Ireland now also investigating X over Grok-made sexual images

• Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. • The DPC, which also serves as the lead European Union privacy regulator for X due to the company’s Irish headquarters, said the inquiry will examine whether X Internet Unlimited Company (X’s EU subsidiary) complied with core GDPR obligations, including the principles of lawful processing, data protection by design, and the requirement to conduct data protection impact assessments. • “The DPC has been engaging with XIUC since media reports first emerged a number of weeks ago concerning the alleged ability of X users to prompt the @Grok account on X to generate sexualised images of real people, including children,” said Deputy Commissioner Graham Doyle on Tuesday. • “As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry which will examine XIUC’s compliance with some of their fundamental obligations under the GDPR in relation to the matters at hand.” The Irish investigation joins a growing multinational enforcement effort currently targeting X’s Grok AI operations. • The UK Information Commissioner’s Office (ICO) launched its own formal investigation on February 3, while the European Commission opened proceedings in January to examine whether X properly assessed risks un

Article Summaries:

• Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. The DPC, which also serves as the lead European Union privacy regulator for X due to the company’s Irish headquarters, said the inquiry will examine whether X Internet Unlimited Company (X’s EU subsidiary) complied with core GDPR obligations, including the principles of lawful processing, data protection by design, and the require

Sources:

• https://www.bleepingcomputer.com/news/security/ireland-now-also-investigating-x-over-grok-made-sexual-images/