Ireland’s Data Protection Commission (DPC) has opened a formal investigation into the social media platform X over concerns about the use of personal data belonging to users in the European Union (EU). The regulator announced on Friday that it would examine whether data from EU/EEA users was improperly used in the training of X’s generative artificial intelligence system, Grok. In a statement issued by the DPC, the inquiry will focus on “the processing of personal data comprised in publicly-accessible posts posted on the X social media platform by EU/EEA users, for the purposes of training generative artificial intelligence models.”
X Agrees to Limit Use of EU Data for AI
The probe follows a decision by X to limit its data use practices following legal pressure from the Irish regulator. X “agreed to stop training its AI systems using personal data collected from EU users before they had the option to withdraw their consent.” The DPC noted that it ended its legal proceedings after X agreed to impose these limitations on a permanent basis.
This agreement came in the aftermath of a court case last year in which the Irish regulator sought “an order to restrict X from processing the data of EU users for the purposes of developing its AI systems.”
Ireland as Lead Regulator Under GDPR
The DPC serves as the lead EU regulator for X due to the company’s European operations being based in Ireland. This positioning grants the regulator the authority to conduct sweeping investigations and enforce the General Data Protection Regulation (GDPR).
Under the GDPR framework, the DPC “has the power to impose fines of up to 4% of a company’s global revenue,” allowing for significant financial consequences in the event of non-compliance.
Track Record of DPC in Sanctioning Big Tech
Ireland’s privacy watchdog has already established itself as a powerful regulatory force in the tech space since it was granted sanctioning powers in 2018. The commission has imposed hefty fines on several tech giants, including Microsoft’s LinkedIn, TikTok, and Meta.
The cumulative fines on Meta alone have amounted to “almost 3 billion euros,” making it one of the most heavily sanctioned companies under the GDPR. In contrast, X – known as Twitter at the time – “has not faced sanctions since the DPC fined it 450,000 euros ($511,000) in 2020,” a penalty that marked the regulator’s first action under the new data privacy regime.
Political Backlash from U.S. Leaders
The investigation comes amid ongoing tensions between the EU and the U.S. over the regulation of American tech companies. U.S. President Donald Trump and his administration have been vocal in criticizing the EU’s regulatory stance.
Trump and his team have “described fines imposed on U.S. tech companies by the EU as a form of taxation,” suggesting that regulatory actions may be politically motivated or financially driven.
Elon Musk’s Opposition to EU Rules
Elon Musk, the owner of X and a key figure in the AI and tech industry, has also taken a firm stance against European regulations. Known for his opposition to centralized control, Musk has “railed against EU regulations, mainly those imposed directly by Brussels on online content. “As the world’s richest man and a top adviser to Trump, Musk’s views carry significant weight, particularly in discussions around data privacy, content moderation, and artificial intelligence.
Legal and Ethical Concerns Surrounding AI
The use of publicly-accessible posts for AI training raises pressing questions about transparency, user consent, and the ethical use of data. By opening this investigation, the DPC is signalling a broader concern within the EU about how personal data is being harvested and processed by large technology companies, especially when it involves advanced systems like generative AI.
This case could serve as a precedent for how regulators interpret and enforce GDPR provisions related to AI training. It also highlights the growing scrutiny that AI development practices are likely to face in the near future.
A Pivotal Moment in EU Tech Oversight
The DPC’s move to scrutinize X’s data practices marks a critical juncture in the enforcement of GDPR in the AI age. As more tech companies incorporate AI into their platforms, regulators across Europe may begin launching similar inquiries to ensure user rights are protected.
For now, all eyes are on Ireland’s DPC as it continues to investigate the matter. Depending on its findings, X could face new sanctions or be required to implement further compliance measures to align with EU law. The outcome of this investigation could shape the future of AI governance not just in Europe, but globally.
REFERENCES
- https://indianexpress.com/article/technology/artificial-intelligence/irish-regulator-investigates-x-over-use-of-eu-personal-data-to-train-grok-ai-9941551/
- https://www.medianama.com/2025/04/223-irish-data-regulator-probe-x-eu-users-data-grok/
- https://www.theregister.com/2025/04/14/ireland_investigation_into_x/
- https://www.computerworld.com/article/3962592/elon-musks-x-faces-eu-probe-over-gdpr-violations-in-ai-training.html