According to GDPR rules, any processing of personal data must have a legal justification, or the company may face fines up to 4% of its global annual turnover. X now faces nine complaints from various EU member states, alleging that the company processed user without obtaining the necessary consent, a clear violation under GDPR.
Involvement of Noyb and Criticism Towards DPC
Max Schrems, chairman of the privacy rights group Noyb, criticized the DPC for what he described as selective enforcement of GDPR regulations. Schrems demanded that X fully comply with EU laws, pointing out that the company may have unlawfully processed data from around 60 million individuals across EU territories for AI training purposes.
Legitimate Interest vs. Data Consent
X appears to be relying on “legitimate interest” as the legal basis for processing user. Schrems emphasized that companies typically obtain consent for various uses of, and AI training should not be exempt from this requirement.
Comparison to Meta’s Case Data
In June, Meta faced similar scrutiny and eventually halted. Its plans to use user for AI training after facing GDPR-related complaints. Unlike Meta, X proceeded without notifying users, raising significant concerns about transparency and compliance with GDPR.
DPC’s Action and User Data Opt-Out Options
The DPC has initiated legal action to prevent X from processing for AI model training. However, Noyb argues that this action is insufficient. Users were only given the option to opt out of this data processing in late July. They had not been informed beforehand about the use of their for AI training.
GDPR Compliance and Legal Precedent
Noyb references a recent European court ruling that rejected “legitimate interest” as a valid basis for certain data processing activities. Additionally, generative AI providers often face challenges in complying with other GDPR requirements.
SUMMARY (Data)
The ongoing complaints and legal actions against X highlight. The growing tension between tech companies’ data practices and European privacy regulations. The outcomes of these cases could set important precedents for how companies manage and protect user in the future.
