Dublin (The Brussels Morning Newspaper) – Ireland’s Data Protection Commission has taken X (formerly Twitter) to court, accusing it of GDPR violations for using European user data to train its AI system.
Why Is Ireland’s Data Protection Commission Suing X?
Ireland’s Data Protection Commission (DPC) is carrying Elon Musk’s X to the tribunal. According to Irish broadcaster RTE, the commission has undertaken High Court proceedings against Twitter International over worries about how Europeans’ public posts on X are being utilised to train the company’s artificial intelligence mechanisms. The data protection watchdog is especially anxious that European users’ data is being operated to train the next version of Grok that Musk previously said will be released sometime this month.
How Did X’s Recent Changes Affect European User Data?
In July, X rolled out a transition that automatically triggered a setting for all users, letting the website utilise its public posts on the platform to instruct its AI chatbot further. The commission said TechCrunch that it was shocked by X’s decision, seeing as it has been in communication with the company on the issue for months. X has had a support page instructing users on how to opt out of their data being utilised for AI training since at least May, but it didn’t precisely tell them that it’s changing its access to people’s data by default.
What Are the Legal Grounds for the DPC’s Complaint Against X?
The DPC has admitted that X had given users the mechanism to opt out. However, it reportedly isn’t sufficient for the agency, which claimed that there’s still a substantial number of European-based X users whose data had been processed without being afforded the safety of those mitigation measures. X’s use of people’s info to train Grok disregards its obligations under the EU’s General Data Protection Regulation (GDPR), according to the commission. Not showing users an opt-out mechanism promptly also violates the GDPR, it added.
As TechCrunch states, there must be at least one legal ground for a European user’s data to be lawfully processed under the GDPR. If a company desires to legally process a user’s data, for instance, it must obtain their express consent, or it must be because the user is required to fulfil contractual obligations. There are other lawful definitions wherein a person’s data could be utilised, but the DPC’s complaint shows that it doesn’t believe X has any legal basis for its actions.
Twitter International, X’s Irish division, has also reportedly declined to stop processing users’ data and to postpone the launch of the next version of Grok as the commission had ordered. That’s why the DPC has determined to push through with its complaint — so that it can ask the court to stop or completely prohibit the company from training any AI system with X users’ data. If the court decides that X has indeed violated GDPR rules, the business could be fined up to 4 per cent of its annual worldwide turnover.
