Elon Musk’s social media platform, X, is facing legal action in Ireland for allegedly using Europeans’ data to train its AI models without proper consent.
The Irish Data Protection Commission (DPC) is taking the platform to court, citing significant breaches of privacy laws.
This move comes after X’s decision to process user data to train its “Grok” AI model without notifying or seeking consent from its users.
Last month, the DPC expressed its surprise at X’s actions and announced it had “followed up” seeking more information.
The General Data Protection Regulation (GDPR) mandates that any processing of personal data must have a valid legal basis.
Non-compliance can result in hefty penalties, potentially up to 4% of global annual turnover. In this case, the DPC is suing X under Ireland’s 2018 Data Protection Act.
The DPC is seeking an injunction against Twitter International, the company’s Irish division, due to concerns over the processing of user data for AI model training.
The watchdog believes this issue poses an urgent risk to users’ rights and freedoms.
The DPC intends to refer the matter to the European Data Protection Board (EDPB), an independent supervisory body established under the GDPR, which has the authority to issue guidance on how the law is applied.
Court Date Set for Next Week
The GDPR stipulates that any processing of personal data must have a proper legal basis appropriate for the use case. Privacy experts argue that X needs explicit consent from users to repurpose their public posts for training its AI models.
Instead, X began using user data last month, only allowing users to opt-out via an option buried in web settings, without notifying them about the data usage for training Grok.
Meta, the parent company of Facebook and Instagram, paused a similar initiative in June after facing GDPR complaints and regulatory pressure, including from the DPC.
In contrast, Musk’s company has been less cooperative with privacy regulators, prompting the DPC to seek an injunction in the High Court.
“In terms of the matter which was before the courts yesterday, August 6, the DPC has not released any comment at this point and it would be inappropriate to do so until this matter has been dealt with by the court.”
Risteard Byrne, Assistant Principal Communications Officer
Sources indicate the DPC is pursuing orders to “suspend, restrict, or prohibit” X from processing the personal data of its users for developing, training, or refining any AI systems.
The DPC is also alarmed by X’s plan to launch the next version of Grok this month, believed to be trained using the personal data of users in the EU and European Economic Area.
Reports suggest that Twitter International refused the DPC’s requests to halt processing European users’ data or delay the updated version of Grok’s launch.
The injunction proceedings are scheduled to return to the High Court next week. Since Musk’s takeover of Twitter, there have been ongoing concerns about his commitment to complying with EU privacy laws.
Despite early warnings from the DPC following the abrupt departure of Twitter’s then-data protection officer in November 2022, the regulator has remained relatively quiet about the chaotic changes Musk has implemented and related GDPR complaints.
The outcome of this legal battle could have significant implications for X and its approach to data privacy.
The DPC’s actions underscore the importance of regulatory compliance and the potential consequences of neglecting user consent and data protection laws.
As the case unfolds, it will be closely watched by privacy advocates and tech companies alike, setting a precedent for how user data can be utilized for AI training in the future.