With input from CNN, the Financial Times, the Hill, Reuters, and the Wall Street Journal.
Europe’s privacy cop has kicked off a big investigation into X after the platform’s AI chatbot started churning out sexualized, non-consensual images — some allegedly involving children — and the outrage went global.
Ireland’s Data Protection Commission (the regulator that leads GDPR enforcement for the platform) said it’s launched a “large-scale” inquiry to figure out whether X handled the personal data of EU citizens properly when Grok generated and shared those images. Data Protection Commission also warned it will probe X’s compliance with core GDPR duties; violations can carry fines of up to 4% of global revenue.
Deputy commissioner Graham Doyle, who announced the move, said the watchdog had been engaging with the platform since reports first surfaced about users prompting Grok to make sexualised images of real people. Graham Doyle said the inquiry will look at how the company assessed and tried to mitigate risks before rolling the tool out across the EU.
Grok was built by Elon Musk’s AI outfit, and the bot is embedded in the social feed after the startup acquired the app last year. xAI is at the center of the row because Grok’s outputs were public and easily shareable, which made the fallout immediate and widespread.
The Irish move piles on top of probes in the UK and police action in France. Britain’s data regulator, the Information Commissioner’s Office, has opened its own formal investigation into the chatbot’s handling of personal data. Information Commissioner’s Office said it’s looking at the risk the system poses for producing harmful sexualised image and video content.
France’s authorities even raided X’s Paris offices and questioned senior staff as part of an expanding inquiry, and Spain has ordered prosecutors to investigate platforms over AI-generated child sexual abuse material. The Spanish prime minister, Pedro Sánchez, called the content an attack on children’s rights and urged action.
X has tried to tamp down Grok’s capabilities after the uproar, saying it has restricted the bot’s ability to generate explicit images — but reports suggest the bot kept producing problematic content in response to certain prompts, which is why regulators aren’t satisfied yet.
For the company, this is more than a PR nightmare. Regulators in Europe are treating the incident as a potential GDPR breach, and the Irish watchdog is the lead authority because the company’s European operations are based in Dublin. That gives the inquiry real teeth.
Bottom line: what started as a wave of ugly AI images has turned into a full regulatory assault across Europe. The story’s still unfolding, but one thing’s clear — companies that bolt powerful image tools to social platforms are going to face intense legal and political scrutiny when those tools go off the rails.
The latest news in your social feeds
Subscribe to our social media platforms to stay tuned