X Permanently Suspends Grok's EU Data Training

X, formerly known as Twitter, has permanently suspended the use of European Union (EU) user data in training its AI model, Grok. This comes following a legal challenge by the Irish Data Protection Commission (DPC), demanding that X halt its AI data collection practices. The suspension, which took effect in August 2024, also involves erasing all data collected between May 7th and August 1st, 2024.

The legal challenge arose due to concerns about potential violations of the General Data Protection Regulation (GDPR) in the EU. In response, X agreed to the DPC’s demands, leading to the case being dismissed by the Irish High Court on September 6, 2024.

Similarly, Meta has also faced regulatory pushback in the EU for the same issues, and paused its data processing in June.

The undertaking between X and the DPC obtained by TechCrunch reads that “personal data comprised in EU/EEA publicly accessible posts made and/or posted on the ‘X’ social media platform (the ‘Platform’) by EU/EEA… shall be deleted and not processed.”

X recently criticized the DPC for targeting the company over its AI model, Grok, describing the DPC’s actions as “deeply troubling.” However, under the GDPR, companies must have a valid legal basis to process personal data.

X has faced multiple GDPR complaints for using people’s data without consent for Grok’s training, which could have led to hefty fines — up to 4% of its global revenue. Despite this, no fine was imposed, although the DPC sought a court injunction to stop the data processing.

The DPC’s official statement expressed its satisfaction with the outcome. However, a European privacy advocate, Max Schrems, insisted that X got a lucky outcome stating that, “Twitter got away without any fine, despite a flagrant violation of the law,” adding that data already ingested would not be deleted. Schrems also confirmed that noyb, his nonprofit organization, would continue pursuing complaints against X.

Regulators have previously sought guidance from the European Data Protection Board (EDPB) on applying GDPR to AI chatbots like OpenAI's ChatGPT, resulting in a preliminary report that left key legal issues unresolved.

This comes as authorities worldwide are clamping down on the data privacy practices of big tech companies. Google is facing trial alleging that it misled Texans regarding its data collection practices. In France, authorities also arrested Telegram CEO Pavel Durov, citing the company’s encryption policies and its refusal to comply with legal requests made by governments or law enforcement.