The European Union's lead privacy watchdog has concluded court proceedings against X (formerly Twitter) regarding its handling of user data for training AI models without consent. This development follows X's agreement to adhere to a commitment made last month in front of an Irish High Court judge.
In early August, X suspended the processing of data from European users for AI training after Ireland’s Data Protection Commission (DPC) filed legal action against the company, owned by Elon Musk, for using individuals' information without permission to train its AI chatbot, Grok.
Meta has faced similar challenges in the EU over data protection issues, having previously announced a pause in such processing in June. Thus, X isn't alone in drawing regulatory scrutiny while attempting to repurpose user data for AI model training.
On Wednesday, the DPC stated, “We are pleased to announce the conclusion of the legal actions initiated before the Irish High Court on August 8, 2024. The matter was addressed in court this morning, and proceedings have been dismissed based on X's commitment to permanently comply with the terms of the undertaking (DPC Statement issued 08 Aug 24).”
DPC chairperson Des Hogan remarked, “The DPC welcomes today’s resolution, which safeguards the rights of EU/EEA citizens. This case highlights the DPC’s commitment to taking necessary actions in coordination with other European regulators. We appreciate the Court’s attention to the matter.”
Though the specifics of X’s permanent agreement with the DPC have not been publicly disclosed, it is believed to restrict how the company utilizes user data. We have approached the DPC for clarification and will update the story accordingly.
As of now, X has not commented on its arrangement with the DPC. Previously, the platform expressed its discontent with the Irish regulator through a Global Government Affairs account. In an August 7 post on X, the company labeled the DPC's actions as “deeply troubling” and accused it of unjustly targeting X.
However, under the EU's General Data Protection Regulation (GDPR), there are strict requirements for processing personal data, including the need for a valid legal basis to use individuals' information. X has faced multiple GDPR complaints for utilizing people's data for Grok training without consent.
Why might X be retreating from this legal battle now? Confirmed GDPR violations could incur fines of up to 4% of global annual revenue. Notably, X has yet to face penalties for actions serious enough for the DPC to seek a court injunction.
It also seems X could be choosing its legal battles more strategically, as Musk is already engaged in several high-profile legal and regulatory conflicts.
Max Schrems, a prominent European privacy rights activist whose organization (noyb) has filed GDPR complaints against X and others regarding AI training, told us: “Essentially, Twitter has avoided fines, despite clear legal violations. Data already used for ‘Grok AI’ won’t be deleted, and Twitter continues offering the AI product based on improperly obtained data.”
Schrems confirmed that noyb will maintain its complaints on this matter: “We will continue our complaints, which deserve proper examination by the DPC, without any backroom agreements.”
On Wednesday, the DPC requested the European Data Protection Board (EDPB) to provide guidance on the broader issues arising from the use of personal data in AI models, seeking clarity in this complicated area.
“The opinion aims to explore how personal data is processed at various stages of AI model training and operation, including the considerations necessary to evaluate the legal basis used by data controllers for that processing,” the DPC stated.
In a supporting comment, DPC commissioner Dale Sunderland said, “The DPC hopes this guidance will foster proactive and consistent regulations across Europe and assist in addressing various complaints related to different data controllers training AI models.”
An earlier request for EDPB guidance regarding the GDPR's application to OpenAI’s ChatGPT—an alternative to X’s Grok—resulted in a preliminary report in May that left critical legal questions about processing laws unresolved.
Update: We have obtained a copy of the undertaking between X and the DPC regarding data used for AI training:
“Without prejudice to its position in the proceedings, Twitter International Unlimited Company undertakes that personal data from publicly accessible EU/EEA posts made by users on the ‘X’ platform, which has been used for developing, training, or refining Grok between May 7, 2024, and August 1, 2024, shall be deleted and not processed for those purposes.”
Ranking
