Ireland’s Data Protection Commission (DPC) is taking Elon Musk’s X to court. According to Irish broadcaster RTE, the commission has launched High Court proceedings against Twitter International over concerns on how Europeans’ public posts on X are being used to train the company’s artificial intelligence tools. The data protection watchdog is especially worried that European users’ data is being used to train the next version of Grok that Musk previously said will be released sometime this month.
In July, X rolled out a change that automatically activated a setting for all users, allowing the website to use their public posts on the platform to train its AI chatbot further. The commission told TechCrunch that it was surprised by X’s decision, seeing as it has been in contact with the company on the matter for months. X has had a help page instructing users on how to opt out of their data being used for AI training since at least May, but it didn’t exactly tell them that it’s switching on its access to people’s data by default.
The DPC has acknowledged that X had given people the mechanism to opt out. However, it reportedly isn’t enough for the agency, which argued that there’s still a significant number of European-based X users whose data had been processed without being afforded the protection of those mitigation measures. X’s use of people’s data to train Grok violates its obligations under the EU’s General Data Protection Regulation (GDPR), according to the commission. Not offering users an opt-out mechanism in a timely manner also violates the GDPR, it added.
As TechCrunch notes, there must be at least one legal basis for a European user’s data to be lawfully processed under the GDPR. If a company wants to legally process a user’s data, for instance, it must get their express consent, or it must be because the user needs to fulfill contractual obligations. There are other lawful purposes wherein a person’s data could be used, but the DPC’s complaint indicates that it doesn’t believe X has any legal basis for its actions.
Twitter International, X’s Irish division, also reportedly refused to stop processing users’ data and to delay the launch of the next version of Grok as the commission had requested. That’s why the DPC has decided to push through with its complaint — so that it can ask the court to suspend or completely prohibit the company from training any AI system with X users’ data. If the court determines that X has indeed violated GDPR rules, the company could be fined up to 4 percent of its annual worldwide turnover.
After the DPC brought its complaint to court, though, X agreed to stop using some European users’ data for training, at least for the moment. In particular, it agreed not to use public posts made by Europe-based users gathered between May 7 and August 1. The “developments will help us to continue protecting the rights and freedoms of X users across the EU and [the European Economic Area],” Data Protection Commissioner Des Hogan said. The agency isn’t withdrawing its lawsuit, however, and the DPC will continue investigating whether X’s actions had violated the GDPR.
Update, August 09, 2024, 9:39AM ET: This posted was updated to reflect new information that X agreed to pause the use of some European users’ data for Grok training.