Ireland’s Data Protection Commission (DPC) has initiated an investigation into the social media platform X following alarming reports that its AI chatbot, Grok, has generated sexual deepfake images. The inquiry centers on the purported creation and distribution of non-consensual intimate images crafted by X’s integrated AI, developed by Elon Musk’s xAI. These unsettling images are said to have involved personal data of European individuals, among them minors, raising serious privacy concerns. More details can be found here.
Deputy Commissioner Graham Doyle indicated that the regulatory body has been in dialogue with X for several weeks after media reports surfaced about the prompts allowing the Grok account to generate sexualized images of real individuals. This large-scale examination aims to scrutinize X’s adherence to its fundamental legal obligations under the General Data Protection Regulation (GDPR), particularly focusing on principles of processing, lawfulness, and data protection impact assessments.
This investigation follows a broader pattern of scrutiny faced by X, with other European regulatory bodies also expressing concerns. The European Commission launched a probe under the Digital Services Act to examine the deployment of Grok across the European Union. Similarly, individual countries such as Canada, Spain, France, and the United Kingdom are conducting their own investigations into the AI’s functionalities.
X previously implemented restrictions on Grok to mitigate potential misuse, including creating images that could “undress” or depict individuals in a sexualized manner. Despite these efforts, regulatory authorities in Europe remain skeptical about the effectiveness of these measures in preventing potential harm.
The DPC, as the principal EU regulator for X due to its European headquarters in Dublin, has the power to impose substantial fines, reaching up to four percent of a company’s global annual turnover. Furthermore, they have notified X of the investigation’s commencement, which is pursuant to section 110 of the Data Protection Act 2018. As of now, neither Elon Musk nor X have publicly addressed the DPC’s announcement.
This situation underscores the growing tension between global tech companies and regulatory bodies as they navigate the challenging terrain of AI ethics, privacy, and data protection laws. As investigations continue, both technology firms and regulators are working to determine how to protect individuals’ rights effectively in an increasingly digital world.