Grok Faces Prosecution For Misusing AI Training Data

Elon Musk’s X platform (formerly Twitter) is under pressure from data regulators as it has emerged that users are consenting to their posts being used to build Artificial Intelligence (AI) systems via a default setting on the app without their explicit permission 

An X user exposed a setting on the app that activated by default and permitted the account holder’s posts to be used for training Grok, an AI chatbot built by Musk’s Grok AI business. This means X can exploit user posts, interactions, and outputs from Grok for training and refining its AI, requiring users to manually opt-out. 

Now, the UK and Irish data regulators have contacted X over the apparent attempt to gain user consent for data harvesting without them giving specific consent.

Under UK GDPR, which is based on the EU data regulation, companies are not allowed to use “pre-ticked boxes” or “any other method of default consent”. The setting, which comes with an already ticked box, states that you “allow your posts as well as your interactions, inputs and results with Grok to be used for training and fine-tuning”. 
Data regulators immediately expressed concern about the default setting. In the UK, the information commissioner’s office (ICO) said it was “making enquiries” with X.

The Data Protection Commission (DPC) in the Republic of Ireland, the lead regulator for X across the European Union, said it had already been speaking to Musk’s company about data collection and AI models and was surprised to learn of the default setting.

Large language models are the technology underpinning chatbots such as ChatGPT and Grok and are fed vast amounts of data scraped from the Internet in order to spot patterns in language and build a statistical understanding of it. This ultimately enables chatbots to churn out convincing-looking answers to queries.

This approach has met with opposition in multiple areas, with numerous claims that this process breaches copyright laws, as well as data privacy and consumer protect rules. 

  • Earlier this year, the New York Times newspaper started legal action for copyright infringement against Micorsoft and OpenAI over their unauthorised use of millions of pages of text to train their AI model, ChatGPT. 
  • Now, European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints against X for the use of personal data from over 60 million European users to train Grok. It was shared that X did not inform its users that their data was being used to train AI and that they hadn’t consented to this practice. 

Chris Denbigh-White, CSO at Next DLP commented “The General Data Protection Regulation (GDPR) was explicitly written with the aim of protecting an individual's privacy and to stop organisations from having free rein over people’s data... However, since the regulations were introduced six years ago, technologies have emerged that present new data protection challenges.

“GenAI, for example, processes and generates huge amounts of data – including personal data – requiring organisations to take a mindful approach to the technology. As with any other software-as-a-service (SaaS) tool, organisations need to act thoughtfully through a framework whereby they understand the data flows and risks.

There’s no reason AI can’t be compliant with GDPR, but companies need to take the time to get it right... Organisations need to prioritise legality over speed. After all, the backlash over a legal issue is much more significant than that of the potential complaints over the timeline.”  Denbigh-White concludes.

ICO.org   |   Data Protection Commission     |    X,com   |      Times of India   |   Guardian   |    BeeBom   |  

Bleeping Computer

You Might Also Read: 

Generative Artificial Intelligence Models Leak Private Data:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« The AI Threat: How Can Businesses Protect Themselves?
DDoS Attack Knocks Azure Offline »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Italian Association of Critical Infrastructure Experts (AIIC)

Italian Association of Critical Infrastructure Experts (AIIC)

AIIC acts as a focal point in Italy for expertise on the protection of Critical Infrastructure including ICT networks and cybersecurity.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Access Talent Today

Access Talent Today

Access Talent Today is an AI/ML and cyber security talent provider.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.

Interpres Security

Interpres Security

Interpres Security operationalizes TTP-based threat intelligence and automates continuous exposure monitoring to help CISOs and security practitioners reduce threat exposure.