Ireland's Data Protection Commission (DPC) has initiated a formal, large-scale investigation into X (formerly Twitter) concerning its Grok AI chatbot's role in generating and disseminating non-consensual sexualized images, including those depicting children. The inquiry targets X Internet Unlimited Company (XIUC), the platform's EU-registered legal entity, and will assess compliance with core obligations under the General Data Protection Regulation (GDPR).
The DPC, acting as the Lead Supervisory Authority for X across the EU/EEA, will examine whether X adhered to GDPR principles regarding lawful data processing, privacy-by-design, and whether a required data protection impact assessment was conducted. Deputy Commissioner Graham Doyle stated the inquiry focuses on "the apparent creation, and publication on the X platform, of potentially harmful, non-consensual intimate and/or sexualised images… including children" using Grok's tools.
This action is part of a widening global regulatory crackdown. A report from the Center for Countering Digital Hate (CCDH) last month estimated that Grok generated over 23,000 sexualized images of children in an 11-day period, with about one-third remaining accessible on X. In response to the backlash, X restricted Grok's image generation to paid subscribers, added technical barriers, and geoblocked the feature in certain jurisdictions.
The Irish probe is the latest in a series of formal actions. In January, the European Commission opened a Digital Services Act (DSA) investigation into X over Grok's alleged role in spreading illegal content. French authorities subsequently raided X's Paris offices and summoned Elon Musk for questioning. Separate investigations are also underway by UK regulators Ofcom and the Information Commissioner's Office, and by Australia's eSafety Commissioner. In the U.S., California Attorney General Rob Bonta announced a formal investigation into xAI and Grok.
