11th April 2025 — The Data Protection Commission (DPC) has today announced the commencement of an inquiry into the processing of personal data comprised in publicly-accessible posts posted on the ‘X’ social media platform by EU/EEA users, for the purposes of training generative artificial intelligence models, in particular the Grok Large Language Models (LLMs). The Inquiry will examine compliance with a range of key provisions of the GDPR, including with regard to the lawfulness and transparency of the processing.
Grok is the name of a group of AI models developed by xAI. These Large Language Models are used, among other things, to power a generative AI querying tool/Chabot, which is available on the X platform. Like other modern LLMs, the Grok LLMs have been developed and trained on a wide variety of data. This inquiry considers a range of issues concerning the use of a subset of this data which was controlled by XIUC[1] – namely personal data comprised in publicly accessible posts posted on the ‘X’ social media platform by EU/EEA users. The purpose of this inquiry is to determine whether this personal data was lawfully processed in order to train the Grok LLMs.
The decision to conduct the inquiry under Section 110 of the Data Protection Act 2018, taken by the Commissioners for Data Protection, Dr. Des Hogan and Dale Sunderland, was notified to XIUC this week.
[1] XIUC advised the DPC on 25 March 2025 that, from 1 April 2025, the name of the Irish entity and Data Controller for EU users of X would change from Twitter International Unlimited Company (‘TIUC’) to X Internet Unlimited Company as part of ongoing Twitter to X rebranding efforts.
Source: DataProtection.ie