Ireland’s Data Protection Commission has launched an investigation into Elon Musk’s social media platform X after its artificial intelligence chatbot Grok began generating nonconsensual deepfake images of real people. The inquiry, which was announced on Monday, examines whether the platform violated European Union data privacy regulations.
The investigation centers on the creation and publication of potentially harmful, sexualized images involving personal data of European users, including children. These images were generated using the artificial intelligence functionality associated with Grok, a large language model built by Musk’s company xAI and accessible through the X platform.
Deputy Commissioner Graham Doyle stated that the Data Protection Commission has been engaging with X Internet Unlimited Company since media reports first surfaced several weeks ago. Those reports described the alleged ability of X users to prompt the Grok account to generate sexualized images of real individuals, including minors. The commission notified X of its decision to commence the inquiry on February 16.
What the Investigation Will Examine
The Data Protection Commission will determine whether X complied with its obligations under the General Data Protection Regulation, the strict data privacy framework governing the 27-nation European Union. As the lead supervisory authority for X across the EU and European Economic Area, the Irish regulator holds jurisdiction because X’s European headquarters are located in Dublin.
The inquiry will specifically examine X’s compliance with several fundamental GDPR provisions. These include the principles of data processing, the lawfulness of processing, data protection by design and by default, and the requirement to carry out a data protection impact assessment before deploying such technology.
Violations of GDPR can result in substantial financial penalties for companies that fail to meet the bloc’s privacy standards.
Global Backlash Against Grok
Grok sparked widespread criticism last month when it began fulfilling user requests to undress people using its AI image generation and editing capabilities. Some requests resulted in images showing females in transparent bikinis or revealing clothing. Researchers examining the outputs noted that some images appeared to include children.
The chatbot’s responses to user requests are publicly visible on the X platform, meaning other users can view the generated images. While X later introduced some restrictions on Grok’s functionality, European authorities indicated these measures were insufficient.
The controversy has drawn attention from regulators beyond Ireland. French prosecutors raided X’s Paris offices earlier this month and summoned Musk for questioning. British data privacy and media regulators have also opened their own investigations into the platform, even though Britain has left the European Union.
Mounting Regulatory Pressure
This latest inquiry adds to the regulatory challenges X faces in Europe. The European Commission launched a separate investigation into Grok last month under the EU’s Digital Services Act, which requires platforms to curb the spread of illegal content such as child sexual abuse material. Irish media regulator Coimisiún na Meán is expected to play a leading role in that investigation as well.
X is already under scrutiny from Brussels over whether it has been complying with the bloc’s digital rulebook designed to protect social media users. The platform has not responded to requests for comment regarding the latest data protection inquiry.
The Data Protection Commission described the current investigation as a large-scale inquiry that will thoroughly examine X’s adherence to fundamental GDPR obligations. The regulator’s announcement signals growing concern among European authorities about the risks posed by generative artificial intelligence technology when deployed without adequate safeguards.
