Ireland’s top data protection watchdog, called the Data Protection Commission (DPC), has started looking into how the social media company X (formerly known as Twitter) is using personal data from its European users. The DPC is concerned that this data might be used in ways that break privacy laws, especially for training artificial intelligence (AI) tools like Grok, a chatbot developed by X’s parent company.
In simple terms, the regulator is checking whether X is taking public posts from users in Europe and using that information to teach its AI system. This kind of system works by learning from tons of information — including what people write online — so it can talk and answer questions like a human. The big issue is whether X is doing this without asking users properly or telling them clearly.
The DPC is the main privacy authority in Europe for many big tech companies because X has its European headquarters in Ireland. This group has the power to investigate companies and fine them if they are not following the strict data protection rules set by the European Union, called GDPR. Under these rules, companies must clearly explain why and how they collect people’s data and get permission when needed.
Elon Musk’s X on the Hook: EU Eyes Historic $1 Billion Fine for Misinformation
What X Did and Why It Matters
In 2024, X made a quiet change to how it uses its users’ data. Without much notice, the platform updated its privacy settings and policies, allowing the data from user posts — even those that are public — to be shared with xAI, an artificial intelligence company also owned by the same person who owns X. This data was then used to train Grok, the AI chatbot.
Grok is designed to talk like a person and answer user questions, just like other chatbots. But for it to get smarter, it needs to read and learn from a lot of real-world examples. That includes social media posts, like the ones users write every day on X. However, just because posts are public doesn’t always mean they can be freely used for this kind of purpose.
The concern is whether users in Europe even knew their posts could be used this way. And if they didn’t, X might be breaking European privacy laws, which are some of the strongest in the world. These laws say that companies must have a good reason and a clear legal basis to use personal data. Even public posts can include personal thoughts, opinions, or things about a person’s daily life, which are still protected.
The DPC has asked whether X has followed these rules properly. They’re especially interested in whether the platform explained everything clearly to users and gave them a real choice about whether their data would be used for AI training.
Reddit Blocks X Links, Elon Musk’s Outrage Triggers Unprecedented Fallout
What the Regulator Can Do
The DPC has a lot of power when it comes to enforcing data protection rules in the European Union. If they find that X broke the rules, they can fine the company up to 4% of its total global income — not just income from Europe. In the past, the DPC has given out huge fines to other big tech companies for similar reasons. One company was fined nearly €3 billion in total.
This isn’t the first time the DPC has had concerns about how X handles user data. Last year, they even tried to get a court order to stop the platform from using data in certain ways related to AI training. That shows how serious they are about protecting people’s information.
Now that xAI has officially taken over X, the connection between the two companies is even closer. That means the data shared between them might become more complicated, and the DPC wants to make sure everything stays within the law. Right now, they’re focusing on finding out exactly what data was used, how it was used, and whether people were told the truth about what was happening.
This investigation is still ongoing, and the outcome could take some time. But for now, the key point is that Ireland’s data regulator is taking a very close look at whether X respected the rights of European users — especially when it comes to their personal data being used to make AI smarter.
