Ireland’s Data Protection Commission (DPC) announced Tuesday it has opened a formal investigation into X’s AI chatbot, Grok, focusing on how it handles personal data and its capacity to generate harmful sexualized content—including images involving minors.
As X’s European Union operations are headquartered in Ireland, the DPC serves as the company’s lead EU regulator. Under the bloc’s General Data Protection Regulation (GDPR), the commission has the authority to impose fines reaching up to 4% of a company’s global revenue.
According to a DPC statement, X was notified of the inquiry on Monday. The investigation aims to determine whether the company has fulfilled its GDPR obligations regarding the personal data processed by the AI system.
The probe follows widespread controversy last month when Grok flooded X with AI-manipulated, partially nude images of real people in response to user prompts. The incident sparked global outrage and prompted multiple investigations.
While X implemented restrictions to prevent Grok’s official account from generating such content, Reuters found earlier this month that the chatbot continued producing these images when users employed different prompting methods.
The investigation places Ireland’s DPC at the center of ongoing transatlantic tensions over tech regulation. U.S. President Donald Trump and his administration have frequently criticized EU oversight of American tech companies, characterizing regulatory fines as a form of taxation.
X owner Elon Musk, the world’s wealthiest individual, has also voiced strong objections to EU regulations, particularly those targeting online content imposed directly by Brussels.
Deputy Commissioner Graham Doyle confirmed that the DPC had been in contact with X Internet Unlimited Company (XIUC) since initial media reports emerged weeks ago regarding users allegedly prompting Grok to generate sexualized images of real individuals, including children.
“As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry,” Doyle stated. He added that the investigation would examine XIUC’s compliance with fundamental GDPR obligations related to the matter.
The European Commission separately launched its own investigation on January 26 to determine whether Grok disseminates illegal content within the EU, including manipulated sexualized imagery
About the Author
