The Irish Data Protection Authority (DPC), acting on behalf of the EU, has initiated a large-scale investigation into X regarding the generation of sexualized deepfake images by Grok. This inquiry is aimed at examining potential breaches of the European General Data Protection Regulation (GDPR) as the DPC's statement specifies that the investigation will focus on the alleged creation and publication of harmful or non-consensual intimate images that involve European individuals, including minors. This development signals a heightened concern about the implications of deepfake technology on privacy and consent.

Given that X operates within the EU from its base in Ireland, the DPC is positioned as the primary regulatory authority for enforcing EU laws on the platform. Graham Doyle, Deputy Commissioner of the DPC, indicated that the authority has been in discussions with X ever since the issue surfaced a few weeks ago. This ongoing engagement highlights the complexity and urgency of addressing the risks associated with deepfake technology, especially as it pertains to sensitive subjects like non-consensual imagery.

This investigation reflects a broader international response to the growing concerns surrounding deepfake technology. As digital manipulation becomes more sophisticated, regulatory bodies are increasingly pressured to establish frameworks and guidelines to safeguard individuals’ rights against misuse and potential violations of privacy. The outcome of this inquiry could lead to significant ramifications for X and its operations in the EU, potentially shaping future regulatory landscapes concerning online content and digital privacy.