The UK’s Information Commissioner’s Office (ICO) has launched an investigation into Elon Musk’s social network X (formerly Twitter) in relation to non-consensual sexual imagery generated by Grok, the platform’s AI assistant.
In a statement released on February 3, the UK’s data protection watchdog said it was conducting the investigation because the reported creation of the content “raises serious concerns under UK data protection law and presents a risk of significant potential harm to the public.”
The announcement came the same day French cyber-crime investigators raided X’s Paris offices as part of an operation with similar concerns detailed by the ICO.
The UK’s investigation will examine whether personal data used by Grok has been processed lawfully, fairly and transparently, and whether appropriate safeguards were built into Grok’s design and deployment to prevent the generation of harmful manipulated images using personal data.
The ICO said it was examining the risks as part of a mandate to protect people’s rights and hold organizations to account as they build and deploy AI technology.
“The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this,” said William Malcolm, executive director regulatory risk and innovation at the ICO.
“Losing control of personal data in this way can cause immediate and significant harm. This is particularly the case where children are involved.”
The ICO said it has contacted X to seek “urgent information” on the reports around AI-generated content.
Jon Belcher, data protection partner with Excello Law commented: “The news that the ICO has now opened a formal investigation into X and xAI is welcome. The alteration of images to create deepfakes involves the processing of personal data and so falls squarely within the ICO’s remit.”
He added that under the UK’s data protection laws, the ICO has significant powers, not only to issue large fines, but also to require organizations to take steps to bring their processing into compliance.
“Users of X whose images were manipulated without their consent will expect to see the ICO move quickly and take decisive action in this case,” Belcher concluded.
Infosecurity has contacted X for comment.
Image credits: Primakov / Shutterstock