Elon Musk’s X targeted with nine privacy complaints after grabbing EU users’ data for training Grok

Date:

Share post:


X, the social media platform owned by Elon Musk, has been targeted with a series of privacy complaints after it helped itself to the data of users in the European Union for training AI models without asking people’s consent.

Late last month an eagle-eyed social media user spotted a setting indicating that X had quietly begun processing the post data of regional users to train its Grok AI chatbot. The revelation led to an expression of “surprise” from the Irish Data Protection Commission (DPC), the watchdog that leads on oversight of X’s compliance with the bloc’s General Data Protection Regulation (GDPR).

The GDPR, which can sanction confirmed infringements with fines of up to 4% of global annual turnover, requires all uses of personal data to have a valid legal basis. The nine complaints against X, which have been filed with data protection authorities in Austria, Belgium, France, Greece, Ireland, Italy, the Netherlands, Poland and Spain, accuse it of failing this step by processing Europeans’ posts to train AI without obtaining their consent.

Commenting in a statement, Max Schrems, chairman of privacy rights nonprofit noyb which is supporting the complaints, said: “We have seen countless instances of inefficient and partial enforcement by the DPC in the past years. We want to ensure that Twitter fully complies with EU law, which — at a bare minimum — requires to ask users for consent in this case.”

The DPC has already taken some action over X’s processing for AI model training, instigating legal action in the Irish High Court seeking an injunction to force it to stop using the data. But noyb contends that the DPC’s actions thus far are insufficient, pointing out that there’s no way for X users to get the company to delete “already ingested data.” In response, noyb has filed GDPR complaints in Ireland and seven other countries.

The complaints argue X does not have a valid basis for using the data of some 60 million people in the EU to train AIs without obtaining their consent. The platform appears to be relying on a legal basis that’s known as “legitimate interest” for the AI-related processing. However privacy experts say it needs to obtain people’s consent.

“Companies that interact directly with users simply need to show them a yes/no prompt before using their data. They do this regularly for lots of other things, so it would definitely be possible for AI training as well,” suggested Schrems.

In June, Meta paused a similar plan to process user data for training AIs after noyb backed some GDPR complaints and regulators stepped in.

But X’s approach of quietly helping itself to user data for AI training without even notifying people appears to have allowed it to fly under the radar for several weeks.

According to the DPC, X was processing Europeans’ data for AI model training between May 7 and August 1.

Users of X did gain the ability to opt out of the processing via a setting added to the web version of the platform — seemingly in late July. But there was no way to block the processing prior to that. And of course it’s tricky to opt out of your data being used for AI training if you don’t even know it’s happening in the first place.

This is important because the GDPR is explicitly intended to protect Europeans from unexpected uses of their information which could have ramifications for their rights and freedoms.

In arguing the case against X’s choice of legal basis, noyb points to a judgement by Europe’s top court last summer — which related to a competition complaint against Meta’s use of people’s data for ad targeting — where the judges ruled that a legitimate interest legal basis was not valid for that use-case and user consent should be obtained.

Noyb also points out that providers of generative AI systems typically claim they’re unable to comply with other core GDPR requirements, such as the right to be forgotten or the right to obtain a copy of your personal data. Such concerns feature in other outstanding GDPR complaints against OpenAI’s ChatGPT.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Lighthouse, an analytics provider for the hospitality sector, lights up with $370M at a $1B valuation

Here is yet one more sign of the travel industry’s noticeable boom: a major growth round for...

DOJ: Google must sell Chrome to end monopoly

The United States Department of Justice argued Wednesday that Google should divest its Chrome browser as part...

WhatsApp will finally let you unsubscribe from business marketing spam

WhatsApp Business has grown to over 200 million monthly users over the past few years. That means there...

OneCell Diagnostics bags $16M to help limit cancer reoccurrence using AI

Cancer, one of the most life-threatening diseases, is projected to affect over 35 million people worldwide in...

India’s Arzooo, once valued at $310M, sells in distressed deal

Arzooo, an Indian startup founded by former Flipkart executives that sought to bring “best of e-commerce” to...

OpenAI accidentally deleted potential evidence in NY Times copyright lawsuit

Lawyers for The New York Times and Daily News, which are suing OpenAI for allegedly scraping their...

Hyundai reveals the Ioniq 9, its biggest EV to date

Hyundai revealed Wednesday the new Ioniq 9, an all-electric three-row SUV — and its largest EV to...

Nvidia’s CEO defends his moat as AI labs change how they improve their AI models

Nvidia raked in more than $19 billion in net income during the last quarter, the company reported...