X, formerly known as Twitter, is currently being investigated by its main European supervisory authority regarding the alleged use of users’ content to train the AI chatbot named Grok. The Irish Data Protection Commission (DPC) has voiced its surprise at X’s actions, which seem to have taken place without notifying or asking the users. 

Currently, X Premium users can use Grok, a new and enhanced chatbot that enhances the search with the help of a complex language model. At first, Grok was based on open data, but X has extended its scope to user-created content. 

Users debate privacy concerns and opt-out options

However, X has the new system enabled by default, although users can turn it off via the web app settings. When active, this setting allows for the utilization of users’ posts and interactions with Grok for training. The information gathered may also be forwarded to X’s partner company, xAI. 

X’s European headquarters in Dublin positions the DPC as a key regulatory authority. The DPC has been in contact with X regarding this issue for several months, with the last interaction happening a day before X’s press release, according to FT. The DPC pointed out that it was surprised by the timing of X’s decision and referred to the issue of user data control. 

“We have been in dialogue with X about this issue for a considerable time. The recent developments were unexpected given our latest interactions.”

DPC spokesperson

The manner in which X has gathered user data for Grok has been a cause of concern. Kevin Schawinski, the CEO of a Swiss AI company, criticized the practice, saying that the practice is “BAD” due to the fact that X is not very clear on how it uses user data. 

AI training data collection challenges social media platforms

The specific date when X started gathering information is also unknown. The company released Grok in November 2023 and, at the time, claimed that the chatbot was not trained with X data. However, the launch of a new version in March 2024 has brought attention to the training data.

However, X is not the only social media platform that has to face the issue of data privacy regulation. Such practices by Meta, TikTok, and Reddit have been under scrutiny in Europe due to the tough enforcement of the General Data Protection Regulation (GDPR). 

Meta’s plan to collect posts and images from European users for training AI faced backlash, and this led to the pausing of the process due to GDPR concerns. Google also had similar issues when it released its generative AI, where the Irish data protection authority had to grant permission to use it. At the moment, X is dealing with several cases before the Irish Data Protection Commission.