X, previously known as Twitter, has subtly implemented a change that seems to automatically include user data in its AI training pool for Grok. This update, noticed by users on Friday, could raise privacy concerns.
Grok is a conversational AI, or large language model (LLM), developed by X, which is owned by Elon Musk. It aims to compete with OpenAI's popular ChatGPT but promises to be less politically correct and more humorous. Users worried about their X data being utilized for Grok's training can find instructions on how to opt out of this feature.
This recent change has attracted attention from X’s European privacy regulator, the Irish Data Protection Commission (DPC). A representative from the DPC expressed surprise at the platform's decision and confirmed that they have reached out to X for clarification. “The DPC has been in discussions with X regarding this issue for several months, with our most recent communication happening just yesterday," stated DPC Deputy Commissioner Graham Doyle. “Thus, we are taken aback by these developments. We have followed up with X today and await their response, expecting further communication early next week.”
The DPC is responsible for ensuring X complies with the General Data Protection Regulation (GDPR), a crucial EU regulation that can impose fines up to 4% of a company's global annual revenue for non-compliance.
The default Grok data-sharing setting on X states: “Allow your posts, interactions, inputs, and results with Grok to be used for training and fine-tuning.” Further details in smaller print indicate that X may use posts and interactions with Grok to enhance user experiences and that such data might be shared with their service provider, xAI.
The wording is somewhat vague, leaving it uncertain whether X collects all user data for Grok training or restricts this to interactions specifically with the chatbot, which is accessible to X premium subscribers. Regardless, under EU privacy laws, X must have a legitimate legal basis for processing user data, and it remains unclear if such a basis exists.
Just last month, Meta suspended a similar initiative that aimed to repurpose Facebook and Instagram user data for AI training amid GDPR-related concerns in Ireland and the UK. The DPC anticipates further updates regarding the Grok AI data-sharing issue next week.
We reached out to X to request information on the legal grounds for processing European user data for Grok training, but we received only a standard automated response: “Busy now, please check back later.”