPC’s Focus
The primary focus of the DPC’s inquiry is to investigate whether the personal data was lawfully processed to train the Grok AI model. This follows previous scrutiny of how X handles user data for its AI development. In the summer of 2024, the DPC initiated a probe into X for allegedly unlawfully processing user data for Grok’s training purposes. This investigation was swiftly concluded. X committed to stopping the use of EU users’ data for training Grok and deleting any previously processed data used for this purpose.
GDPR Complaints and the Possible Consequences for X
The scrutiny on X intensified in August 2024 when consumer organizations such as Euroconsumers, Altroconsumo, and the European Center for Digital Rights (Noyb) filed complaints with the Irish DPC. The complaints accused X of multiple violations of the GDPR, further deepening concerns over data protection practices. Under GDPR, X Internet Unlimited Company, which is based in Dublin, faces potential fines of up to 4% of its annual global turnover if found in breach of the law.
