Overview
- The Office of the Privacy Commissioner of Canada ruled on June 11 that xAI and X Corp. violated federal private‑sector privacy law by launching Grok’s image feature without appropriate safeguards and recommended suspending the function until comprehensive protections are implemented.
- Investigators and independent researchers found the gap in safeguards let users generate and share millions of non‑consensual sexualized deepfakes, with one estimate of about 3 million images in an 11‑day window and OPC noting peaks of over 6,000 sexualized images per hour and thousands of images involving children.
- xAI and X have added technical limits, blocked editing of images of real people in revealing clothing, and begun proactive sweeps and monitoring, but the commissioner said those steps do not yet demonstrate effective mitigation and called for quarterly reports and third‑party audits.
- The finding adds to an international escalation of enforcement: regulators in the UK, EU, Spain, the Netherlands and several U.S. jurisdictions have opened probes or taken action, and Labour MP Jess Asato has filed a UK lawsuit seeking damages and legal precedent.
- The OPC cannot issue fines or binding orders under current law, a gap that has strengthened political momentum in Canada for modernized privacy and AI rules that would give regulators enforcement powers and require clearer platform duties.