Popular social media platform X, formerly known as Twitter, is now embroiled in serious legal challenges over its data use practices.
Privacy advocacy group NOYB (None Of Your Business), spearheaded by privacy activist Max Schrems, has lodged complaints with multiple European data protection authorities, accusing X of using data from over 60 million European users to train its artificial intelligence model, Grok, without proper consent.
These complaints hinge on the fact that X’s decision to train its AI model with user data directly contravenes the General Data Protection Regulation (GDPR), a stringent set of regulations designed to protect the data and privacy of European Union residents.
Under the GDPR, companies must obtain explicit consent before processing personal data, a requirement that NOYB claims X has blatantly ignored.
NOYB’s complaints highlight that X’s default account settings allow the use of personal data to “fine-tune” Grok without explicit consent. Additionally, X shared the collected data with its service provider, xAI, under similar terms.
The unauthorized use of this data reportedly took place between May 7 and Aug. 1, 2024, a timeline that has since been scrutinized by regulatory bodies.
Ireland’s Data Protection Commissioner (DPC) has recently reached an agreement with X, resulting in the suspension of personal-data processing until September. Schrems, however, has criticized the decision, arguing that the DPC is focused on mitigation rather than thoroughly examining X’s actions.
Schrems subsequently expressed dissatisfaction with what he views as a "half-hearted" response from the DPC, prompting NOYB to file multiple GDPR complaints across various articles, advocating for a comprehensive investigation.
Key questions remain unanswered, such as why X failed to notify users about the data usage for Grok's training immediately after it began, what happens to the EU data already included in training datasets, and how X plans to segregate EU from non-EU data effectively. Moreover, concerns linger about why X has not yet implemented a system to request permissions from EU residents for data use in Grok training, a method deemed compliant with GDPR standards.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024