European regulators have initiated a formal privacy investigation into Elon Musk’s social media platform X following concerning revelations about its Grok AI chatbot’s capacity to generate nonconsensual deepfake imagery. Ireland’s Data Protection Commission (DPC), acting as the lead EU privacy authority for X, announced the probe Tuesday under the bloc’s stringent General Data Protection Regulation (GDPR).
The investigation stems from Grok’s recently demonstrated ability to produce sexually explicit and intimate imagery without consent, including transparent clothing depictions and apparent child imagery. The AI tool, developed by Musk’s xAI company and integrated within X’s platform, had enabled users to generate these concerning outputs through specific prompts, with results visible publicly across the social network.
Irish Deputy Commissioner Graham Doyle confirmed the DPC has been engaging with X since initial media reports surfaced weeks ago regarding these capabilities. The investigation will specifically examine whether X violated GDPR requirements regarding the processing of European citizens’ personal data, including that of minors, through these AI-generated deepfakes.
This EU action adds to growing international scrutiny facing X. French authorities recently conducted raids on X’s Paris offices and summoned Musk for questioning, while UK regulators have opened parallel investigations despite Britain’s departure from the EU. X already faces a separate EU examination regarding compliance with digital content regulations aimed at preventing the spread of illegal material, including child sexual abuse content.
The platform could potentially face substantial financial penalties if found in violation of GDPR provisions, which allow fines of up to 4% of global annual revenue. X did not respond to requests for comment regarding the newly announced investigation.