Elon Musk's social media platform X is facing a significant European Union privacy investigation after its Grok AI chatbot was found to be generating nonconsensual deepfake images, according to Ireland's data privacy regulator. The Irish Data Protection Commission announced on Tuesday that it had formally notified X of the inquiry under the EU's stringent General Data Protection Regulation (GDPR).
Global Controversy Over AI Image Generation
The investigation follows global controversy that erupted last month when Grok began granting user requests to create sexually explicit images through its AI image generation and editing capabilities. The chatbot was reportedly producing images that placed females in transparent bikinis or revealing clothing, with researchers noting that some generated images appeared to include children. Although X introduced some restrictions on Grok's functionality, European authorities remained unsatisfied with the platform's response.
Focus on Harmful Content Involving Children
In its official announcement, the Irish watchdog stated that the investigation specifically focuses on the apparent creation and posting on X of "potentially harmful" nonconsensual intimate or sexualized images containing personal data from European citizens, including minors. Deputy Commissioner Graham Doyle revealed that the regulator "has been engaging" with X since media reports began circulating weeks earlier about the alleged ability of X users to prompt the Grok account to generate sexualized images of real people, including children.
Multiple European Investigations Underway
The Irish investigation adds to growing scrutiny of X across Europe. Earlier this month, French prosecutors raided X's Paris offices and summoned Elon Musk for questioning. Meanwhile, data privacy and media regulators in Britain have opened their own parallel investigations into the platform's practices. X is already facing a separate EU investigation from Brussels regarding compliance with the bloc's Digital Services Act, which requires platforms to curb the spread of illegal content such as child sexual abuse material.
Spanish Government Takes Action
Spain has taken particularly strong measures in response to the controversy. Prime Minister Pedro Sánchez announced on Tuesday that the Spanish government has ordered prosecutors to investigate X, Meta, and TikTok for alleged crimes related to the creation and proliferation of AI-generated child sex abuse material on their platforms. Sánchez wrote on X that "these platforms are attacking the mental health, dignity and rights of our sons and daughters." Spain had previously announced plans to pursue a ban on social media access for children under 16.
Regulatory Framework and Potential Consequences
The Irish regulator takes the lead on enforcing EU privacy rules because X's European headquarters is located in Dublin. Under GDPR regulations, violations can result in substantial fines amounting to millions of euros. The investigation will seek to determine whether X complied with data privacy requirements regarding the processing of personal data through its Grok AI system. Grok was developed by Musk's artificial intelligence company xAI and is available through X, where its responses to user requests remain publicly visible.
Broader Implications for AI Development
This investigation represents a significant test case for how European privacy regulations apply to emerging AI technologies with image generation capabilities. The controversy has highlighted growing concerns about the potential for AI systems to be misused for creating harmful content, particularly involving vulnerable populations. As xAI has recently expanded into developing romantically-tinged AI companions as a new business line, regulatory scrutiny of its products and their potential impacts on user safety and privacy is likely to intensify across multiple jurisdictions.
