Published by Global Banking & Finance Review®
Posted on February 17, 2026
3 min readLast updated: February 17, 2026
Add as preferred source on GoogleIreland's DPC investigates Grok AI for GDPR violations related to harmful images. X faces potential fines amid EU scrutiny.
DUBLIN, Feb 17 (Reuters) - Ireland's Data Protection Commission (DPC) said on Tuesday it had opened a formal investigation into X's AI chatbot Grok over the processing of personal data and its potential to produce harmful sexualised images and video, including of children.
The DPC is the lead EU regulator for X because the U.S. company's European Union operations are based in Ireland. It can levy fines of up to 4% of a company's global revenue under the bloc's General Data Protection Regulation (GDPR).
The decision to begin the inquiry was notified to X on Monday, the DPC said in a statement and its purpose was to determine whether X had complied with its obligations under GDPR with regard to the personal data processed.
Grok flooded X last month with AI-altered, near-nude images of real people in response to user requests, triggering widespread global outrage and investigations.
X announced curbs to stop Grok's account on the platform from producing such images, but the Grok chatbot continued to do so when prompted, Reuters found earlier this month.
U.S. President Donald Trump and other members of his administration have criticised EU regulation of U.S. tech companies and described fines imposed on them by the 27-member bloc as a form of taxation.
X's owner, Elon Musk, who is the world's richest man, has also expressed his objections to EU regulations, mainly those imposed directly by Brussels on online content.
"The DPC has been engaging with XIUC (X Internet Unlimited Company) since media reports first emerged a number of weeks ago concerning the alleged ability of X users to prompt the @Grok account on X to generate sexualised images of real people, including children", said Deputy Commissioner Graham Doyle.
"As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry, " Doyle said, adding that this would examine XIUC's compliance with some of its "fundamental obligations under the GDPR in relation to the matters at hand".
The European Commission opened an investigation on January 26 into whether Grok disseminates illegal content such as manipulated sexualised images in the EU.
And on February 3, Britain's privacy watchdog launched a formal investigation into Grok over the processing of personal data and its potential to produce harmful sexualised images and video content.
(Reporting by Graham Fahy; editing by William James and Alexander Smith)
The Data Protection Commission (DPC) is Ireland's independent authority responsible for upholding the fundamental right to data protection. It oversees compliance with data protection laws, including the General Data Protection Regulation (GDPR).
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the EU that governs how personal data is collected, processed, and stored. It aims to protect individuals' privacy and data rights.
An AI chatbot is a software application that uses artificial intelligence to simulate conversation with users. It can answer questions, provide information, and assist with various tasks through text or voice interactions.
Inappropriate images refer to visual content that is deemed offensive, harmful, or unsuitable for certain audiences. This can include sexualized content, especially involving minors, which raises significant ethical and legal concerns.
Data processing involves collecting, storing, and manipulating data to produce meaningful information. It is essential for businesses to analyze data for decision-making and compliance with regulations like GDPR.
Explore more articles in the Finance category
