EU privacy investigation targets Musk’s Grok chatbot over sexualised deepfake images

Ireland’s Data Protection Commission has opened a formal privacy investigation under the European Union’s General Data Protection Regulation (GDPR) into Elon Musk’s social media platform X and its AI chatbot Grok after the system reportedly generated non-consensual, potentially harmful and sexualised deepfake images, including depictions involving minors. The probe aims to assess whether X, which has its European headquarters in Dublin, complied with EU data privacy laws in processing personal data used by Grok to produce such content.

The regulator said it began engaging with X in recent weeks after reports that users were able to prompt the chatbot to ‘undress’ images of individuals without consent and create inappropriate content. This move adds to mounting scrutiny of Musk’s tech enterprises across Europe, where regulators in Spain, France and Britain are also examining Grok and social media platform practices, while Brussels continues broader investigations into compliance with EU digital and safety rules. Heavy fines — up to 4% of global revenue under GDPR — could be imposed if violations are found. X responded by introducing restrictions on Grok’s image generation capabilities, but authorities say concerns persist and further inquiry is needed to determine compliance with EU law. The case underscores wider tensions between Musk’s operations and European regulators over content moderation, privacy and online safety standards.