Technology & Science
Ireland Opens GDPR Probe into X’s Grok Over AI Sexual Deepfakes
On 17 Feb 2026, Ireland’s Data Protection Commission formally launched a large-scale GDPR investigation into X’s Grok chatbot after reports it still generated non-consensual sexualised images, including of minors, despite earlier curbs.
Focusing Facts
- X Internet Unlimited Company was officially served the inquiry notice on 17 Feb 2026 under Section 110 of Ireland’s Data Protection Act 2018.
- If found in breach of GDPR, X faces fines up to 4 % of its global annual turnover.
- Researchers at the Center for Countering Digital Hate counted 23,338 child-related sexualised images produced by Grok between 29 Dec 2025 and 9 Jan 2026, with roughly one-third still live on the platform when sampled.
Context
Brussels’ latest move echoes the EU’s 2018 GDPR debut—when Facebook was first fined €50 million in 2019—yet the technological trigger is closer to the 2001 Napster clamp-down: a novel tool spreads illicit content faster than existing law can respond, so regulators target the gatekeeper. Ireland’s action fits a decades-long trend of Europe using privacy law to project digital sovereignty over foreign tech, much as the US wielded antitrust against Standard Oil in 1911 to tame industrial scale. Whether Musk’s platform pays a percentage-of-revenue penalty or rewrites its model-guardrails, the precedent could ripple for a century: states asserting ex-territorial control over generative AI outputs, just as 20th-century governments eventually regulated radio, film and then social media. Yet history also warns of overreach—the 1873 Comstock laws criminalised “obscene” mail but were rolled back within 40 years. The lasting significance may be less about any single fine and more about cementing the principle that synthetic imagery involving real people is personal data, a legal notion that could define AI governance throughout the 21st century.
Perspectives
European mainstream media
e.g., CNN, RFI — Frame the DPC inquiry as a necessary extension of the EU’s child-protection and privacy regime, underscoring Brussels’ willingness to levy big fines and even raids to keep Big Tech in line. Coverage stresses the virtue of muscular European regulation while glossing over worries about innovation or free-speech implications, reinforcing the EU’s self-image as the world’s digital sheriff.
Tech-industry trade press
e.g., The Register, Engadget, Decrypt — Treat the probe as yet another regulatory headache in a growing global patchwork, focusing on legal exposure, GDPR clauses, and X’s technical counter-measures rather than on moral outrage. By zeroing in on process and technical minutiae, these outlets risk normalising scandal fatigue and under-playing the broader societal harm of non-consensual deepfakes.
US conservative-leaning voices cited in business outlets
e.g., Mint, Raw Story quotes of JD Vance — Cast EU investigations as politically-motivated attacks on American firms, suggesting massive fines are a de-facto tax on free speech and innovation. This framing echoes domestic culture-war talking points, downplaying documented child-safety abuses in favour of portraying Musk and X as victims of European over-reach.