Artificial Intelligence & Machine Learning , General Data Protection Regulation (GDPR) , Next-Generation Technologies & Secure Development

Irish DPC Sues X Over Harvesting Data for Grok AI Bot

Regulators Told Irish High Court That X, Formerly Twitter, Violated GDPR Rules
Irish DPC Sues X Over Harvesting Data for Grok AI Bot
The Four Courts building in Dublin, where Ireland's High Court sits. (Image: Shutterstock)

The Irish data regulator sued social media platform X, accusing the service of wrongfully harvesting users' personal data for its artificial intelligence application Grok.

See Also: OnDemand | Fireside Chat: Staying Secure and Compliant Alongside AI Innovation

The Irish Data Protection Commission asked the High Court of Ireland in Dublin on Tuesday to stop the social media network from using account holder data to train the large language model.

The online platform, known as Twitter before its acquisition by mercurial multi-billionaire Elon Musk, startled some users in July by adding a setting allowing it to collect user data to train Grok and setting the default to "on."

Musk billed the bot, initially known as "TruthGPT," as "a maximum truth-seeking AI that tries to understand the nature of the universe." X has promised that the system will "answer spicy questions that are rejected by most other AI systems" and touted its "anti-woke" properties. A conservative YouTube personality in December decried it for being "damn near as woke" as ChatGPT, leading Musk to respond that "Grok will get better. This is just the beta."

Grok is available to X Premium users on a subscription basis.

During a hearing on Tuesday, Irish regulators told the court that X violated the General Data Protection Regulation. They also said Twitter failed to respond to its repeated requests to halt the processing of user data or to ensure privacy compliance for the newest version of Grok, set to be released this month, the Irish Examiner reported.

Under the GDPR, companies must first obtain consent from European data subjects to process their data. The newly enforced European Union Artificial Intelligence Act also mandates also mandates the same especially before using customer data for AI data training and other processing requirements (see: EU AI Act Enters Into Force).

Although X introduced opt-out choices for its users to exclude their data from Grok training datasets, the company failed to bring all its data processing measures under compliance, the DPC told the court.

Twitter did not immediately respond to a request for comment. The company is not the only social network facing scrutiny from European regulators. Meta in June postponed the launch of its AI systems trained with data taken form European Instagram and Facebook users weeks after a rights group lodged a complaint against the company with 11 European data regulators (see: Meta Delays Data Harvesting for AI Plans in Europe).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.