Ireland DPC opens GDPR investigation into X Grok sexual image generation
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
Ireland's Data Protection Commission (DPC) opened a formal investigation into X over Grok being used to generate non-consensual sexual images of real people, including children. The inquiry raises exposure under GDPR and could lead to major EU-wide fines. It will examine whether X Internet Unlimited Company followed rules on lawful processing, data protection by design, and data protection impact assessments.
Related Happenings
ICO fine against South Staffordshire Water for data breach
Regulatory/Legal Action
First: 12.05.2026 11:30
Last: 12.05.2026 11:30
Sources 1
About this happening:
The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...
ICO fine against South Staffordshire Water for data breach
Regulatory/Legal ActionAbout this happening: The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...
ICO fine against TMAC for false-identity marketing calls
Regulatory/Legal Action
First: 30.03.2026 12:30
Last: 30.03.2026 12:30
Sources 1
About this happening:
The **ICO** fined **TMAC** **£100,000 ($132,000)** for marketing calls made with **false identities**, imposing a regulatory penalty on unlawful direct-marketing conduct that affe...
ICO fine against TMAC for false-identity marketing calls
Regulatory/Legal ActionAbout this happening: The **ICO** fined **TMAC** **£100,000 ($132,000)** for marketing calls made with **false identities**, imposing a regulatory penalty on unlawful direct-marketing conduct that affe...
ICO fines Police Scotland over phone data disclosure
Regulatory/Legal Action
First: 12.03.2026 12:30
Last: 12.03.2026 12:30
Sources 1
About this happening:
**The ICO** fined **Police Scotland** **£66,000** and reprimanded the force for a **data protection failure** that exposed a female officer’s phone contents to a colleague she acc...
ICO fines Police Scotland over phone data disclosure
Regulatory/Legal ActionAbout this happening: **The ICO** fined **Police Scotland** **£66,000** and reprimanded the force for a **data protection failure** that exposed a female officer’s phone contents to a colleague she acc...
Data (Use and Access) Act 2025 (DUAA) Moving the ICO from a corporation sole to a board-run government agency. for Fully materialized within the next few weeks.
Public Sector Action
First: 26.02.2026 16:00
Last: 26.02.2026 16:00
Sources 1
About this happening:
The UK **Information Commissioner's Office (ICO)** is moving from a **single-leader model** to a **board-run government agency** under the **Data (Use and Access) Act 2025 (DUAA)*...
Data (Use and Access) Act 2025 (DUAA) Moving the ICO from a corporation sole to a board-run government agency. for Fully materialized within the next few weeks.
Public Sector ActionAbout this happening: The UK **Information Commissioner's Office (ICO)** is moving from a **single-leader model** to a **board-run government agency** under the **Data (Use and Access) Act 2025 (DUAA)*...
UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data
Regulatory/Legal Action
First: 25.02.2026 11:40
Last: 25.02.2026 11:40
Sources 1
About this happening:
The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...
UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data
Regulatory/Legal ActionAbout this happening: The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...
Timeline
-
17.02.2026 12:02 3 articles · 3mo ago
DPC opens formal GDPR investigation into X over Grok sexual images
Legal Policy Action UpdateIreland's Data Protection Commission opened a formal investigation into X Internet Unlimited Company over Grok's use on X to generate non-consensual sexual images of real people, including children, and said the inquiry will assess GDPR obligations covering lawful processing, data protection by design, and data protection impact assessments.
Show sources
- Ireland now also investigating X over Grok-made sexual images — www.bleepingcomputer.com — 17.02.2026 12:02
- Ireland now also investigating X over Grok-made sexual images — www.bleepingcomputer.com — 17.02.2026 12:02
- UK probes Telegram, teen chat sites over CSAM sharing concerns — www.bleepingcomputer.com — 21.04.2026 16:49