In summary
- Ireland’s DPC has opened a full-scale GDPR investigation into X over Grok’s generation of non-consensual sexualized images, including those of children.
- The investigation examines whether X complied with the fundamental obligations of the GDPR when implementing Grok image functions for EU users.
- The investigation is the latest in a global regulatory wave targeting Grok, with formal actions now open in Europe, the UK, Australia and the US.
Ireland’s privacy regulator has opened a formal investigation into X into whether Elon Musk’s Grok chatbot helped generate and spread non-consensual sexualized images, including those of children, adding heat to a growing global crackdown on AI “nudification” tools.
The Data Protection Commission (DPC) launched the investigation into
The watchdog said it notified XIUC of the decision to begin the investigation and will assess compliance with the basic requirements of the GDPR, the EU General Data Protection Regulation, including processing principles, legal basis, privacy by design and whether a data protection impact assessment was required.
“As the lead supervisory authority for XIUC across the EU/EEA, the DPC has launched a full-scale investigation which will examine XIUC’s compliance with some of its core obligations under the GDPR in relation to the matters in question,” Deputy Commissioner Graham Doyle said in the statement.
The investigation comes as Ireland, which acts as the EU’s main supervisory authority for most major US tech platforms, giving its rulings binding weight across the bloc, joins a widening international response to Grok’s role in generating non-consensual deepfakes at scale.
The Center for Countering Digital Hate (CCDH) reported last month that Grok generated approximately 23,338 sexualized images depicting children, during an 11-day period from December 29 to January 9, and researchers found that about a third of those sampled images remained accessible on X despite the platform’s zero-tolerance policies.
Following the backlash,
Decipher has contacted xAI for comment.
Global regulatory crackdown
In January, the European Commission opened a formal Digital Services Act investigation into X over Grok’s alleged role in the generation and dissemination of illegal sexualized content. Days later, French authorities raided X’s offices in Paris in coordination with Europol, summoning Musk and several executives for questioning.
In the UK, both Ofcom and the Information Commissioner’s Office opened separate investigations, with Ofcom warning it could seek court-backed measures to effectively block X’s service if it is found to be non-compliant, as Prime Minister Keir Starmer said he would seek new parliamentary powers to subject AI chatbot providers to the online safety law.
Australia’s eSafety Commissioner Julie Inman Grant said complaints involving Grok and AI-generated non-consensual sexual images have doubled in recent months, and she said her office would use its law enforcement powers where necessary.
California Attorney General Rob Bonta announced a formal investigation into xAI and Grok for the creation and dissemination of non-consensual, sexually explicit AI images of women and children.
Earlier this month, UNICEF called AI sexual deepfakes “a profound escalation of the risks children face in the digital environment,” saying at least 1.2 million children were targeted last year and urging governments to criminalize AI-generated abuse material and require safety by design safeguards.
Daily report Fact Sheet
Start each day with the biggest news stories, plus original features, a podcast, videos and more.
