Grok Faces Prosecution For Misusing AI Training Data

Uploaded on 2024-08-13 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Elon Musk’s X platform (formerly Twitter) is under pressure from data regulators as it has emerged that users are consenting to their posts being used to build Artificial Intelligence (AI) systems via a default setting on the app without their explicit permission 

An X user exposed a setting on the app that activated by default and permitted the account holder’s posts to be used for training Grok, an AI chatbot built by Musk’s Grok AI business. This means X can exploit user posts, interactions, and outputs from Grok for training and refining its AI, requiring users to manually opt-out. 

Now, the UK and Irish data regulators have contacted X over the apparent attempt to gain user consent for data harvesting without them giving specific consent.

Under UK GDPR, which is based on the EU data regulation, companies are not allowed to use “pre-ticked boxes” or “any other method of default consent”. The setting, which comes with an already ticked box, states that you “allow your posts as well as your interactions, inputs and results with Grok to be used for training and fine-tuning”. 
Data regulators immediately expressed concern about the default setting. In the UK, the information commissioner’s office (ICO) said it was “making enquiries” with X.

The Data Protection Commission (DPC) in the Republic of Ireland, the lead regulator for X across the European Union, said it had already been speaking to Musk’s company about data collection and AI models and was surprised to learn of the default setting.

Large language models are the technology underpinning chatbots such as ChatGPT and Grok and are fed vast amounts of data scraped from the Internet in order to spot patterns in language and build a statistical understanding of it. This ultimately enables chatbots to churn out convincing-looking answers to queries.

This approach has met with opposition in multiple areas, with numerous claims that this process breaches copyright laws, as well as data privacy and consumer protect rules. 

  • Earlier this year, the New York Times newspaper started legal action for copyright infringement against Micorsoft and OpenAI over their unauthorised use of millions of pages of text to train their AI model, ChatGPT. 
  • Now, European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints against X for the use of personal data from over 60 million European users to train Grok. It was shared that X did not inform its users that their data was being used to train AI and that they hadn’t consented to this practice. 

Chris Denbigh-White, CSO at Next DLP commented “The General Data Protection Regulation (GDPR) was explicitly written with the aim of protecting an individual's privacy and to stop organisations from having free rein over people’s data... However, since the regulations were introduced six years ago, technologies have emerged that present new data protection challenges.

“GenAI, for example, processes and generates huge amounts of data – including personal data – requiring organisations to take a mindful approach to the technology. As with any other software-as-a-service (SaaS) tool, organisations need to act thoughtfully through a framework whereby they understand the data flows and risks.

There’s no reason AI can’t be compliant with GDPR, but companies need to take the time to get it right... Organisations need to prioritise legality over speed. After all, the backlash over a legal issue is much more significant than that of the potential complaints over the timeline.”  Denbigh-White concludes.

ICO.org   |   Data Protection Commission     |    X,com   |      Times of India   |   Guardian   |    BeeBom   |  

Bleeping Computer

You Might Also Read: 

Generative Artificial Intelligence Models Leak Private Data:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible




 

« The AI Threat: How Can Businesses Protect Themselves?
DDoS Attack Knocks Azure Offline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

SECURITYMADEIN.LU

SECURITYMADEIN.LU

SECURITYMADEIN.LU is the main online source for cyber security in Luxembourg providing news, information and a toolbox of cyber security solutions.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Omega Systems

Omega Systems

Omega Systems is a leading managed service provider (MSP) and managed security service provider (MSSP) to mid-market organizations.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.