Irish watchdog investigates X’s Grok AI for potential GDPR breaches

​The Irish Data Protection Commission (DPC) has initiated a formal investigation into the use of European Union (EU) citizens’ personal data by X, formerly known as Twitter, in training its artificial intelligence (AI) model, Grok. This inquiry aims to assess whether X’s data processing practices align with the General Data Protection Regulation (GDPR) standards. ​

Grok, developed by Elon Musk’s AI venture xAI, was introduced to X users in December 2024. The model utilises large language models trained on extensive datasets, potentially including publicly accessible posts from EU users. The DPC’s investigation seeks to determine if such data was processed lawfully and with adequate transparency, as mandated by the GDPR. ​ Under the GDPR, organisations found in breach of data protection laws can face fines of up to 4% of their annual global turnover. As X’s EU headquarters are located in Dublin, the DPC serves as its lead regulator within the EU. ​

This is not the first time X’s data practices have come under scrutiny. In August 2024, following legal action by the DPC, X agreed to suspend the processing of EU users’ data for AI training purposes and to delete previously collected data used for this purpose. However, the current investigation will examine whether X has adhered to this commitment and if any further GDPR violations have occurred. ​

The outcome of this investigation could have significant implications for how AI models are trained using personal data within the EU, potentially setting precedents for other technology companies operating in the region.​