Artificial Intelligence & Machine Learning , General Data Protection Regulation (GDPR) , Next-Generation Technologies & Secure Development
Irish DPC Sues X Over Harvesting Data for Grok AI Bot
Regulators Told Irish High Court That X, Formerly Twitter, Violated GDPR RulesThe Irish data regulator sued social media platform X, accusing the service of wrongfully harvesting users' personal data for its artificial intelligence application Grok.
See Also: OnDemand | Fireside Chat: Staying Secure and Compliant Alongside AI Innovation
The Irish Data Protection Commission asked the High Court of Ireland in Dublin on Tuesday to stop the social media network from using account holder data to train the large language model.
The online platform, known as Twitter before its acquisition by mercurial multi-billionaire Elon Musk, startled some users in July by adding a setting allowing it to collect user data to train Grok and setting the default to "on."
Musk billed the bot, initially known as "TruthGPT," as "a maximum truth-seeking AI that tries to understand the nature of the universe." X has promised that the system will "answer spicy questions that are rejected by most other AI systems" and touted its "anti-woke" properties. A conservative YouTube personality in December decried it for being "damn near as woke" as ChatGPT, leading Musk to respond that "Grok will get better. This is just the beta."
Grok is available to X Premium users on a subscription basis.
During a hearing on Tuesday, Irish regulators told the court that X violated the General Data Protection Regulation. They also said Twitter failed to respond to its repeated requests to halt the processing of user data or to ensure privacy compliance for the newest version of Grok, set to be released this month, the Irish Examiner reported.
Under the GDPR, companies must first obtain consent from European data subjects to process their data. The newly enforced European Union Artificial Intelligence Act also mandates also mandates the same especially before using customer data for AI data training and other processing requirements (see: EU AI Act Enters Into Force).
Although X introduced opt-out choices for its users to exclude their data from Grok training datasets, the company failed to bring all its data processing measures under compliance, the DPC told the court.
Twitter did not immediately respond to a request for comment. The company is not the only social network facing scrutiny from European regulators. Meta in June postponed the launch of its AI systems trained with data taken form European Instagram and Facebook users weeks after a rights group lodged a complaint against the company with 11 European data regulators (see: Meta Delays Data Harvesting for AI Plans in Europe).