Elon Musk’s X faces legal challenges in Ireland over its AI training practices with European user data, according to a report by RTE. The controversy stems from the company’s decision to use consumer data to enhance its “Grok” AI system, without explicit consent or notification to the users involved.
The Irish Data Protection Commission (DPC) expressed its astonishment at X’s unilateral action last month, engaging with the company for further clarifications, TechCrunch learned.
Under the EU’s General Data Protection Regulation (GDPR), data processing must be justified by a lawful basis. Violations can attract fines up to 4% of the company’s global annual revenue, posing a significant financial risk for X. The DPC’s lawsuit is grounded in the 2018 Data Protection Act of Ireland, RTE reveals.
RTE’s coverage indicates that the DPC aims to secure a court injunction against Twitter International (still the official name of the company’s Irish entity) to address concerns regarding the use of user data in AI training. The regulator believes these practices urgently threaten user rights and freedoms.
The report further details the DPC’s plans to escalate the issue to the European Data Protection Board (EDPB), a key entity under GDPR with the authority to interpret application of the law across the EU.
When approached for comments, the DPC chose to remain silent on the legal proceedings, stating it was inappropriate to comment before the court’s decision is made, TechCrunch was informed by Risteard Byrne, an assistant principal communications officer.
GDPR mandates that personal data processing is backed by a legitimate legal basis. Privacy experts argue that X needs to secure user consent to repurpose public posts for AI training. Contrary to this, the company began harvesting user data without explicit permission, burying the opt-out options in its settings and failing to notify users about their data being used to train Grok.
Following GDPR infringements and regulatory pushback, Meta halted a similar strategy with Facebook and Instagram user data in June. Musk’s firm, however, has displayed reluctance in cooperating with privacy authorities, propelling the DPC to pursue court injunctions, according to RTE.
The DPC’s court actions aim to halt Twitter International from using X user data for AI development, particularly concerning the upcoming release of Grok’s next iteration, which presumably includes EU and EEA personal data, RTE highlighted.
Despite requests from the DPC to pause data processing or the Grok update, Twitter International pushed back, leading to further court proceedings anticipated next week, RTE added.
X has yet to publicly respond to these developments.
Since Musk’s acquisition of Twitter, his adherence to EU data protection laws has been under scrutiny. The DPC’s initial concerns were sparked by the unannounced departure of Twitter’s data protection officer in November 2022, yet the radical changes under Musk’s leadership have overshadowed those early warning signs.
Despite the upheavals, X maintains its principal base in Ireland, benefiting from streamlined GDPR compliance processes through the DPC. However, it remains uncertain how much influence Twitter International wields over Musk’s decisions impacting EU users.
Musk’s seemingly casual approach to GDPR compliance might face a critical challenge if the injunction is approved by the court.
Additionally, X encountered legal setbacks in the Netherlands over GDPR compliance last month, and the European Commission suspects X of violating the Digital Services Act (DSA), threatening penalties up to 6% of global yearly revenue for non-compliance. The concerns involve misleading tactics in their verification system and lack of transparency in data sharing with researchers and advertisement archives effectiveness, with a second DSA case opened since December 2023 addressing content moderation and risk measures.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
