Summary: The Data Protection Commission (DPC) of Ireland has initiated High Court proceedings against Twitter International for potential violations of the EU’s General Data Protection Regulation (GDPR) related to the use of personal data in training its AI tool, Grok. The DPC claims that Twitter’s data processing practices are inadequate and have refused to halt the launch of Grok, prompting legal action.
Threat Actor: X Corp | X Corp
Victim: Twitter International Unlimited Company | Twitter International Unlimited Company
Key Point :
- The DPC is concerned about the collection and processing of personal data from millions of European users for AI training purposes.
- Twitter International has begun implementing mitigation measures but the DPC argues they are insufficient for GDPR compliance.
- This legal challenge marks a significant precedent as it is the first of its kind in the Irish courts regarding data protection enforcement.
- The DPC has also referred the case to the European Data Protection Board for further consideration.
The Data Protection Commission (DPC), Ireland’s data protection regulator, has launched High Court proceedings against Twitter International Unlimited Company, X Corp’s European subsidiary, over the rollout of Grok, its AI-powered enhanced search tool.
The DPC’s concerns are around the use of the personal data of millions of European users of X to train AI systems powering Grok.
The regulator claims that the way X Corp’s European subsidiary collects this data to launch the next version of Grok, expected for August 2024, is breaching the EU’s General Data Protection Regulation (GDPR).
Although Twitter International recently started implementing mitigation measures that were not in place when the data processing to build Grok began, the regulator claims these are not enough to comply with GDPR.
Additionally, the DPC claimed that Twitter International has refused its requests to cease processing the personal data in question or to delay the launch of the next version of Grok, which should be available for X’s Premium and Premium + users.
Therefore, the Irish regulator considered it urgent to challenge X Corp and its European branch and decided to take action through court proceedings.
The DPC is represented by Remy Farrell SC from Philip Lee Solicitors.
This is the first time a legal challenge of this kind has been brought before the Irish courts.
The judge overseeing the case, Ms Justice Leonie Reynolds, granted the DPC permission to expedite legal proceedings against Twitter on August 6 and scheduled a follow-up hearing later that week.
The DPC said it will also refer the matter to the European Data Protection Board, the EU’s top data protection authority, for consideration.
Ireland’s DPC is at the forefront of data protection enforcement in Europe. Many Big Tech companies’ European headquarters are located in Dublin, including Alphabet and Meta.
Source: https://www.infosecurity-magazine.com/news/dpc-twitter-court-ai-data-grok