Privacy Complaints Filed Against Elon Musk’s X for Using Personal Data in AI Training Without Consent
Published on August 13, 2024
- A European privacy advocate filed 9 complaints for GDPR breaches against X.
- The social media giant allegedly failed to inform European users or obtain their consent to use their personal data for AI training.
- The entity mentions that X turned on the AI data-sharing option by default.
Social media giant X (formerly Twitter) unlawfully used the personal data from over 60 million users in the EU/EEA without notice or asking for their consent to train its AI technologies, as per nine General Data Protection Regulation (GDPR) complaints filed by European privacy advocate NOYB (None of Your Business).
The NOYB allegations say that in May 2024, the U.S.-based social media platform owned by Elon Musk started irreversibly feeding the private data of European users into Grok, X's AI language model, by activating this setting by default for everyone.
In the 'Data Sharing' section, X states that it may leverage user posts, interactions, inputs, and results to fine-tune and train Grok. However, NOYB says the social media giant never announced this feature, which cannot be turned off via mobile. However, users can disable it via the Web, where it's hidden.
Apparently, most users learned about the new default setting two months after the AI training began via a viral X post.
With the introduction of its AI technology, Twitter appears to have breached GDPR provisions, including principles, transparency rules, and operational rules, with NOYB listing several violations in its complaints.
Last week, the Irish Data Protection Commission (DPC) launched court proceedings against X to stop the illegal processing but did not fully enforce the GDPR, as the DPC settled with Twitter to pause further training of the algorithm using EU data until September.
In related news, giant tech company Meta decided to offer an ad-free subscription in the E.U. that the European Commission said violates the Digital Markets Act (DMA). This “pay or consent” advertising model forces users to choose between having their personal data used to deliver ads or paying for an ad-free experience that uses less user information.
Meta’s reply to these preliminary findings is expected soon, as the Commission announced its intent to conclude this investigation by March 2025.