EU investigates Grok AI for potential GDPR breaches

The EU‘s privacy regulator has launched an investigation into X‘s AI training practices, potentially setting precedent for how publicly available data can be used to train AI systems across Europe. The inquiry focuses on whether X is using public posts to train its Grok AI model without proper consent, despite previous agreements limiting European data use for AI training. This case could have far-reaching implications for AI development in Europe and beyond, as it may establish whether public data requires explicit user consent for training purposes.

The big picture: Ireland’s Data Protection Commission has opened a formal privacy inquiry into whether X uses publicly accessible posts to train its Grok AI model in violation of GDPR rules.

• The investigation, which began April 11, 2025, comes despite X agreeing last September to limit the use of European users’ data for AI training after facing multiple privacy complaints.
• X Internet Unlimited Company (X’s Dublin-based data controller) could face fines of up to 4% of its annual turnover if found in violation of GDPR requirements.

Key details: Grok, developed by Elon Musk’s xAI, powers the generative AI chatbot functionality on X and has expanded its capabilities over time.

• Since December 2024, Grok has been able to automatically generate biographies for X users without them specifically requesting this feature.
• The DPC’s investigation specifically aims to determine “whether personal data was lawfully processed in order to train the Grok LLMs.”

What they’re saying: Neither X nor Musk has officially responded to the announcement of the investigation.

• Grok itself replied to a user on X, stating it “won’t access your post unless you explicitly mention me.”
• Proton, a privacy-focused service provider, noted: “If it is found that public data still requires user consent to be used for training, this could have wider ramifications, both in Europe and beyond.”

Why this matters: The outcome of this investigation could set a precedent for AI development across Europe and potentially worldwide.

• A ruling requiring explicit consent for training AI on public data would significantly impact how AI companies collect and use training data.
• The case might further strain already tense relations between Musk, who has previously criticized EU regulations, and European lawmakers.