The UK’s Information Commissioner’s Office (ICO) has opened formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC (X.AI) covering their processing of personal data in relation to the Grok artificial intelligence system and its potential to produce harmful sexualised image and video content.

It has taken this step following reports that Grok has been used to generate non‑consensual sexual imagery of individuals, including children. The reported creation and circulation of such content raises serious concerns under UK data protection law and presents a risk of significant potential harm to the public.

These concerns relate to whether personal data has been processed lawfully, fairly and transparently, and whether appropriate safeguards were built into Grok’s design and deployment to prevent the generation of harmful manipulated images using personal data. Where those safeguards fail, individuals lose control of their personal data in ways that expose them to serious harm. Examining these risks is central to the ICO’s role in protecting people’s rights and holding organisations to account as they design and deploy AI technology.

This follows the ICO’s previous public statement on January 7th in which it confirmed that it had contacted XIUC and X.AI to seek urgent information about these reports.

William Malcolm, Executive Director Regulatory Risk & Innovation at the Information Commissioner’s Office, said: “The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this. Losing control of personal data in this way can cause immediate and significant harm. This is particularly the case where children are involved.”

“Our role is to address the data protection concerns at the centre of this, while recognising that other organisations also have important responsibilities. We are working closely with Ofcom and international regulators to ensure our roles are aligned and that people’s safety and privacy are protected. We will continue to work in partnership as part of our coordinated efforts to create trust in UK digital services.”

“Our investigation will assess whether XIUC and X.AI have complied with data protection law in the development and deployment of the Grok services, including the safeguards in place to protect people’s data rights. Where we find obligations have not been met, we will take action to protect the public.”

The ICO will not be providing any further comment whilst its investigation proceeds.

The ICO is the UK’s independent regulator for data protection. Its role is to uphold information rights in the public interest and protect individuals’ personal data.

The ICO works closely with Ofcom, the UK’s online safety regulator, and other digital regulators through the Digital Regulatory Cooperation Forum (DRCF) to ensure digital platforms keep people safe and ensure online services are designed with both privacy and safety in mind.

Other posts by :

1. Telesat has problems with an LEO
2. Orbital debris a real danger 
3. India boosts space budget
4. Blue Origin drops passenger flights
5. Bank: “Charter racing to the bottom”
6. SpaceX IPO in June?
7. Russia postpones Starlink rival
8. Why don’t lawmakers like Netflix?
9. Viasat taps Ex-Im Bank to finance satellite

Categories: AI, Articles, Business, Content, Policy, Regulation, Standards, UGC

Tags: Grok, ICO, Information Commissioner’s Office, Ofcom, x