European privacy advocacy group NOYB (None of Your Business) has filed nine formal complaints alleging that X, formerly known as Twitter, violated the General Data Protection Regulation (GDPR) by using personal data from over 60 million European users to train its large language model, “Grok,” without proper consent.
Founded in 2017, NOYB is a European non-profit organization dedicated to enforcing digital rights and data protection laws. Leveraging strategic litigation, the group has been instrumental in holding tech giants accountable for GDPR violations. Their efforts have previously led to substantial fines against companies like Meta, Amazon, Apple, and Google.
According to NOYB, X failed to inform its users that their data would be utilized for AI training purposes, nor did it seek explicit consent—a requirement under GDPR for processing personal data beyond its original intent. This lack of transparency and consent forms the crux of NOYB’s complaints.
“Companies must respect the fundamental rights of users,” stated Max Schrems, founder of NOYB. “Using personal data for AI training without informed consent is a blatant disregard for privacy laws.”
If the complaints lead to regulatory action, X could face significant financial penalties. Under GDPR, fines can reach up to 4% of a company’s annual global turnover or €20 million, whichever is higher. Beyond financial repercussions, X may also be compelled to alter its data processing practices to ensure compliance.
