What Happened:
The European Center for Digital Rights (noyb) has filed nine legal complaints against Twitter/X across several European countries. These complaints allege that Twitter/X unlawfully used the personal data of over 60 million users in the EU/EEA to train its AI technologies, including the “Grok” AI, without obtaining user consent. This practice began in May 2024, when Twitter/X—formerly known as Twitter International—started using user data for AI training without informing users or seeking their permission. This action constitutes a direct violation of the General Data Protection Regulation (GDPR).
In response, the Irish Data Protection Commission (DPC) initiated court proceedings against Twitter/X to halt the illegal data processing. The court’s intervention led to a temporary pause on further AI training with EU data until September. However, significant legal questions remain unresolved, including concerns about the legality of the data that has already been processed and the methods Twitter/X will use to distinguish between EU and non-EU data in the future.
Noyb’s legal challenge is driven by its view that the Irish DPC has not fully enforced GDPR provisions. To increase pressure on the DPC, noyb has filed complaints with data protection authorities in multiple countries, including Austria, France, and Spain. Their goal is to ensure that Twitter/X complies with EU law and that the GDPR’s requirements are strictly enforced.
Why It Matters:
This case highlights the ongoing challenges in enforcing data protection laws against major technology companies. Max Schrems, the chairman of noyb, has been particularly critical of the lack of focus on user consent—a fundamental principle of the GDPR. He argues that companies like Twitter/X should be required to obtain clear consent before using personal data for AI training. However, instead of following this guideline, Twitter/X relied on a controversial “legitimate interest” defense, a strategy that has already been rejected in similar cases involving other tech giants like Meta.
Beyond the issue of consent, noyb’s complaints raise broader concerns about how Twitter/X handles sensitive data and its overall transparency in data processing practices. The legal action taken by noyb aims to address these issues comprehensively. Schrems has called for an emergency procedure under Article 66 of the GDPR to deal with these widespread violations, which could lead to an EU-wide decision via the European Data Protection Board (EDPB).
The outcome of this case is crucial as it could set a significant precedent for how AI technologies are regulated within the EU. It underscores the tension between the business practices of major tech companies and the fundamental rights of users, and it may influence how other similar cases are handled in the future.
What Happened: The European Center for Digital Rights (noyb) has filed nine legal complaints against Twitter/X across several European countries. These complaints allege that Twitter/X unlawfully used the personal data of over 60 million users in the EU/EEA to train its AI technologies, including the “Grok” AI, without obtaining user consent. This practice began in […]