Canadian Privacy Commissioner Finds Grok and xAI Violated Privacy Law

Canada’s Privacy Commissioner found that Grok’s AI image-generation tool launched without proper safeguards or sufficient consideration of privacy harms, enabling non-consensual sexualized deepfakes. X and xAI committed to quarterly reports and independent third-party audit reports on safeguards until the issue is fully resolved. The case matters well beyond consumer AI. It gives Canadian legal teams a concrete example of AI governance failure, privacy-by-design expectations and the evidentiary burden regulators may place on companies claiming their safeguards work.