Elon Musk’s social media platform, X, is facing multiple privacy complaints in Europe after it was discovered that the company used the personal data of European users to train its AI models without their permission. This data processing came to light after a user noticed a setting that indicated X was using posts for this purpose. The Irish Data Protection Commission (DPC), which oversees compliance with EU privacy laws, expressed surprise at this discovery.
The EU’s General Data Protection Regulation (GDPR) mandates that companies must have a valid legal basis for using personal data, such as obtaining user consent. However, X processed data from around 60 million EU users without asking for permission, which has led to nine complaints being filed against the company in various EU countries.
The DPC has already taken legal action against X, seeking to stop the data processing, but privacy rights group noyb argues that this is not enough. They highlight that users cannot request the deletion of data that has already been used by X. The group insists that companies like X should get explicit consent from users before using their data, especially for AI training, as was seen when Meta paused a similar plan following privacy complaints.
Although X eventually allowed users to opt out of the data processing in late July, it only applied after the fact, leaving many unaware that their data had already been used.
