X, formerly Twitter, quietly pushed out a change that appears to default user data into its AI training pool for Grok, a move that was spotted by users of the platform on Friday.
Grok is the name of a conversational AI, or large language model (LLM), developed by Elon Musk-owned X and intended as a rival to OpenAI’s viral ChatGPT chatbot — but with less political correctness (and more humor) as its claimed selling point. Anyone concerned about their X info being fed to Musk’s chatbot can learn more about how to turn off the feature here.
The development has caught the attention of X’s European privacy watchdog, the Irish Data Protection Commission (DPC), which told TechCrunch it’s “surprised” by the platform’s move. The watchdog said it has “followed up” and is awaiting a response from X.
“The DPC has been engaging with X on this matter for a number of months, with our latest interaction occurring as recently as yesterday,” DPC deputy commissioner, Graham Doyle, told TechCrunch. “Therefore we are surprised by today’s developments. We have followed up with X today and are awaiting a response. We expect further engagement early next week.”
The DPC leads on oversight of X’s compliance with the European Union’s General Data Protection Regulation (GDPR), a pan-EU law that allows for penalties for confirmed breaches of up to 4% of global annual turnover.
Text accompanying the default-enabled Grok data-sharing setting on X reads: “Allow your posts as well as your interactions, inputs, and results with Grok to be used for training and fine-tuning.” Smaller (grayer) print adds: “To continuously improve your experience, we may utilize your X posts as well as your user interactions, inputs and results with Grok for training and fine-tuning purposes” — with X further specifying such data “may be shared with our service provider xAI for these purposes.”
The language is ambiguous, so it’s not clear whether X is helping itself to all user data for training Grok or whether this processing refers only to user interactions with the chatbot (which is available to subscribers of X premium).
Either way, in the EU the company needs a valid legal basis for processing people’s data under the bloc’s privacy laws. But it’s not clear it has one.
A similar plan by Meta to repurpose the data of Facebook and Instagram users for AI training was paused in Europe just last month after GDPR complaints drove regulatory scrutiny in Ireland and the U.K.
We understand the DPC expects further developments on the Grok AI data-sharing issue next week.
We contacted X to ask about the legal basis it’s relying on for processing European’s data to train Grok. But at the time of writing, the company’s press email had only delivered the standard automated line: “Busy now, please check back later.”
Comment