Ireland’s data regulator has opened a new investigation into X, focusing on how the social media platform used personal data from European users to train Grok. The inquiry adds fresh regulatory scrutiny to the relationship between public posts, generative AI models, and the legal basis companies need when processing people’s data.
What Ireland’s regulator is examining
The Data Protection Commission, known as the DPC, said Friday that it has opened an investigation into Elon Musk’s X. The case concerns personal data collected from European users and used for the purpose of training Grok.
According to a Reuters report, the DPC will investigate how X processes personal data
“comprised”in publicly accessible posts by European users for the purposes of training generative AI models.
That focus matters because the posts at issue are publicly accessible, but the regulator is still examining the processing of personal data. The source article does not say that the DPC has reached a conclusion. It says the agency has opened an investigation.
Why Grok and xAI are central to the case
Grok is the AI chatbot connected to Musk’s AI company, xAI. X quietly opted in users to sharing data with xAI to train Grok in 2024, according to the source article.
That detail is central to the regulatory question. The investigation is not simply about whether a generative AI model exists, or whether public posts can be viewed by others. It is about how X used personal data from European users for AI training, and whether that processing fits within the requirements that apply under the EU’s GDPR rules.
Last month, Musk announced that xAI had acquired X. The source article does not describe how that acquisition affects the investigation, but it places Grok, xAI, and X within the same corporate story at a moment when regulators are already examining AI data practices.
The GDPR stakes for X
Under the EU’s GDPR rules, companies must have a valid legal basis for processing people’s data. The DPC can impose fines of up to 4% of a company’s global revenue under those rules.
The Irish regulator is powerful because of its role in privacy enforcement. The source article notes that the DPC has issued fines to Microsoft, TikTok, and Meta in the past. It also says its fines to Meta total almost €3 billion (roughly $3.38 billion).
Those past actions do not determine what will happen to X. They do, however, show why a DPC investigation into X, European user data, Grok, and AI training is a significant regulatory event for the company.
How this fits into a wider dispute over AI training data
The latest inquiry follows earlier action by the same agency. The DPC sought a court order last year to restrict X from processing European user data for AI training.
That earlier step and the new investigation point to the same core issue: how social platforms treat user data when building or improving generative AI systems. Publicly accessible posts may be easy for a platform to collect and process, but the source article makes clear that the DPC is examining whether X’s handling of that data complies with privacy rules.
For users, the key point is straightforward. The investigation is about European user data, publicly accessible posts, Grok, and the legal basis for AI training. For X, the question is whether its processing of that data can satisfy the GDPR standard cited in the source article.
What happens next
The source article does not provide a timeline for the investigation or describe any finding of wrongdoing. It also does not say whether any fine will be imposed.
For now, the confirmed development is that Ireland’s Data Protection Commission has opened an investigation into X’s use of European user data to train Grok. The outcome will depend on how the regulator assesses X’s processing of personal data and whether the company had a valid legal basis under the EU’s GDPR rules.