By 
Elon Musk’s X is facing legal action in Ireland for allegedly using the data of European users to train its AI model, Grok, without their consent, according to RTE. The Irish Data Protection Commission (DPC) has initiated proceedings after discovering that X processed user data for AI training without notifying or obtaining consent from users.
The DPC’s investigation found that the ransomware attack on Advanced’s health and care systems in August 2022 was facilitated through an unsecured customer account lacking multi-factor authentication (MFA). This oversight allowed the ransomware gang, LockBit, to compromise the system and disrupt NHS services across the UK.
The fine, which could exceed £6 million, stems from X’s failure to comply with the General Data Protection Regulation (GDPR), which mandates that any processing of personal data must have a valid legal basis. Breaching these regulations can result in penalties of up to 4% of global annual turnover, making the potential financial impact substantial for X.
The DPC is seeking an injunction against X’s Irish division, Twitter International, over concerns about its handling of user data for AI training purposes. The regulator views this as an urgent risk to users’ rights and freedoms and plans to involve the European Data Protection Board (EDPB) for further guidance on GDPR enforcement.
The GDPR requires companies to have a valid legal basis for processing personal data, which, in X’s case, means obtaining explicit user consent to use their data for AI model training. However, X reportedly began using user data for Grok training in July 2023 without proper notification or consent. Users could only opt out via a hidden setting, and there was no clear communication from X regarding the data use.
In contrast, Meta, which owns Facebook and Instagram, halted its similar plans for AI training in June following GDPR complaints and pressure, including from the DPC. X’s apparent lack of cooperation has led the DPC to seek a High Court injunction.
The DPC is requesting orders to “suspend, restrict, or prohibit” X from processing personal data for AI development. Concerns also arise from X’s imminent release of the next version of Grok, reportedly trained using EU user data.
X has not responded to requests for comment, and the High Court will revisit the injunction proceedings next week.
Since Musk’s acquisition of Twitter, there have been ongoing concerns about his adherence to EU privacy laws. Despite early warnings from the DPC regarding Twitter’s data protection practices, regulatory scrutiny has intensified recently. X has also faced legal challenges in the Netherlands over GDPR compliance and is under investigation by the European Commission for suspected breaches of the Digital Services Act (DSA), which carries even higher penalties.
The outcome of these legal proceedings could significantly impact X’s operations and regulatory compliance moving forward.
Comments