The privacy group, None Of Your Business (NOYB), has hit X with nine GDPR complaints. NOYB accused X of unauthorized user data training with Grok. It comes after the Irish Data Protection Commission launched court proceedings against X.
NOYB alleges that the Irish DPC neglected to enforce GDPR privacy norms. It claims that the DPC is focusing on mitigation measures instead of the core violations. In a statement, Max Schrems, Chairman of NOYB, said:
"The court documents are not public, but from the oral hearing we understand that the DPC was not questioning the legality of this processing itself. It seems the DPC was concerned with so-called ‘mitigation measures’ and a lack of cooperation by Twitter. The DPC seems to take action around the edges, but shies away from the core problem."
The core problem, according to NOYB, is that X used EU users" data to train its AI. In May 2024, the company started "irreversibly" inputting user data without obtaining consent. NOYB said that X should follow GDPR rules and ask users to use their data.
You can learn how to opt out of training in our guide.
To help protect users in the EU, NOYB has filed complaints with DPCs in various countries. The countries are Austria, Belgium, France, Greece, Ireland, Italy, the Netherlands, Spain, and Poland. It has requested an urgency procedure to get to a conclusion quicker as X is already training with the data.
If NOYB succeeds in its quest to protect user data from Elon Musk"s Grok AI, X may need to start over. The privacy organization said that there is no way to remove the EU data, meaning X would have to begin again. If X did have to start again, it would also have to ask permission to use data.
Elon Musk previously stated that he wants Grok 2 out in August and Grok 3 out by the end of the year. If NOYB"s requests are answered before those models come out, it could set X back months.