The social media giant X, formerly known as Twitter and now owned by Elon Musk, is under fire for allegedly using personal data from its users to train its artificial intelligence (AI) systems without obtaining proper consent. On Monday, the Austrian advocacy group NOYB, led by well-known privacy activist Max Schrems, filed a formal complaint against X, claiming that the company’s actions are in violation of the European Union’s strict privacy regulations.
NOYB, which stands for “None of Your Business,” has made its move by submitting complaints under the General Data Protection Regulation (GDPR) to data protection authorities across nine EU member states. This effort is seen as an attempt to escalate pressure on Ireland’s Data Protection Commission (DPC), the primary regulatory body overseeing U.S. tech companies operating within the EU due to their European headquarters being located in Ireland.
The Irish DPC has already sought legal measures to either suspend or impose restrictions on X’s processing of user data for AI development, training, or refinement. In a recent court hearing, X agreed to halt its AI training activities using data collected from EU users, but only temporarily, and only after users had the chance to withdraw their consent—an opportunity that reportedly came too late, according to court findings.
However, NOYB’s complaint goes further, arguing that the core issue is not just about temporary mitigation but also about X’s lack of transparency and cooperation with regulatory authorities. Schrems emphasized the necessity for X to fully comply with EU laws, which fundamentally require explicit user consent before any personal data can be processed for purposes like AI training.
In the recent Irish court proceedings, it was revealed that X had only provided users the option to object to data collection several weeks after the data had already been harvested. This delay is a significant point of contention, as GDPR mandates clear and timely communication with users regarding how their data will be used.
When approached for comment on the matter, X did not respond immediately. However, the company’s Global Government Affairs division indicated on Friday that it intends to continue collaborating with the DPC on AI-related concerns.
The situation with X echoes similar challenges faced by other tech giants in the region. For instance, in June, Meta, the parent company of Facebook, decided to delay the launch of its AI assistant in Europe following advice from the Irish DPC to reconsider its plans. NOYB had also filed complaints against Meta for its use of personal data in AI training, indicating a broader trend of increasing scrutiny over how big tech companies handle user data within the EU.
As the legal and regulatory landscape around AI and data privacy continues to evolve, this case could set a precedent for how companies are required to operate within the strict boundaries of GDPR, potentially influencing global practices in AI development and data management.
