Grok Faces Prosecution For Misusing AI Training Data

Elon Musk’s X platform (formerly Twitter) is under pressure from data regulators as it has emerged that users are consenting to their posts being used to build Artificial Intelligence (AI) systems via a default setting on the app without their explicit permission 

An X user exposed a setting on the app that activated by default and permitted the account holder’s posts to be used for training Grok, an AI chatbot built by Musk’s Grok AI business. This means X can exploit user posts, interactions, and outputs from Grok for training and refining its AI, requiring users to manually opt-out. 

Now, the UK and Irish data regulators have contacted X over the apparent attempt to gain user consent for data harvesting without them giving specific consent.

Under UK GDPR, which is based on the EU data regulation, companies are not allowed to use “pre-ticked boxes” or “any other method of default consent”. The setting, which comes with an already ticked box, states that you “allow your posts as well as your interactions, inputs and results with Grok to be used for training and fine-tuning”. 
Data regulators immediately expressed concern about the default setting. In the UK, the information commissioner’s office (ICO) said it was “making enquiries” with X.

The Data Protection Commission (DPC) in the Republic of Ireland, the lead regulator for X across the European Union, said it had already been speaking to Musk’s company about data collection and AI models and was surprised to learn of the default setting.

Large language models are the technology underpinning chatbots such as ChatGPT and Grok and are fed vast amounts of data scraped from the Internet in order to spot patterns in language and build a statistical understanding of it. This ultimately enables chatbots to churn out convincing-looking answers to queries.

This approach has met with opposition in multiple areas, with numerous claims that this process breaches copyright laws, as well as data privacy and consumer protect rules. 

  • Earlier this year, the New York Times newspaper started legal action for copyright infringement against Micorsoft and OpenAI over their unauthorised use of millions of pages of text to train their AI model, ChatGPT. 
  • Now, European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints against X for the use of personal data from over 60 million European users to train Grok. It was shared that X did not inform its users that their data was being used to train AI and that they hadn’t consented to this practice. 

Chris Denbigh-White, CSO at Next DLP commented “The General Data Protection Regulation (GDPR) was explicitly written with the aim of protecting an individual's privacy and to stop organisations from having free rein over people’s data... However, since the regulations were introduced six years ago, technologies have emerged that present new data protection challenges.

“GenAI, for example, processes and generates huge amounts of data – including personal data – requiring organisations to take a mindful approach to the technology. As with any other software-as-a-service (SaaS) tool, organisations need to act thoughtfully through a framework whereby they understand the data flows and risks.

There’s no reason AI can’t be compliant with GDPR, but companies need to take the time to get it right... Organisations need to prioritise legality over speed. After all, the backlash over a legal issue is much more significant than that of the potential complaints over the timeline.”  Denbigh-White concludes.

ICO.org   |   Data Protection Commission     |    X,com   |      Times of India   |   Guardian   |    BeeBom   |  

Bleeping Computer

You Might Also Read: 

Generative Artificial Intelligence Models Leak Private Data:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible





 

« The AI Threat: How Can Businesses Protect Themselves?
DDoS Attack Knocks Azure Offline »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.

Boo Consulting

Boo Consulting

Boo Consulting is a trusted privacy and risk consultancy firm. We are driven to help you find an appropriate solution that will suit your budget and requirements.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.