Privacy advocacy group None Of Your Business (Noyb) has filed complaints against social media platform X in nine European Union countries, alleging widespread violations of data protection laws. The complaints center on X's alleged use of personal data from over 60 million users to develop artificial intelligence technologies, including the Grok chatbot, without obtaining user consent.
Noyb, co-founded by Austrian privacy activist Max Schrems, claims that X has been using personal data for AI training since at least July 2023 without informing users or seeking their permission. This practice potentially violates the EU's General Data Protection Regulation (GDPR), which requires companies to inform users and obtain consent before using their data.
The complaints were filed with data protection authorities in Austria, Belgium, France, Greece, Ireland, Italy, the Netherlands, Poland, and Spain. Noyb is calling for a thorough investigation into X's data handling practices and has raised several key questions, including how X separates European user data from that of other users and what has happened to data already fed into AI systems.
Last week, Ireland's Data Protection Commission (DPC) initiated legal action against X to halt what it described as illegal data processing. However, Noyb criticized the DPC for focusing on mitigation measures rather than addressing the core issue of unauthorized mass data collection.
The privacy group argues that X could have easily avoided this controversy by simply asking for user consent. Unlike Meta, which recently halted AI training in the EU after facing similar scrutiny, X allegedly did not take such precautions.
This development comes as X faces increasing regulatory pressure in Europe. The company, owned by Elon Musk, is now confronted with the challenge of addressing these allegations while maintaining its AI development efforts.
As the situation unfolds, it raises broader questions about the balance between technological innovation and user privacy in the era of AI development. The outcome of these complaints could have far-reaching implications for how tech companies approach data collection and AI training in the European Union.