Grok Faces Prosecution For Misusing AI Training Data

Uploaded on 2024-08-13 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Elon Musk’s X platform (formerly Twitter) is under pressure from data regulators as it has emerged that users are consenting to their posts being used to build Artificial Intelligence (AI) systems via a default setting on the app without their explicit permission 

An X user exposed a setting on the app that activated by default and permitted the account holder’s posts to be used for training Grok, an AI chatbot built by Musk’s Grok AI business. This means X can exploit user posts, interactions, and outputs from Grok for training and refining its AI, requiring users to manually opt-out. 

Now, the UK and Irish data regulators have contacted X over the apparent attempt to gain user consent for data harvesting without them giving specific consent.

Under UK GDPR, which is based on the EU data regulation, companies are not allowed to use “pre-ticked boxes” or “any other method of default consent”. The setting, which comes with an already ticked box, states that you “allow your posts as well as your interactions, inputs and results with Grok to be used for training and fine-tuning”. 
Data regulators immediately expressed concern about the default setting. In the UK, the information commissioner’s office (ICO) said it was “making enquiries” with X.

The Data Protection Commission (DPC) in the Republic of Ireland, the lead regulator for X across the European Union, said it had already been speaking to Musk’s company about data collection and AI models and was surprised to learn of the default setting.

Large language models are the technology underpinning chatbots such as ChatGPT and Grok and are fed vast amounts of data scraped from the Internet in order to spot patterns in language and build a statistical understanding of it. This ultimately enables chatbots to churn out convincing-looking answers to queries.

This approach has met with opposition in multiple areas, with numerous claims that this process breaches copyright laws, as well as data privacy and consumer protect rules. 

  • Earlier this year, the New York Times newspaper started legal action for copyright infringement against Micorsoft and OpenAI over their unauthorised use of millions of pages of text to train their AI model, ChatGPT. 
  • Now, European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints against X for the use of personal data from over 60 million European users to train Grok. It was shared that X did not inform its users that their data was being used to train AI and that they hadn’t consented to this practice. 

Chris Denbigh-White, CSO at Next DLP commented “The General Data Protection Regulation (GDPR) was explicitly written with the aim of protecting an individual's privacy and to stop organisations from having free rein over people’s data... However, since the regulations were introduced six years ago, technologies have emerged that present new data protection challenges.

“GenAI, for example, processes and generates huge amounts of data – including personal data – requiring organisations to take a mindful approach to the technology. As with any other software-as-a-service (SaaS) tool, organisations need to act thoughtfully through a framework whereby they understand the data flows and risks.

There’s no reason AI can’t be compliant with GDPR, but companies need to take the time to get it right... Organisations need to prioritise legality over speed. After all, the backlash over a legal issue is much more significant than that of the potential complaints over the timeline.”  Denbigh-White concludes.

ICO.org   |   Data Protection Commission     |    X,com   |      Times of India   |   Guardian   |    BeeBom   |  

Bleeping Computer

You Might Also Read: 

Generative Artificial Intelligence Models Leak Private Data:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible




 

« The AI Threat: How Can Businesses Protect Themselves?
DDoS Attack Knocks Azure Offline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

SynSaber

SynSaber

SynSaber is a data collection, detection, and visibility solution that forms the foundation of industrial cybersecurity.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.