Artificial Intelligence under investigation

May 6, 2025

The Data Protection Commission (DPC) has launched an investigation into X (formerly Twitter) regarding its use of personal data from European users to train its Grok AI models, developed by Elon Musk’s xAI.

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected. The DPC is the Irish supervisory authority for the General Data Protection Regulation (GDPR), and also has functions and powers related to other important regulatory frameworks including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive.

The DPC is the lead EU regulator for X due to the location of its EU headquarters in Dublin. It has the power to impose fines of up to 4pc of a company’s global revenue under the EU’s strict General Data Protection Regulation (GDPR).

The inquiry will look at “the processing of personal data comprised in publicly-accessible posts posted on the X social media platform by EU/EEA users, for the purposes of training generative artificial intelligence models,” the DPC said in a statement.

The move to target the platform owned by Elon Musk, tech billionaire and right-hand man to United States President Donald Trump, could cause tension between the EU and U.S. over Europe’s tech rules and regulations.

Grok is a generative AI bot created by Elon Musk’s company xAI and was designed, in part, to advance conversations on X. However, the vast amounts of data available on X and the often controversial subject matter could result in a chatbot that was exposed to harmful and incorrect information.

The DPC’s inquiry will examine whether X and xAI have complied with GDPR. Specifically, it will determine if personal data publicly posted was lawfully or unlawfully processed in order to train Grok LLMs. The investigation will be overseen by commissioners for data protection Dr Des Hogan and Dale Sunderland and representatives at X have been notified.

The powerful DPC has fined the likes of LinkedIn, TikTok and Meta since it was given sanctioning powers in 2018. Its fines to date of Meta total almost €3bn.

X, or Twitter as it was then called, has not faced sanctions since the DPC fined it €450,000 in 2020, the first penalty the regulator handed out under the new data privacy system.

Rival social media platform Meta has faced similar issues with the Irish watchdog, however, earlier this year it was announced that AI chatbot Meta AI would launch in Europe, despite pausing the roll out following “intensive discussions” with the DPC. Like X, Meta planned to train its LLMs using content pulled from materials shared on its own platforms, Facebook and Instagram.

NB – This is a guide for information purposes only and does not constitute legal advice. If you have an issue requiring legal advice, please contact any of the team at Nolan Farrell & Goff LLP, whose numbers can be found on our website www.nfg.ie, or email info@nfg.ie.