Ireland opens probe into Musk’s X over Grok’s AI data slurp

Elon Musk's social media outfit X is again under the regulatory microscope in Europe – this time for allegedly using EU users' public posts to train its Grok AI chatbot, possibly without the transparency or legal basis required under the General Data Protection Regulation (GDPR).

The Irish Data Protection Commission (DPC) announced Friday that it had kicked off an inquiry into X Internet Unlimited Company (XIUC) - the newly renamed Irish entity responsible for Elon Musk's social media platform. The investigation seeks to determine whether XIUC's processing of publicly accessible posts from EU users to train its Grok AI models complies with the GDPR.

Notably, XIUC became the official data controller for EU users on April 1, following a rebranding from Twitter International Unlimited Company (TIUC), as part of the transition from Twitter to X.

Like many social media platforms exploring AI, X utilizes user-generated content to train machine learning models. Specifically, X shares publicly accessible data - including posts, profiles, and user interactions - with xAI to develop and refine Grok, the chatbot now embedded in the platform. This practice has raised privacy concerns, as users were initially opted in by default, leading to scrutiny over compliance with data protection regulations.

The tie-up between X and xAI became even closer in March, when xAI acquired the social media platform in an all-stock deal valued at $33 billion. This merger puts both the data and the AI engine under the same Musk-controlled roof.

"This inquiry considers a range of issues concerning the use of a subset of this data which was controlled by XIUC - namely personal data comprised in publicly accessible posts posted on the 'X' social media platform by EU/EEA users," The DPC said. "The purpose of this inquiry is to determine whether this personal data was lawfully processed in order to train the Grok LLMs."

Companies in control of LLMs have regularly come under scrutiny from EU regulators and member states over their data processing practices. OpenAI, for example, has faced GDPR complaints alleging that ChatGPT provides inaccurate information about individuals and lacks a way to correct it, potentially violating the right to rectification. Meanwhile, the EU has become the first jurisdiction to pass comprehensive AI legislation: the Artificial Intelligence Act.

• Euro banks worry AI will increase their dependence on US big tech
• Elon Musk's X isn't important enough to feel the full force of EU regulation
• EU lands 25% counter tariff punch on US, Trump pauses broad import levy hike – China excepted
• EU demands a peek under the hood of X's recommendation algorithms

X isn't any stranger to EU investigations either, with Musk's personal social media platform becoming one of the first companies to face formal proceedings under the EU's Digital Services Act. The European Commission launched an inquiry in late 2023 over concerns that X may have been falling short on obligations around risk management, content moderation, and algorithmic transparency — requirements it must meet as a designated Very Large Online Platform (VLOP) under the DSA, due to its significant reach and influence.

The investigation into X comes against a backdrop of rising transatlantic trade tensions. The Trump administration's fluctuating tariff policies have introduced significant uncertainty into global trade. In response, the EU has floated potential countermeasures targeting US companies, should trade negotiations break down. While the timing of the DPC's probe into X overlaps with these developments, there's no indication the two are directly connected.

The DPC confirmed to The Register that the investigation has no connection to ongoing trade tensions and said it has been examining the issue since last summer. We've also reached out to X to get its take, but haven't heard back. ®