Artificial Intelligence & Machine Learning
,
General Data Protection Regulation (GDPR)
,
Next-Generation Technologies & Secure Development
Rights Group NOYB Files 9 Complaints Against X for Privacy Violation
The X logo on top of the Twitter headquarters building in San Francisco on July 30, 2023, before it was removed because the company did not have a city permit (Image: Shutterstock)
Social media platform X faces the prospect of more legal scrutiny in Europe over its decision to feed customer data into its Grok artificial intelligence system after it agreed Thursday to suspend harvesting tweets as training data.
See Also: OnDemand | Fireside Chat: Staying Secure and Compliant Alongside AI Innovation
Austrian privacy group NOYB on Monday said the company is still likely violating European privacy law.
The online platform, known as Twitter before its acquisition by mercurial multibillionaire Elon Musk in 2022, in May began collecting user posts to train Grok by setting the account default permission to “on.” The Irish Data Protection Commission sued X earlier this month, obtaining agreement from the platform to temporarily cease processing user tweets to create the next iteration of its self-declared “anti-woke” chatbot (see: Irish DPC Sues X Over Harvesting Data for Grok AI Bot).
Secretaries of state from five U.S. states on Aug. 5 urged Musk to restrict the bot from displaying election misinformation, saying that it made false assertions about ballot deadlines after President Joe Biden decided not to run for reelection.
The Irish agency, which was in talks with the X before taking legal action, accused the company of repeatedly failing to respond to the agency’s request for information and for rushing the launch of its next-generation Grok model.
The temporary halt doesn’t settle outstanding GDPR violations, NYOB said. “What happened with EU data that was already ingested in the systems and how can Twitter (properly) separate EU and non-EU data?” it asked. X must seek the express consent of users, the advocacy group said, asserting that regulatory exceptions for data collection without consent, such as a business’s “legitimate interest,” don’t apply. It cited a European Court of Justice ruling from July 2023 involving social media giant Meta that says “legitimate interest” can’t override “fundamental rights and freedoms of the data subject.”
Since X has already rolled out Grok, NOYB invoked an “urgency procedure” under the GDPR, which calls on supervisory authorities to take an immediate binding decision.
Twitter did not immediately respond to a request for comment. Meta in June postponed the launch of its AI systems trained weeks after NOYB complained to the company with 11 European data regulators (see: Meta’s AI Model Training Comes Under European Scrutiny).
