Noyb files multiple complaints against X’s European AI training plan
Noyb wants to thwart X’s plan to train its AI technology. To do so, the Austrian privacy organization has filed complaints in Austria, Belgium, France, Greece, Ireland, Italy, the Netherlands, Spain, and Poland.
According to Noyb, X unlawfully collects and uses personal data of over 60 million users in Europe to train its AI chatbot Grok. The tech company did so without informing users, let alone asking for permission.
The Data Protection Commission (DPC), the Irish data protection authority (DPA), noticed X’s practices and took the company to court to put an end to the illegal processing of personal data. However, the DPC didn’t question the legality of the processing, but rather focused on so-called ‘mitigation measures’ and the lack of cooperation by X.
According to Noyb chairman Max Schrems, the Irish DPA only takes half-hearted measures. “The DPC seems to take action around the edges, but shies away from the core problem,” he says.
X agreed to temporarily pause further training of AI chatbot Grok with data gathered from European users. However, a lot of questions remain unanswered. For example: what will happen with EU data that was already collected? And how does X separate EU and non-EU data?
Schrems points out that X is using ‘legitimate interest’ as a legal basis for collecting data, meaning the company doesn’t need explicit consent from European users. This approach however has already been rejected by the European Court of Justice when Meta was using personal data for training purposes for its AI technology. The company called it “a step backwards for European innovation”.
Schrems is also concerned that European users can’t appeal to other GDPR rights, like the right to access data (article 15 GDPR), the right to rectification (article 16 GDPR), and the right to be forgotten (article 17 GDPR). Once data has been absorbed into an AI system, companies claim it’s impossible to comply with GDPR requirements.
Given the fact X has already started collecting personal data from European users and there’s no option to remove this data, Noyb has requested an ‘urgency procedure’. This means that a supervisor can immediately adopt provisional measures if there’s an urgent need to protect the rights and freedoms of its citizens.
To put pressure on the DPC, Noyb has filed complaints in nine EU member states. “We have seen countless instances of inefficient and partial enforcement by the DPC in the past years. We want to ensure that Twitter [X] fully complies with EU law, which – at a bare minimum – requires asking users for consent in this case,” Schrems explains.
Your email address will not be published. Required fields are marked