Ireland’s privacy regulator has launched a formal investigation into X to determine if its AI chatbot, Grok, breaks data protection laws. The Data Protection Commission (DPC) announced on Tuesday that it is looking into how the platform processes personal data and its failure to stop the creation of harmful, sexualized images, including deepfakes of children.
The investigation puts significant pressure on the company formerly known as Twitter. Because X bases its European operations in Ireland, the DPC serves as its primary watchdog within the European Union. The regulator holds the power to impose heavy penalties if it finds the company violated the General Data Protection Regulation (GDPR). X could face fines totaling up to 4% of its annual global revenue.
This inquiry follows a chaotic month for the platform. Users recently discovered they could prompt Grok to generate realistic, near-nude images of real people, including politicians and celebrities. These AI-altered photos flooded the site, causing global outrage. While X announced it had put safeguards in place to stop the chatbot from creating this content, tests conducted by Reuters earlier this month showed that Grok continued to produce explicit images when prompted.
Deputy Commissioner Graham Doyle confirmed that the regulator notified X of the inquiry on Monday. He stated that the DPC had engaged with the company for weeks following initial media reports about the issue. Doyle described the move as a “large-scale inquiry” aimed at checking if X is meeting its fundamental legal obligations.
The scrutiny on X is growing from multiple angles. The European Commission opened its own investigation on January 26 to see if Grok helps spread illegal content. Similarly, Britain’s privacy watchdog launched a probe on February 3 regarding the processing of personal data.
Meanwhile, political tensions over these rules remain high. X owner Elon Musk has frequently criticized Brussels for its strict regulations on online content. U.S. President Donald Trump and his team have also attacked EU tech oversight, claiming the fines target American companies and function like a tax. Despite this pushback, European regulators are moving forward with enforcement.
