Submit the keyword or topic you are searching for

  1. Home
  2. Technology
  3. Irish Data Regulator Probes X For Using EU Users’ Data to Train Grok
Technology

Irish Data Regulator Probes X For Using EU Users’ Data to Train Grok

featured-image

Ireland's Data Protection Commission has begun a probe into X (formerly Twitter) violating EU's GDPR rules by processing EU users' personal data.The post Irish Data Regulator Probes X For Using EU Users’ Data to Train Grok appeared first on MEDIANAMA.

The Data Protection Commission (DPC) of Ireland announced on April 11 the start of its inquiry into X Internet Unlimited Company (XIUC), the Irish division of X (formerly Twitter), for allegedly processing the personal data of European Union (EU) users to train its artificial intelligence (AI) model Grok. The inquiry will examine compliance with a range of key provisions of the EU’s General Data Protection Regulation (GDPR), including lawfulness and transparency of the processing.Why is the DPC probing X?The Irish regulator has accused X of using publicly accessible data of EU users to train its “generative AI models”.

It said that X scraped the data from the posts of these users to particularly train its Grok Large Language Models (LLMs). The data protection watchdog said that it will examine if X has complied with a range of key provisions of the EU’s GDPR, like lawfulness and transparency related to data processing. “The purpose of this inquiry is to determine whether this personal data was lawfully processed in order to train the Grok LLMs,” the Irish data regulator remarked.



Principles of Data Protection as per GDPR: Article 5 of the GDPR lists out key principles of the data protection regime in the EU. “These key principles are set out right at the beginning of the GDPR and they both directly and indirectly influence the other rules and obligations found throughout the legislation,” the DPC website said. Lawfulness, fairness, and transparency:The companies should be transparent to the individuals whose data is being collected, used, consulted, or “otherwise processed”.

According to the DPC: “Any processing of personal data should be lawful and fair.” The transparency principle requires companies to make “any information and communication” relating to a user’s personal data easily accessible, and easy to understand in clear and plain language.Purpose Limitation:According to the Irish data protection watchdog, companies should only collect personal data for “specified, explicit, and legitimate purposes” and not further process in a manner that is “incompatible with those purposes.

”In this context, Max Schrems, founder of NOYB, a non-profit that fights litigation battles for digital and consumer rights, while speaking at CPDP LatAm, talked about how Meta AI remarked that AI itself is the purpose for data collection. While talking about this, he said, “They said that AI is basically the purpose. It’s like the purpose of processing the data is computers.

It names a technology as the purpose. That’s how they try to get around it, but that’s not really how the law would look at that.”Other principles of Data Collection in GDPR:Data Minimisation: Personal data should only be processed if the purpose of the processing could not reasonably be fulfilled by other means.

Accuracy: Entities collecting data must ensure that the personal data are accurate and, where necessary, kept up to date. They should accurately record information they collect or receive, and the source of that information.Storage Limitation: Tech companies should only keep personal data in a form which permits identification of data subjects for as long as is necessary for the purposes for processing the personal data.

Integrity and Confidentiality: Tech companies should process personal data in a manner that ensures its appropriate security and confidentiality.Accountability: The entity collecting the data is responsible for, and must be able to demonstrate, its compliance with all of the above-named principles of data protection.What is Personal and Non-Personal Data?Article 4(1) of the GDPR defines the term personal data as “any information relating to an identified or identifiable natural person.

” This includes information such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of natural persons.Schrems, while speaking at CPDP LatAm, remarked that technology companies often combine personal and non-personal data, which makes it difficult to separate one from the other. These companies use this to bypass the EU’s GDPR by saying that they did not use the data.

“In practice, we know,” Schrems said, “that usually that data is so connected in their systems that it’s almost impossible to separate. So a lot of this, like how do we get clean data that we can actually use legally, is one of the things where we couldn’t really get satisfactory answers to so far,” Schrems said. Background:Notably, this is not the first time the Irish data protection regulator has flagged its concerns regarding X’s data collection practices for training its AI models.

In August 2024, the DPC took X to court over its default setting that allowed the social media platform to utilise a user’s posts for training Grok. This change in X’s settings was allegedly never notified, although an opt-out option was available on the platform. This default consent feature violated the provisions of the GDPR.

In this context, Schrems said that Google and OpenAI have also gone for opt-out instead of getting users’ consent. Google and OpenAI even asked for reasons from users for not letting them collect data for processing. A user could fill out the form and get instant approval, as nobody ever reads them.

“It’s just to make it as complicated as possible for people to really have their data not in the system,” he added.DPC’s past record:The Irish data protection watchdog has been making headlines for its stringent actions against tech giants. In January 2023, the DPC fined Meta for illegally using user data for targeted advertisements.

The regulator had imposed a fine of 390 million euros on the Mark Zuckerberg-owned company for this malpractice. The watchdog also asked Meta to legalise its ad-serving practices as per EU’s GDPR within three months.In September 2022, the regulator decided to levy a fine of 405 million euros on Meta for failing to protect children’s rights while processing their data on Instagram.

DPC’s research in the matter found that Instagram set the newly registered accounts to “public” by default. A user needed to manually change the account settings to “private”. Children were also able to switch from a personal account to a business account after mandatorily showing an email address or a phone number associated with a business.

Even earlier, in September 2021 the Irish data protection watchdog levied a fine of 225 million euros on Meta. The DPC alleged that WhatsApp had not told EU citizens enough about how it collects and utilises a user’s data. The Irish regulator instead wanted the internet-based messaging service to disclose a greater level of detail in its privacy policy.

Also Read:What to Expect From the EU’s 2025 GDPR Overhaul: AI Oversight, SME Relief and Global ImpactWhat Are The Criteria To Assess AI Models For GDPR ComplianceNoyb Accuses TikTok, Temu, AliExpress of GDPR Violations Over EU Data Transfers to ChinaThe post Irish Data Regulator Probes X For Using EU Users’ Data to Train Grok appeared first on MEDIANAMA..

My Protein Germany

Myprotein UK

Menkind UK

Top News

Will Husted’s Trump “sycophancy” cost him his Senate seat? By 11/2026, it could be his doom.

With only $1 million in campaign funds and rising criticism ...

KL Rahul Shares Glimpse Of His Birthday Celebration With Athiya Shetty And Daughter Evaarah: 'Let 33 Begin'

Maestro Ilaiyaraaja Vows to Deliver Timeless Music

Gujarat Police Arrest 5 Men Who Posed As Waqf Agents, Collected Rent For Nearly Two Decades

Related Posts

post-thumbnail
Technology

Parallel Coding : The Secret to Building Software Faster and Smarter

post-thumbnail
Technology

The Ninja 5-in-1 Grill and Air Fryer turned me into a kitchen BBQ master, but it has some pesky drawbacks

post-thumbnail
Technology

I put in some serious flight time with Hori's HOTAS Flight Stick Control System and enjoyed the surplus of inputs, but I'm stuck on its pricing

post-thumbnail
Technology

Who Makes BYD Cars, And What Does The Acronym Mean?

post-thumbnail
Technology

Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.

post-thumbnail
Technology

10G Internet Launched: Huawei, China Unicom Rollout China's First 10G Broadband Network in Hebei, How Fast Is This?

post-thumbnail
Technology

NetEnt Turns Up the Heat with Golden Egg Invaders Slot Adventure

post-thumbnail
Technology

Global smartphone shipments increased 1.5% in Q1 2025