DPC launches probe into X’s Grok images
The Data Protection Commission (DPC) has opened an inquiry into the social-media platform X over the ability of its Grok AI tool to create sexualised images.
The probe into X Internet Unlimited Company (XIUC) is taking place under section 110 of the Data Protection Act 2018.
The watchdog said that the inquiry concerned “the apparent creation, and publication on the X platform, of potentially harmful, non-consensual intimate and/or sexualised images”.
It said that such images contained, or otherwise involved, the processing of the personal data of European users – including children.
The probe will determine whether X has complied with its GDPR obligations under:
- Article 5 (principles of processing),
- Article 6 (lawfulness of processing),
- Article 25 (data protection by design and by default), and
- Article 35 (requirement to carry out a Data Protection Impact Assessment).
‘Large-scale’ inquiry
DPC deputy commissioner Graham Doyle said that the regulator had been engaging with the company since media reports first emerged about the alleged ability of X users to prompt the @Grok account on X to generate sexualised images of real people – including children.
“As the lead supervisory authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry, which will examine XIUC’s compliance with some of its fundamental obligations under the GDPR in relation to the matters at hand,” he said.
Last month, the European Commission launched a new investigation, under the Digital Services Act (DSA), into how X has deployed its AI tool Grok in the EU.