The Irish Data Protection Commission (DPC) has launched an inquiry into whether X Internet Unlimited Company (XIUC), the European data controller for the social media platform X, formerly known as Twitter, lawfully processed personal data from EU/EEA users to train its generative artificial intelligence (AI) models.
The investigation will focus on the use of publicly accessible posts from European users in the development of Grok, a suite of large language models (LLMs) created by Elon Musk’s AI company, xAI. These LLMs power AI-driven features on the X platform, including a chatbot-like tool that responds to user queries.
The inquiry, initiated under Section 110 of the Irish Data Protection Act 2018, aims to assess whether X’s data collection practices comply with key General Data Protection Regulation (GDPR) provisions, particularly concerning transparency and the legal basis for processing personal data.
The DPC’s probe will specifically assess whether XIUC obtained proper consent or had another lawful basis to repurpose users’ posts for AI training purposes. The decision to begin the inquiry was made by Data Protection Commissioners Dr. Des Hogan and Dale Sunderland, and XIUC was notified earlier this week.
XIUC, which took over from Twitter International Unlimited Company (TIUC) as the data controller for EU users on April 1, 2025, informed the DPC of the name change on March 25 as part of ongoing corporate rebranding efforts.
As Irish regulators and other regulators around the world grapple with how AI companies gather training data, this inquiry could set an important precedent for how personal data on public platforms may—and may not—be used to train powerful generative AI systems.
Need Help?
If you’re wondering how these Irish measures, or any other AI regulations and laws worldwide could impact you and your business, don’t hesitate to reach out to BABL AI. Their Audit Experts can address your concerns and questions while offering valuable insights.
