Ireland’s Data Protection Commission (DPC) has opened a formal investigation into X’s AI chatbot, Grok, over the handling of personal data and its potential to generate sexualised images and videos, including of children.
The inquiry was announced Tuesday, following global outrage over Grok’s capabilities.
The DPC serves as the lead European Union regulator for X, as the US company’s EU operations are based in Ireland.
Under the EU’s General Data Protection Regulation (GDPR), the agency can impose fines of up to 4% of a company’s global revenue if violations are found, ET reported.
Deputy Commissioner Graham Doyle explained the reasoning behind the investigation. “The DPC has been engaging with XIUC (X Internet Unlimited Company) since media reports first emerged a number of weeks ago concerning the alleged ability of X users to prompt the @Grok account on X to generate sexualised images of real people, including children,” he said.
Doyle added that the inquiry would assess whether XIUC has met its “fundamental obligations under the GDPR in relation to the matters at hand.”
UK Probes Grok AI Over Data and Content Risks
The investigation comes after Grok flooded X last month with AI-altered, near-nude images of real people when prompted by users.
Although X imposed curbs to prevent Grok from producing such images, Reuters found that the chatbot continued to generate inappropriate content when prompted.
The European Commission also opened a related probe on January 26 to examine whether Grok disseminates illegal content in the EU.
Additionally, Britain’s privacy watchdog began its own formal investigation on February 3 into Grok’s processing of personal data and the risks posed by harmful sexualised images and videos.
X’s owner, Elon Musk, has publicly expressed objections to EU regulations, particularly rules affecting online content moderation.
Meanwhile, US officials, including former President Donald Trump, have criticised EU fines against American tech companies, calling them a form of taxation.
With Grok’s misuse potentially affecting children and adults alike, regulators are under pressure to hold X accountable for compliance with EU privacy and safety laws.
The DPC will examine the chatbot’s data processing practices, assess potential harms, and determine whether X has implemented sufficient safeguards against generating illegal or harmful content.
Originally published on vcpost.com
