IRELAND’S Data Protection Commission has opened an inquiry into X Internet Unlimited Company over Grok’s AI image generator, focusing on reports that the tool created large volumes of non-consensual and sexualised images, including content involving children, potentially breaching EU data protection laws.
The inquiry, conducted under section 110 of the Data Protection Act 2018, will assess whether X breached key GDPR provisions on lawful data processing, privacy by design, and the Data Protection Impact Assessments for personal data processed of EU/EEA data subjects. The decision to commence the inquiry was notified to XIUC on Monday 16 February, with the DPC stated as leading the large-scale investigation across the EU/EEA to determine compliance with fundamental data protection obligations.
In January, X’s safety team blocked the Grok account from editing images of real people to add revealing clothing, and access to image creation and editing features was limited to paid subscribers. The DPC has joined regulators including the European Commission, the UK’s ICO and Ofcom, and authorities in several other countries in examining X’s handling of Grok-related content. According to the Data Protection Commission, the inquiry will evaluate XIUC’s compliance with Articles 5, 6, 25 and 35 of the GDPR.