Canada's Privacy Watchdog Slams X for Non-Consensual Deepfake Tool

3 min readSources: JURIST

Canada's Privacy Commissioner reports X generated explicit deepfakes without consent.

Why it matters: This breach highlights critical privacy risks from AI-generated content on social platforms. Legal and regulatory scrutiny is likely to increase, pressing companies to adopt stronger privacy safeguards.

  • Canada's Office of the Privacy Commissioner (OPC) found X Corp. and xAI violated privacy law with Grok AI image tool.
  • Grok facilitated creation of over 3 million sexualized deepfake images, including 23,000 of children, within 10 days in late 2025.
  • The OPC recommended suspending Grok until safety measures are in place; X Corp. refused.
  • At one peak, Grok generated over 6,000 sexualized images per hour, often targeting women and children.

Canada's Privacy Commissioner has released a report exposing serious privacy violations by social media giant X Corp. and its AI company xAI. Their Grok AI-powered image-generation tool was found to have produced millions of explicit, sexualized deepfake images without valid user consent.

The Office of the Privacy Commissioner of Canada (OPC) launched an investigation in January 2026 after reports emerged of widespread misuse. Between December 29, 2025, and January 8, 2026, Grok generated roughly 3 million sexualized deepfakes, including more than 23,000 images featuring children.

The report highlights that the Grok tool enabled the creation of non-consensual, sexualized deepfakes, predominantly targeting women and children, with volumes peaking at over 6,000 such images per hour.

Privacy Commissioner Philippe Dufresne emphasized, "The creation of non-consensual, sexualized deepfakes, often targeting women and children, can have devastating consequences for victims. Organizations have a responsibility and legal obligation to protect Canadians’ fundamental right to privacy."

The OPC recommended that X Corp. and xAI suspend the Grok AI tool immediately until they deployed appropriate safeguards. However, the companies declined to halt the service. They have since implemented some measures aimed at reducing misuse, including proactive sweeps to remove harmful content.

This case underscores significant challenges around AI technologies' deployment without adequate privacy protections. As noted by Dufresne, "Artificial intelligence and other emerging technologies are fueled by the mass collection and use of data, including personal information." The findings are likely to provoke greater regulatory scrutiny and inspire tighter compliance requirements for legal tech and social media platforms in Canada and potentially beyond.

By the numbers:

  • 3 million — sexualized deepfake images generated by Grok in 10 days
  • 23,000 — sexualized deepfake images of children produced by Grok
  • 6,000+ — sexualized images per hour peak generation rate by Grok

Yes, but: X Corp. and xAI have introduced some safeguards and content sweeps but have refused to suspend the Grok tool as recommended by the OPC.

What's next: The OPC report may trigger regulatory reforms to strengthen AI-related privacy protections in Canada.