This week, the EU’s top privacy regulator closed its court case about how X used user data to train its Grok AI chatbot. However, the problems for Elon Musk’s social media site that used to be called Twitter are still not over. Parhlo World stated that the Irish Data Protection Commission (DPC) has received and will “examine” a number of complaints made under the General Data Protection Regulation (GDPR) of the EU.
The regulator told Parhlo World, “The DPC will now look into how well any processing that has taken place complies with the relevant provisions of the GDPR.” “If, after that investigation, it turns out that TUIC [Twitter International Unlimited Company], which is still X’s main Irish subsidiary, has broken the GDPR, the DPC will then decide if it needs to use any of its corrective powers and, if so, which ones.”
X agreed to stop handling data so that Grok could train in early August. The promise that X made to it was then made official earlier this week. A copy of the agreement that Parhlo World got shows that X agreed to delete and stop using data from European users that it had received between May 7, 2024, and August 1, 2024 to train its AIs. But it’s now clear that X doesn’t have to get rid of any AI models that were trained on the data.
The DPC hasn’t punished X yet for using the personal information of Europeans to train Grok without their permission, even though the DPC quickly went to court to stop the data collection. Under the GDPR, fines can be very high, up to 4% of the company’s world annual turnover. (Given that the company’s sales are falling fast and might barely make it to $500 million this year based on quarterly numbers, that could hurt even more.)
Regulators can also make practical changes by telling people to stop breaking the rules. However, it could take a long time—even years—to look into and act on concerns.
This is significant because even though X has been told it can’t use Europeans’ data to train Grok anymore, it can still use any AI models it has already trained on data of people who didn’t give permission for their use. As of now, there is neither an immediate intervention nor a sanction in place to stop this from happening.
The DPC confirmed to us that the undertaking they got from X last month does not require X to delete any AI models trained on Europeans’ data. “The undertaking does not require TUIC to carry out this action; it required TUIC to permanently cease the processing of the datasets covered by the undertaking,” a spokesperson said.
Some people might think this is a cool way for X (or other training models) to get around the EU’s privacy rules: 1) Get people’s data without them knowing; 2) Use it to train AI models; and 3) Promise to delete *the data* when the inspectors finally come knocking, but leave your trained AI models alone. 3) Step 3: Understand-based profit!?
When asked about this risk, the DPC said that the urgent court case was necessary because of “significant concerns” that X’s use of EU and EEA users’ data to train Grok “gave rise to risk for the fundamental rights and freedoms of data subjects.” Yet, it did not say why it does not care as much about the serious threats to Europeans’ basic rights and freedoms that come from having their information built into Grok.
It is known that generative AI tools can give you wrong knowledge. Musk’s take on the category is also meant to be disrespectful, or “anti-woke,” as he calls it. That could make it more dangerous for the bot to make content about people whose data was used to train it.
These AI tools are still pretty new, which is one reason why the Irish government may be more careful about how to handle this problem. European privacy watchdogs are also not sure how to apply the GDPR against such a new technology. Also, it’s not clear if the rule would allow people to order the deletion of an AI model if it was trained on data that was processed illegally.
But as more and more complaints come in, data security authorities will have to deal with generative AI at some point.
The Pickles Are Going Bad
On Friday, X also got some other news: the head of global affairs for X is no longer working there. Nick Pickles, a U.K. citizen who worked at Twitter for ten years and rose through the ranks during Musk’s time there, quit, according to Reuters.
For some reason, Pickles said in a post on X that he decided to leave “several months ago,” but he didn’t say why.
But it’s clear that the company has a lot on its plate. For example, it has to deal with a ban in Brazil and political backlash in the U.K. over its role in spreading false information about last month’s riots there. Musk himself likes to add fuel to the fire by saying things like “civil war is inevitable” on X.
Also Read: Elon Musk Says Xai Will Open-source Grok This Week
In the EU, too, X is being looked into under the rules for material moderation in the bloc. It was in July that the first set of Digital Services Act complaints were made public. Recently, the EU’s internal markets commissioner, Thierry Breton, wrote an open letter warning Musk specifically. In response, the billionaire who loves chaos chose to send an insulting joke.
What do you say about this story? Visit Parhlo World For more.
