Grok AI’s secret data heist could spell big trouble for Elon Musk’s X

X has been accused of using data from EU users without proper consent to train its AI models. This practice was revealed when a user discovered that X was processing their posts to enhance its Grok AI chatbot. You can also check your settings and see it with your own eyes by clicking here. The revelation led to multiple complaints against X for allegedly violating the EU’s General Data Protection Regulation (GDPR).

Twitter just activated a setting by default for everyone that gives them the right to use your data to train grok. They never announced it. You can disable this using the web but it’s hidden. You can’t disable using the mobile app

Direct link: https://t.co/lvinBlQoHC pic.twitter.com/LqiO0tyvZG

— Kimmy Bestie of Bunzy, Co-CEO Execubetch (@EasyBakedOven) July 26, 2024

A quick reminder: The GDPR is a comprehensive data protection law in the EU that governs how personal data must be handled. It requires that any use of personal data, including for AI training, must have a clear legal basis. Consent from the individual whose data is being used is a crucial component of this legal basis. Failure to obtain consent can lead to significant penalties.

You can stop Grok AI from using your tweets to train itself

What are the complaints about?

The complaints, which have been filed with data protection authorities in nine EU countries, argue that X did not get explicit consent from its users before using their data for training AI. X reportedly relied on a “legitimate interest” justification, which privacy experts believe is not sufficient under GDPR for this kind of data use. However, Grok is now shy about its training data anyway:

What has been done so far?

The DPC has started legal proceedings to stop X from using the data, but the process is ongoing. X has added a setting to its platform allowing users to opt out of data processing for AI training, but this option was introduced only after the issue came to light, leaving many users unaware of the data use beforehand.

Why is this important?

The GDPR is designed to protect individuals’ personal data and ensure transparency about how it is used. X’s approach of using data without clear consent undermines these protections and highlights a broader concern about how tech companies handle user data.

What’s next?

As the legal proceedings continue, X must address these complaints and ensure its data practices comply with GDPR. This case underscores the challenges tech companies face in balancing innovation with privacy regulations and highlights the ongoing scrutiny of data practices in the digital age.

Featured image generated by Eray Eliaçık/Bing