What prompted the Ireland Data Protection Commission to launch an inquiry into X’s AI training practices? Are there specific GDPR provisions that X might be in violation of? How does the EU’s AI Act influence the regulatory landscape for tech companies like X? What were the previous actions taken by the DPC against X regarding data harvesting? What implications might this inquiry have for the development of AI models like Grok?
Ireland’s Data Protection Commission (DPC) has initiated an inquiry into X, Elon Musk’s social media platform, over its processing of European users’ posts for training its AI model, Grok. The investigation will assess compliance with key General Data Protection Regulation (GDPR) provisions, focusing on the lawfulness and transparency of data processing, the Irish watchdog said. The EU’s AI Act, which introduced various rules and requirements for tech regulation, took effect last year, causing concern among tech executives. Previously, the Irish DPC had compelled X to halt data harvesting from European users for Grok. X has temporarily suspended data use for Grok training following the initial notification. Grok, developed by xAI, comprises a group of AI models, including Large Language Models (LLMs) used for powering a generative AI querying tool available on the X platform. These LLMs are trained on diverse data sets. The probe will examine the use of a subset of data controlled by XIUC, focusing on personal data from publicly accessible posts by EU/EEA users on the X platform. The DPC aims to determine the lawfulness of processing this personal data for training Grok LLMs. The decision to conduct the inquiry under Section 110 of the Data Protection Act 2018 was made by Commissioners for Data Protection, Dr. Des Hogan and Dale Sunderland, and was notified to XIUC in April 2025. In February 2025, Canada’s privacy watchdog initiated a probe into X for potential breaches in AI training data usage. The probe by the Office of the Privacy Commissioner of Canada assessed whether X has violated privacy rules by using Canadians’ personal data to train AI models. Mandated by the Personal Information Protection and Electronic Documents Act (PIPEDA), the probe is focused on determining if X has complied with federal privacy laws regarding the collection, usage, and disclosure of Canadians’ personal data for AI model training. "Ireland DPC launches probe into X over AI training practices" was originally created and published by Verdict, a GlobalData owned brand.
Ireland DPC Launches Probe into X Over AI Training Practices
In a significant development in the intersection of technology, privacy, and regulation, the Data Protection Commission (DPC) of Ireland has initiated an investigation into X, a major social media platform, primarily over concerns related to its artificial intelligence (AI) training practices. This inquiry highlights the increasing scrutiny that tech companies are facing regarding their data handling methodologies, particularly how they source and utilize personal data for AI development.
Background
Artificial intelligence has rapidly become a transformative force across various industries, reshaping the way businesses operate, services are provided, and customer interactions occur. However, the deployment of AI technologies often raises fundamental questions surrounding privacy, consent, and data protection. These concerns are particularly pertinent given the vast volumes of personal data that companies like X accumulate through their user interactions.
As a leading platform in the social media landscape, X has become central to discussions about data ethics and compliance. With millions of users sharing their thoughts, pictures, and videos daily, the platform finds itself in a unique position where data protection laws, like the General Data Protection Regulation (GDPR), are constantly tested against the backdrop of rapid technological advancements.
The Investigation
The DPC’s probe into X centers on how the company collects, processes, and utilizes user data for training its AI models. The concern arises from the potential for misuse or unauthorized use of personal information, particularly if user consent is not explicitly obtained or if data is processed in ways that could undermine the user’s privacy.
X, like many tech companies, employs sophisticated algorithms to enhance user experience, combat misinformation, and tailor content to individual preferences. These AI capabilities rely heavily on vast datasets, which can include anything from user-generated content to metadata about user behavior. There is an increasing concern that AI models trained on such datasets may not always be compliant with privacy regulations, especially regarding the transparency of data usage and user consent.
The DPC’s investigation follows a series of complaints lodged by privacy advocates and users alleging that X did not adequately inform them about how their data is being used for AI training purposes. The inquiry will scrutinize whether X’s practices align with the principles of data minimization and purpose limitation outlined in the GDPR, which mandates that personal data shouldn’t be stored longer than necessary and should only be used for the purposes explicitly stated at the time of collection.
Implications of the Probe
The ramifications of the DPC’s investigation could be significant, not just for X but also for the broader tech industry. Should the investigation conclude that X has violated GDPR provisions, it may face hefty fines, and it could also necessitate changes to its data handling practices and AI training methodologies. Such outcomes could influence how other companies approach data privacy, prompting a reevaluation of their compliance measures.
Moreover, this investigation could serve as a precedent for how regulatory bodies engage with emerging technologies. As AI continues to evolve, so too will the regulatory frameworks needed to govern it effectively. The DPC’s decision to probe into X signifies a proactive stance toward ensuring that data protection laws keep pace with technological advancements.
The Growing Scrutiny on AI
The DPC’s actions are not occurring in a vacuum. Globally, there is a growing movement toward enhanced oversight of AI technologies. In particular, the European Union has been at the forefront of establishing comprehensive regulatory guidelines aimed at addressing ethical concerns connected to AI. The proposed EU AI Act seeks to create clear standards governing the design and deployment of AI systems, focusing on risk categories and the transparency of algorithms.
In the United States, regulatory discussions around AI are also intensifying, with lawmakers considering frameworks to tackle the implications of unchecked AI development. These movements underscore a collective recognition that while AI holds tremendous potential, it also harbors risks that need to be managed through thoughtful regulation.
User Trust and Corporate Responsibility
As the investigation unfolds, user trust remains at the forefront of the dialogue surrounding data protection practices in AI. For providers like X, maintaining user confidence is paramount. Disruptions to privacy could result in a significant backlash from users who demand greater transparency and control over their data.
To navigate these challenges, companies need to foster a culture of accountability, ensuring that data protection is not only a legal obligation but an ethical commitment. This could involve seeking explicit consent for data usage, enhancing transparency about data processing activities, and investing in technologies that prioritize privacy.
Conclusion
The Ireland DPC’s inquiry into X’s AI training practices represents a critical moment in the unfolding relationship between technology and privacy. As regulatory bodies continue to crack down on potential violations of data protection laws, the tech industry must adapt to a landscape where compliance and integrity are non-negotiable components of business operations. In the age of AI, the convergence of innovation and ethical responsibility is no longer a choice but a necessity.
The Data Protection Commission (DPC) of Ireland has initiated an investigation into X, the platform formerly known as Twitter, focusing on its artificial intelligence training practices. This inquiry comes amid growing concerns regarding how data is collected, utilized, and managed, especially in relation to user privacy and compliance with data protection regulations. As AI technologies become increasingly prevalent, the scrutiny over the ethical implications and legality of using personal data for training these systems intensifies. The DPC’s probe aims to ensure that X adheres to the strict data protection standards set forth by the General Data Protection Regulation (GDPR). The outcome of this investigation could have significant implications for the company’s operations and its approach to user data in the context of AI development.

