"The Grok AI EU scandal began in January 2026 after users discovered that the xAI chatbot, Grok, could generate non-consensual sexualised images of real people - including women, celebrities, politicians, and reportedly minors - using ordinary photos posted online. The images spread rapidly across X (formerly Twitter), triggering outrage from people, governments and regulators across Europe and beyond."
"European authorities argued that Grok's outputs were not merely offensive or harmful content requiring moderation (although we cannot ignore that it did deeply affect people), but potentially unlawful processing of personal and biometric data under the GDPR. Regulators focused on the fact that Grok could generate sexualised or 'nudified' images of identifiable people using ordinary photographs scraped or uploaded online, often without consent."
"Italy's privacy watchdog warned that these practices could amount to serious GDPR violations and even criminal offences, especially where minors were involved. In December 2025, the Italian data protection authority adopted measures around deepfakes, stating that it is: "necessary not only to verify the existence of a legal basis pursuant to art. 6 GDPR but also one of the conditions indicated by art. 9.2 GDPR.""
"Ireland's Data Protection Commission, the EU's lead regulator for X, launched a formal investigation into whether xAI had lawfully processed personal"
In January 2026, users found that the xAI chatbot Grok could generate non-consensual sexualized images of real people, including women, celebrities, politicians, and reportedly minors, using ordinary photos posted online. The images spread rapidly across X, leading to outrage from individuals, governments, and regulators across Europe and beyond. The European Commission launched investigations, while Ireland’s Data Protection Commission opened a GDPR investigation into personal data processing. Regulators framed the issue as potentially unlawful processing of personal and biometric data under the GDPR, not only as harmful content requiring moderation. Italy’s privacy watchdog warned the practices could involve serious GDPR violations and criminal offences, especially involving minors, and emphasized verifying legal bases under GDPR articles 6 and 9.2.
Read at Privacy International
Unable to calculate read time
Collection
[
|
...
]