Suspected GDPR violations: Irish data protectionists examine AI model Grok
The Irish data protection authority is investigating how Musk's Platform X used personal data of European citizens to train its AI model Grok.
(Image: peterschreiber.media/Shutterstock.com)
New trouble for Elon Musk and his social media platform X. On Friday, the Irish Data Protection Authority announced the launch of an investigation into the processing of personal data in publicly accessible posts that users from the EU and the European Economic Area (EEA) post on the social network. X collects information from the posts for the purpose of training large language models for generative artificial intelligence (AI) such as Grok in particular, the Data Protection Commission (DPC) announced in Dublin.
As part of the investigation, the supervisory authority intends to examine "compliance with a number of important provisions" of the General Data Protection Regulation (GDPR). The focus is on "the lawfulness and transparency of the processing", it said. The aim is to determine whether the personal data from the X-Postings was lawfully used to train Grok.
The DPC opened initial proceedings against X back in August. Following a legal dispute in the Irish courts, the operating company agreed to suspend the use of European citizens' data to train its AI models, at least temporarily. This was not enough for the civil rights organization Noyb. It lodged complaints in nine EU countries, arguing that the data was being processed without the consent of X users. At the time, Noyb complained that the DPC once again seemed unwilling to fully enforce the GDPR.
European data protection experts have drawn up AI guidelines
Musk's AI company xAI recently swallowed up Twitter successor X. The share deal within the corporate network is also about legally simplifying Grok's training with user data. According to the DPC, the conglomerate has been operating as X Internet Unlimited Company (XIUC) at its European headquarters in Ireland since April 1.
Videos by heise
The European Data Protection Board (EDPB) set up a task force on ChatGPT in mid-2023 at the urging of the Irish supervisory authority. This was in response to a brief ban on the AI system by the Italian data protection authority. The aim of the joint EDPB position that has now been established is to ensure uniform enforcement of the law in the EU and to prevent various member state supervisory authorities from imposing sanctions on a freelance basis. In December , the EU data protection authorities published a three-stage test for AI with regard to legitimate interests and a necessity test, for example.
(des)
