The Information Commissioner’s Office (ICO) has launched a formal investigation into X and xAI following the recent controversy surrounding the use of Grok to generate non-consensual sexualised images.

We previously reported on the various steps taken by the Government in response to the Grok controversy, including the coming into force – and designation as a priority offence under the Online Safety Act 2023 – of the criminal offence of creating or requesting the creation of non-consensual intimate images (see here). At the same time, Ofcom announced its own investigation into X and provided an update this week, stating that it is still gathering the necessary information to determine whether X has broken the law (but confirming that xAI is not the subject of the investigation as it falls outside its remit).

The ICO’s investigation will assess whether “personal data has been processed lawfully, fairly and transparently, and whether appropriate safeguards were built into Grok’s design and deployment to prevent the generation of harmful manipulated images using personal data”. As the investigation is at an early stage, the ICO has confirmed that it has not reached a view on whether there is sufficient evidence of breaches of data protection law, but that it will work with other regulators and begin gathering evidence, including into how people’s personal data has been used to generate the images.

Commenting on the launch of the investigation, William Malcolm, Executive Director of Regulatory Risk & Innovation at the ICO, said: “the reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this. Losing control of personal data in this way can cause immediate and significant harm. This is particularly the case where children are involved.  Our role is to address the data protection concerns at the centre of this, while recognising that other organisations also have important responsibilities. We are working closely with Ofcom and international regulators to ensure our roles are aligned and that people’s safety and privacy are protected. We will continue to work in partnership as part of our coordinated efforts to create trust in UK digital services”. 

To read more, click here.