Elon Musk’s X could lose 4% of its global annual turnover for “quietly” training Grok using data from 60 million users in the EU without consent

Elon Musk’s X could lose 4% of its global annual turnover for "quietly" training Grok using data from 60 million users in the EU without consent

What you need to know 

  • Nine complaints have been filed against X by data protection authorities for using users ‘data to train Grok without their consent.
  • The General Data Protection Regulation (GDPR) could fine X up to 4% of its global annual turnover if the platform can’t establish a legal basis for using users’ data to train its chatbot without their consent.
  • It’s worth noting X suspended the processing of users’ data for training Grok.

As someone who has witnessed the rapid evolution of technology and its associated ethical dilemmas over the past few decades, I find myself both intrigued and concerned by the latest developments surrounding X and their chatbot, Grok. It’s fascinating to see how AI-powered models are pushing the boundaries of innovation, but it’s equally disheartening to observe the potential infringement on user privacy and consent that seems to accompany these advancements.


AI systems heavily utilize the internet for their learning process, often sparking copyright disputes between publishers and tech companies such as Microsoft and OpenAI. The CEO of OpenAI, Sam Altman, contends that current copyright laws do not restrict the usage of copyrighted material for training AI models. However, he acknowledges that creating innovative tools like ChatGPT necessitates internet access.

X’s (previously known as Twitter) Grok AI chatbot is not exclusive; recently, an active user of the platform found a setting adjustment that was activated automatically as part of an update. This modification allows the platform to covertly train its dedicated chatbot using users’ data. Nevertheless, you can disable this feature by accessing X’s settings on the web app. Please note that currently, there is no option to do so within the mobile application.

1. The action faced criticism and pushback due to its implications on privacy and security in AI development. This unexpected move raised concerns with the Irish Data Protection Commission (DPC), which is responsible for ensuring that X adheres to the EU’s General Data Protection Regulation (GDPR). In simpler terms, the DPC makes sure that X follows the data protection rules set by the European Union.

After a significant data breach incident, it has been reported through TechCrunch that nine separate complaints have been lodged against company X by data protection agencies in Austria, Belgium, France, Greece, Ireland, Italy, the Netherlands, Poland, and Spain. These complaints suggest that X lacks proper authorization to utilize data from over 60 million EU users for training its chatbot without prior consent.

During this period, I, as a concerned individual, have learned that the Data Protection Commission (DPC) has initiated a legal action against entity X at the Irish High Court. The goal of this action is to prevent X from utilizing user data without explicit consent to train their Artificial Intelligence model. Specifically, the DPC aims to secure an injunction that prohibits X from exploiting Europeans‘ posts for AI training purposes without proper authorization.

According to the chairman of privacy rights nonprofit noyb, Max Schrems:

“Over time, we’ve noticed numerous situations where the Data Protection Commission (DPC) has enforced regulations in an incomplete and ineffective manner. To maintain compliance with EU laws, it is crucial that Twitter seeks user consent, as a fundamental requirement at least, in such cases.”

Despite finding the Data Protection Committee’s actions inadequate, Noyb argues that it would be impractical for some X users to persuade the company to erase data utilized in training Grok. Consequently, X is leaning towards using “legitimate interest” as a strategic defense in AI-related processing.

Based on the decision made in response to the complaints lodged against X, the General Data Protection Regulation (GDPR) may impose a fine equal to as much as 4% of the social media platform’s worldwide annual revenue. This organization is tasked with verifying that the employment of personal data adheres to a legitimate legal framework. It’s important to mention that X temporarily halted the use of its users’ data for training Grok.

Even though he had a wealth of data at his disposal, it was found that Grok recently disseminated false information about the upcoming US presidential election. It’s said that when this matter was brought to his attention by five state secretaries, he appeared unconcerned. The misinformation, which had already been shared with millions via social media platforms, was flagged but had already caused widespread concern.

Read More

2024-08-12 17:09