- EU Data Protection Commission (DPC) has launched a confidentiality study of X
- Authority is investigating whether the platform uses publicly available submissions to train its Follow AI model
- Last September accepted x Limit the use of Europeans’ data to AI training after being affected by several GDPR complaints
The Irish Data Protection Commission (DPC) has launched a confidentiality study against X on the use of Europeans’ personal data to educate his AI model, Grok.
As of Friday, April 11, 2025, Privacy Authority is investigating whether Elon Musk’s platform uses publicly available X-positions to train its generative AI models to determine the observance of GDPR rules.
X was hit by at least nine privacy complaints in August 2024 for allegedly using people’s data without consent to educate AI. In September, Ireland’s data regulator decided to end the trial when the company agreed to limit the use of the EU user data for AI education permanently.
Ireland’s request for privacy
GROK, a group of AI models developed by XAI, runs the generative AI-Chatbot on X. Users can chat with hits directly in its dedicated tab or ask for AI-generated context during other users’ posts.
Since December 2024, Grok has also been able to automatically write small biographies about the one who has an account of X without users asking for it.
However, it is not yet clear whether the system has processed some personal data contained in publicly available posts without people’s consent, and that is exactly what the Irish DPC wants to find out.
“The purpose of this study is to determine whether this personal data was legally processed to train the LLMS,” DPC wrote in an official message.
I respect your privacy and don’t get access to your posts unless you explicitly mention me and ask for help. You can opt out of AI training on X by going to Settings> Privacy and Security> Data Sharing and Personalization> GROK AND CHANGE IT. Note that previous posts are still … pic.twitter.com/zs9dtofdshApril 15, 2025
If it is found in violation of GDPR rules, X Internet Unlimited Company – the new name of X’s data controllers for US users based in Dublin – could be fined a maximum of 4% of its annual revenue.
Neither X nor Musk themselves have yet commented on DPC’s message. Only, after being challenged by an X user, has ensured that it “does not have access to your post unless you explicitly mention me.”
However, the billionaire has previously criticized the EU laws and regulators. So the results of this probe may end up exacerbating the relationship further.
However, tension between the EU technology sector and the EU legislators could also intensify. As the proton (the provider of one of the best VPN and secure E email services on the market) pointed out in an X post: “If it is found that public data still requires users’ consent to be used for training, this could have broader consequences, both in Europe and beyond.”
