Ireland’s Data Protection Commission has initiated a formal investigation into X following reports that its Grok AI tool generated significant amounts of non-consensual sexualized imagery. The inquiry specifically examines whether the platform violated European data protection laws by processing personal data to create harmful content, including images depicting children.

The Irish Data Protection Commission recently announced a statutory inquiry into X Internet Unlimited Company regarding the generative artificial intelligence features associated with the Grok model. This regulatory action stems from concerns over the creation and publication of intimate or sexualized images of real individuals, which the commission believes involves the processing of personal data belonging to residents of the European Union and the European Economic Area. The probe is particularly focused on the potential inclusion of minors in these AI-generated depictions, prompting an examination of the platform’s adherence to strict data security and privacy mandates.

In response to previous controversies regarding image manipulation, X had already modified its safety protocols to restrict certain editing capabilities. The company’s safety team blocked the ability to add revealing clothing to images of real people and moved image creation tools behind a paywall for subscribers. These changes were intended to provide a layer of accountability and deter users from abusing the AI to violate laws or internal policies, though the new investigation suggests these measures may have been insufficient to satisfy European regulators.

The current investigation will determine if X fulfilled its core obligations under the General Data Protection Regulation, specifically focusing on the principles of lawful processing and data protection by design. Regulators are scrutinizing whether the company conducted the required impact assessments before deploying these generative tools to the public. As the lead supervisory authority for X in the European Union, the Irish commission has the power to evaluate whether the company’s technical and organizational safeguards were robust enough to protect the fundamental rights of users.

Ireland is not the only jurisdiction looking into X’s practices, as the company faces a wave of international scrutiny from regulators in the United Kingdom, Canada, Australia, and several other nations. These authorities are coordinating to address the cross-border implications of AI-generated content that bypasses traditional safety filters. The scope of these investigations has expanded as new reports emerge regarding the speed and volume at which problematic content can be produced and disseminated across the social media platform.

Data provided by the Center for Countering Digital Hate underscores the scale of the challenge, estimating that millions of sexualized images were generated shortly after the tool’s launch. Their research highlighted a high frequency of images appearing to depict minors, many of which remained accessible to the public long after their creation. This data serves as a critical backdrop for the commission's inquiry, highlighting the potential for large-scale data processing violations when generative AI tools are deployed without comprehensive oversight.

Source: Irish Regulator Probes X After Grok Allegedly Generated Illegal Images