Elon Musk’s company, X, recently made a decision that has raised eyebrows among privacy advocates. The company, formerly known as Twitter, has made a change that automatically includes user data in its AI training pool for Grok, a conversational AI developed by Elon Musk. This move was noticed by users of the platform and has caused concern among those worried about their privacy.
The Irish Data Protection Commission (DPC), which oversees X’s compliance with the General Data Protection Regulation (GDPR) in the European Union, has expressed surprise at this development. The DPC has been in communication with X about this issue for several months and is now awaiting a response from the company. The DPC has the authority to impose fines of up to 4% of a company’s global annual turnover for GDPR violations.
The text accompanying the default-enabled Grok data-sharing setting on X indicates that user posts, interactions, inputs, and results with Grok may be used for training purposes. However, it is unclear whether X is using all user data for this purpose or just interactions with the chatbot. This ambiguity raises questions about whether X has a valid legal basis for processing user data under EU privacy laws.
In Europe, Meta’s similar plan to use Facebook and Instagram user data for AI training was halted last month due to GDPR complaints. Regulatory scrutiny in Ireland and the UK forced Meta to pause its data-sharing plans. The DPC is closely monitoring the situation with X and expects further developments next week.
We reached out to X to inquire about the legal basis for processing European user data to train Grok. However, the company’s response was a standard automated message stating that they are currently busy. It remains to be seen how X will address the concerns raised by the DPC and whether they will make changes to their data-sharing practices.
