Overview
- Ireland’s Data Protection Commission notified X on Monday and opened a large-scale inquiry into the creation and publication of non‑consensual intimate or sexualized images on the platform using Grok, including material reported to involve children.
- The investigation will assess compliance with GDPR Articles 5, 6, 25 and 35, examining principles and lawfulness of processing, privacy‑by‑design defaults, and whether a Data Protection Impact Assessment was carried out.
- As X’s EU lead supervisory authority, the DPC can issue bloc‑wide enforcement, with penalties that can reach 4% of X’s global turnover for GDPR breaches.
- X restricted Grok’s image features in January by paywalling tools and later blocking sexualized images of real people, yet researchers and reporters found harmful outputs and workarounds continued to surface on the platform.
- The Dublin probe adds to escalating actions that include an EU Digital Services Act investigation, UK privacy and online‑safety inquiries, French raids and summons, and U.S. state probes, while rights groups estimate Grok generated millions of sexualized images in days, including tens of thousands depicting children.