Investigation Launched into X's Dissemination of Alleged Child Sexual Abuse Material: DPC Inquiry and GDPR Compliance

Ireland's data protection regulator has initiated a significant investigation into X regarding the dissemination of alleged child sexual abuse material. The inquiry focuses on the creation and publication of such material involving the personal data of EU/EEA data subjects, including children. The Data Protection Commission (DPC) will specifically examine content generated using the Grok AI tool on the platform.
The X Internet Unlimited Company (XIUC) was informed of the inquiry on Monday, and the DPC will assess the company's compliance with GDPR obligations related to data processing and protection. Deputy Commissioner Graham Doyle stated that the DPC has been in communication with XIUC since reports surfaced about the alleged generation of sexualized images, including those of children, through the @Grok account on X.
As the lead supervisory authority for XIUC in the EU/EEA, the DPC has launched a comprehensive inquiry to evaluate the company's adherence to GDPR requirements concerning the reported issues. Additionally, the European Commission is conducting its investigation into the social media platform regarding the AI-generated abuse material. Ireland's media regulator, Coimisiun na Mean, is collaborating with the Commission's inquiry under the Digital Service Act but has opted not to initiate its investigation under the Online Safety Code.
In conclusion, the DPC's inquiry into X's publication of alleged child sexual abuse material underscores the importance of upholding data protection regulations and safeguarding individuals' privacy rights. The investigation aims to ensure compliance with GDPR obligations and address concerns surrounding the dissemination of sensitive content on the platform.