X Refutes Claims That It Illegally Used EU User Data To Train AI
According to the complaint, the personal data of millions of European users has already been used to train generative AI chatbot Grok.
X’s lawyers look set to have their hands full for some time yet, as the company continues to rack up legal battles, on varying fronts.
Today, X has vowed to fight yet another challenge, this time over the use of user data to train its AI models, and the permissions required for such under EU law.
Ireland’s Data Protection Commission (DPC) has launched High Court proceedings against X related, it claims, to the unapproved use of user data to train X’s Grok AI chatbot. The DPC, which is the Irish supervisory authority for the EU’s General Data Protection Regulation (GDPR), claims that X has violated regulations relating to data usage permissions in the region, and is pushing ahead with its Grok project despite these noted objections.
In response, X says that the DPC’s case is “unwarranted, overbroad and singles out X without any justification.”
As per X:
“The order applies not just to Grok but to any AI model that X uses, potentially impacting our work to keep the platform safe and possibly the ability to offer X in the EU. We've been proactive in working with regulators, including the Irish Data Protection Commission, relating to Grok since late 2023, and have been fully transparent with them about the use of public data relating to AI models. This has included providing necessary legal assessments and engagements where it's been discussed in length. X directly communicated to users how it uses data to train AI and X's policies have been updated since 2023 to better reflect that, among many other transparency measures.”
On this front, X also recently added a new opt-out for users, so that they can specifically exclude their information being used to train Grok. That, seemingly, was implemented to cover GDPR requirements, but the DPC doesn’t view this as comprehensive enough.
Indeed, according to the DPC’s complaint, the personal data of millions of European users has already been used by X to train Grok, rendering this new measure ineffective in retrospect. The toggle is also opted in for all users by default, and many European users wouldn’t be aware that they even have the option, meaning that they’ve not had adequate consultation on this use.
As such, the DPC is calling for an immediate court injunction to stop X from further use of the same until the matter is legally resolved.
It’s another hitch for X’s Grok project, which is also facing challenges in the U.S. over the spread of election misinformation. X was also forced to delay the launch of Grok in Europe due to similar concerns.
The EU Commission also recently found that X’s decision to sell verification ticks is in breach of the EU Digital Services Act (DSA), due to misconception among users as to what the check mark actually represents.
So there are a few issues going against the company, but X has vowed to fight the challenges and push back against EU rulings on its processes.
Which could, of course, end badly. If X is found to have breached EU laws, it could be facing significant fines and even restrictions in the region. Which are complications that X cannot afford, given that its revenue is still down significantly since Musk took ownership of the app.
But X remains confident that it’s in the right and can challenge such orders.
The case will head to court shortly.