Irish data watchdog investigates X’s Grok AI over harmful image concerns

Data Protection Commission has launched a formal investigation into X’s AI chatbot Grok over concerns about how it processes personal data and its potential to generate harmful sexualised images, including depictions involving children.

The Irish regulator, which acts as X’s lead European Union watchdog because the company’s EU headquarters are based in Ireland, confirmed Tuesday that it had notified X of the probe a day earlier. 

The inquiry will assess whether the platform has complied with its obligations under the bloc’s General Data Protection Regulation (GDPR). 

Under GDPR rules, companies can face fines of up to 4% of their global annual revenue for serious breaches.

The move follows reports that Grok flooded X last month with AI-manipulated, near-nude images of real individuals in response to user prompts, sparking global backlash and regulatory scrutiny. 

Although X said it had imposed restrictions to prevent such content from being generated, Reuters reported that the chatbot was still capable of producing the images when prompted.

Deputy Commissioner Graham Doyle said, "The DPC has been engaging with XIUC (X Internet Unlimited Company) since media reports first emerged a number of weeks ago concerning the alleged ability of X users to prompt the @Grok account on X to generate sexualised images of real people, including children".

"As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry, " Doyle said, adding that this would examine XIUC's compliance with some of its "fundamental obligations under the GDPR in relation to the matters at hand".

Separately, the European Commission opened its own investigation on January 26 into whether Grok has spread illegal content within the EU.