In a move unlikely to surprise many, a European privacy group is taking aim at X (formerly Twitter) for its use of user data to trainits AI chatbot, Grok.
What is Grok?
Grok is a large language model (LLM) chatbot that cangenerate text and hold conversations with users. It stands out by accessing real-time information through X and answering questions other chatbots typically can't handle. However, Grok's training has sparked controversy.
The GDPR Complaint
The European privacy group NOYB (None Of Your Business)alleges X used personal data from over 60 million EU users to train Grok without their consent. This violates the EU's General Data Protection Regulation (GDPR), which regulates data privacy and protection.
What Went Wrong?
The Irish Data Protection Commission (DPC) previously addressed the issue with X, but NOYB believes their actions didn't go farenough. They argue X should have requested user consent before using data forAI development. Instead, X took the data first and then implemented an"opt-out" option later. This lack of transparency is a major GDPRviolation.
The GDPR and User Consent
The GDPR provides a clear path for companies using personal data for AI: obtain user consent. X bypassed this critical step, potentially compromising user privacy.
Lessons Learned
Similar cases involving Facebook (now Meta) using userdata have shown that claiming a "legitimate interest" isn't enough tobypass GDPR.
Furthermore, the "right to be forgotten"enshrined in the GDPR creates difficulties for AI systems that struggle toerase personal data once ingested. This adds to the concerns surroundingunchecked data use in AI development.