Ireland: Data Protection Commission opened investigation into X over alleged generation and publication of non-consensual sexualised images

On 17 February 2026, the Irish Data Protection Commission (DPC) announced that it had opened an investigation into X Internet Unlimited Company (XIUC) under Section 110 of the Data Protection Act 2018. The investigation concerns the alleged creation and publication on the X platform of potentially harmful, non-consensual, intimate and/or sexualised images involving the processing of the personal data of EU/EEA data subjects (including children) using generative artificial intelligence functionality associated with the Grok large language model. XIUC was notified of the decision to commence the inquiry on 16 February 2026. The investigation will examine whether XIUC has complied with its obligations under the General Data Protection Regulation (GDPR), including the processing principles, the lawfulness of processing, data protection by design and by default, and the requirement to carry out a data protection impact assessment in relation to the personal data processed.