X, formerly Twitter, has quietly introduced a change that appears to include user data in its Grok AI training pool by default, a move that was spotted by users of the platform on Friday.
Grok is the name of a conversational AI, or large-scale language model (LLM), developed by Elon Musk's X as a rival to OpenAI's buzzy ChatGPT chatbot, but its selling point is said to be humor over political correctness. Those worried about X's information being fed to Musk's chatbot can learn more about how to turn off the feature here.
The development caught the attention of X's European privacy watchdog, the Irish Data Protection Commission (DPC), which told TechCrunch it was “surprised” by the platform's move. The watchdog said it was “following up” and waiting for a response from X.
“The DPC has been in negotiations with X on this matter for several months, with the most recent communication occurring yesterday,” DPC Deputy Commissioner Graham Doyle told TechCrunch. “We are therefore surprised by today's developments. We contacted X today and are awaiting a response, and we hope further negotiations will take place early next week.”
The DPC monitors X's compliance with the European Union's General Data Protection Regulation (GDPR), an EU-wide law that allows for fines of up to 4% of annual worldwide turnover for confirmed violations.
The text accompanying X's Grok data sharing setting, enabled by default, reads, “You allow us to use your posts, and your interactions, inputs, and results with Grok, for training and fine-tuning purposes.” In smaller (gray) type, it adds, “We may use X's posts, and your user interactions, inputs, and results with Grok, for training and fine-tuning purposes to continually improve your user experience.” Furthermore, X specifies that it may share such data “with our service provider, xAI, for these purposes.”
Due to the vague language, it is not clear whether X is utilizing all user data to train Grok, or whether this processing only concerns user interactions with the chatbot (available to X Premium subscribers).
In any case, the EU requires the company to have a valid legal basis to process people's data under the region's privacy laws, and it's not clear whether the company has one.
A similar plan by Meta to reuse Facebook and Instagram users' data for AI training was suspended in Europe last month after GDPR complaints led to regulatory scrutiny in Ireland and the UK.
It is understood that the DPC is expecting further developments on the Grok AI data sharing issue next week.
We reached out to X to inquire about the legal basis the company relies on to process European's data to train Grok, but at the time of writing, the company's press emails were met with a standard automated reply: “We're busy right now. Please check back later.”