X & Grok: DPC Opens GDPR Inquiry into AI-Generated Sexual Images

by Marcus Liu - Business Editor
0 comments

X Faces GDPR Inquiry Over AI-Generated Sexualized Images

The Data Protection Commission (DPC) in Ireland has launched a full inquiry into X (formerly Twitter) following reports of users leveraging its artificial intelligence chatbot, Grok, to create and share non-consensual intimate images, including those depicting children. The investigation centers on potential breaches of the General Data Protection Regulation (GDPR).

Investigation Details

The DPC announced the inquiry on February 17, 2026, under section 110 of the Data Protection Act 2018. The inquiry will specifically examine whether X Internet Unlimited Company (XIUC) has adhered to its obligations under the GDPR, focusing on principles of data processing, the lawfulness of processing, data protection by design and default, and the necessity of conducting a Data Protection Impact Assessment [Data Protection Commission].

Grok and the ‘Nudification’ Scandal

Recent weeks have seen growing concern over Grok’s capabilities, with reports surfacing that users were able to prompt the AI to generate sexualized images of individuals without their consent, a practice often referred to as “nudification.” This includes instances involving images of women and children [Irish Times]. The DPC began engaging with X regarding these allegations several weeks ago.

EU-Wide Scrutiny

This inquiry by the DPC, as the Lead Supervisory Authority for XIUC across the EU/EEA, is part of a broader wave of scrutiny. The European Commission initiated its own investigation last month under the EU’s Digital Services Act (DSA) [RTÉ]. Coimisiún na Meán, the Irish media regulator, is expected to play a key role in the EU-level investigation, given X’s European headquarters are located in Dublin.

DPC Statement

Deputy Commissioner Graham Doyle stated, “The DPC has been engaging with XIUC since media reports first emerged a number of weeks ago concerning the alleged ability of X users to prompt the @Grok account on X to generate sexualised images of real people, including children. As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry which will examine XIUC’s compliance with some of their fundamental obligations under the GDPR in relation to the matters at hand.” [Data Protection Commission]

Potential Consequences

If found in violation of GDPR, X could face substantial fines and be required to implement significant changes to its data processing practices. The outcome of the inquiry will likely set a precedent for the regulation of AI-powered tools and their potential for misuse on social media platforms.

Related Posts

Leave a Comment