The Irish Data Protection Commission (DPC) has initiated a lawsuit against social media platform X, formerly known as Twitter, alleging improper harvesting of user data for its artificial intelligence application, Grok. The legal action, filed with the High Court of Ireland, seeks to compel X to cease utilizing user data for training Grok, citing violations of the General Data Protection Regulation (GDPR). This regulation requires companies to obtain explicit consent from individuals before processing their personal data, a stipulation that the DPC argues X has breached.
Grok, introduced after Elon Musk’s acquisition of Twitter and the subsequent rebranding to X, is an AI chatbot designed to provide distinctive and provocative responses. In July 2024, X introduced a controversial setting that allowed the platform to automatically collect user data to enhance Grok’s capabilities, setting this option as the default. While users were given the choice to opt out of data collection, the DPC contends that X’s overall data processing practices, including the management of these opt-out mechanisms, do not meet GDPR compliance requirements.
During a court hearing on August 6, 2024, the DPC highlighted X’s repeated failure to adhere to data protection regulations and its inadequate response to requests for compliance adjustments. The new version of Grok, scheduled for release this month, is also under scrutiny for potentially exacerbating privacy issues. The regulator’s lawsuit underscores the broader concerns regarding the intersection of data privacy and AI development, emphasizing the need for rigorous adherence to data protection standards.
This legal action against X is part of a growing trend of increased scrutiny and regulatory actions faced by major technology companies in Europe. For instance, Meta encountered delays in launching AI systems trained with data from European users following similar data privacy challenges. The outcome of the lawsuit against X will likely have far-reaching implications, not only for X’s data handling practices but also for the broader landscape of AI development and data privacy within the EU. The case reflects a broader regulatory push to ensure that tech companies uphold stringent data protection and privacy standards as they advance their technological innovations.
Reference:
