X’s Data Collection for AI Training Sparks Privacy Complaints
A Growing Concern: X’s Processing of European Users’ Data without Consent
X, the social media platform owned by Elon Musk, has been at the center of a series of privacy complaints after it was revealed that the company had been processing the data of users in the European Union (EU) for training AI models without their consent. This revelation has sparked concerns among regulators and privacy experts, who argue that X’s actions are in breach of the EU’s General Data Protection Regulation (GDPR).
The GDPR: A Key Framework for Protecting Personal Data
The GDPR is a comprehensive framework that aims to protect the personal data of individuals within the EU. One of its key principles is that any processing of personal data must have a valid legal basis, which can include consent from the individual. In this case, X appears to be relying on a "legitimate interest" legal basis for processing the data of some 60 million people in the EU.
The DPC’s Response: An Insufficient Enforcement?
The Irish Data Protection Commission (DPC) has taken some action over X’s processing for AI model training, instigating legal action in the Irish High Court seeking an injunction to force it to stop using the data. However, privacy experts argue that the DPC’s actions thus far are insufficient, pointing out that there is no way for X users to get the company to delete "already ingested data."
The Importance of Consent: A Fundamental Right
The GDPR explicitly states that companies must obtain consent from individuals before processing their personal data. In this case, X appears to have failed to do so, relying instead on a legal basis that is not valid for AI-related processing. Privacy experts argue that obtaining consent is a simple and straightforward process, which would allow users to decide whether or not they want their data to be used for AI training.
A Judgment by Europe’s Top Court: A Landmark Ruling
A recent judgment by Europe’s top court related to a competition complaint against Meta’s use of people’s data for ad targeting has significant implications for X’s actions. In this ruling, the judges ruled that a legitimate interest legal basis was not valid for that use case and user consent should be obtained.
The Concerns Raised by noyb: A Call to Action
The non-profit organization noyb, which is supporting the complaints against X, argues that the DPC’s actions thus far are insufficient. In response, noyb has filed GDPR complaints in Ireland and seven other countries, arguing that X does not have a valid basis for using the data of some 60 million people in the EU to train AIs without obtaining their consent.
The Approach of X: A Breach of Trust?
X’s actions have sparked concerns among regulators and privacy experts, who argue that the company has breached the trust of its users. By processing their personal data without consent, X appears to have disregarded the fundamental rights of individuals within the EU.
The Way Forward: A Call for Greater Transparency
The recent complaints against X highlight the need for greater transparency in the processing of personal data. As technology continues to evolve and AI becomes increasingly prevalent, it is essential that companies prioritize the protection of individual rights and obtain consent before processing their personal data.
Related Articles
