**EU’s Data Protection Concerns**
X’s AI Training Data Raises Privacy Concerns
The Irish Data Protection Commission (DPC) has announced an inquiry into X Internet Unlimited Company (XIUC), Elon Musk’s newly renamed Irish entity for his social media platform. The investigation focuses on whether XIUC’s processing of publicly accessible posts from EU users to train its Grok AI models complies with the General Data Protection Regulation (GDPR).
How X Utilizes User-Generated Content
X uses user-generated content to train its machine learning models. Specifically, the platform shares publicly accessible data – including posts, profiles, and user interactions – with xAI to develop and refine Grok, the chatbot now embedded in the platform. This practice has raised privacy concerns, as users were initially opted in by default, leading to scrutiny over compliance with data protection regulations.
- Publicly accessible posts are used to train the AI models, which may contain personal data from EU users.
- The data is shared with xAI to develop and refine the chatbot.
- Users were initially opted in by default, leading to concerns over transparency and legal basis.
Acquisition of xAI by X
The tie-up between X and xAI became closer in March, when xAI acquired the social media platform in an all-stock deal valued at $33 billion. This merger puts both the data and the AI engine under the same Musk-controlled roof. The acquisition raises concerns about the processing of personal data and the potential for non-compliance with GDPR regulations.
Regulatory Scrutiny
Companies in control of large language models (LLMs) have regularly come under scrutiny from EU regulators and member states over their data processing practices. The European Commission has become the first jurisdiction to pass comprehensive AI legislation: the Artificial Intelligence Act. The inquiry into X is a prime example of this regulatory scrutiny.
Past Investigations
X has already faced EU investigations, with Musk’s personal social media platform becoming one of the first companies to face formal proceedings under the EU’s Digital Services Act. The European Commission launched an inquiry in late 2023 over concerns that X may have been falling short on obligations around risk management, content moderation, and algorithmic transparency.
| Company | Investigation Topic | Outcome |
|---|---|---|
| X | Digital Services Act | Inquiry launched |
| OpenAI | GDPR complaints | Complaints alleging inaccurate information and lack of correction mechanism |
Transatlantic Trade Tensions
The investigation into X comes against a backdrop of rising transatlantic trade tensions. The Trump administration’s fluctuating tariff policies have introduced significant uncertainty into global trade. In response, the EU has floated potential countermeasures targeting US companies, should trade negotiations break down. However, there is no indication that the two issues are directly connected.
“The purpose of this inquiry is to determine whether this personal data was lawfully processed in order to train the Grok LLMs.”
— The Irish Data Protection Commission (DPC)
EU’s Data Protection Concerns Surrounding X’s AI Chatbot
X, Elon Musk’s social media platform, is once again under the regulatory microscope in Europe. This time, the focus is on the platform’s use of EU users’ publicly accessible posts to train its Grok AI chatbot. The Irish Data Protection Commission (DPC) has launched an investigation into X Internet Unlimited Company (XIUC), the newly renamed Irish entity responsible for X, to determine whether the processing of this data complies with the General Data Protection Regulation (GDPR). The DPC’s inquiry considers the use of a subset of publicly accessible posts posted on the X platform by EU/EEA users, specifically personal data comprised in these posts. The investigation aims to determine whether this data was lawfully processed for the purpose of training the Grok LLMs. X’s use of user-generated content to train its machine learning models has raised privacy concerns. Users were initially opted in by default, which has led to scrutiny over transparency and legal basis. The tie-up between X and xAI, a company that provides AI services, has become closer in March, with xAI acquiring X in an all-stock deal valued at $33 billion. This merger puts both the data and the AI engine under the same Musk-controlled roof, raising concerns about the processing of personal data and potential non-compliance with GDPR regulations. Companies in control of LLMs have regularly come under scrutiny from EU regulators and member states over their data processing practices. The European Commission has passed comprehensive AI legislation, including the Artificial Intelligence Act. X has already faced EU investigations, with Musk’s personal social media platform becoming one of the first companies to face formal proceedings under the EU’s Digital Services Act. The investigation into X comes against a backdrop of rising transatlantic trade tensions. The DPC has confirmed that the investigation has no connection to ongoing trade tensions. The investigation has been examining the issue since last summer. X has been reached for comment, but has not responded. As the EU’s data protection concerns surrounding X’s AI chatbot continue to unfold, it remains to be seen whether the platform will comply with GDPR regulations. The inquiry into X is a significant development in the EU’s efforts to regulate the use of AI and machine learning models. The outcome of this investigation will have implications for the future of data protection in the EU and beyond.
