Canada Rules Grok's AI-Generated Sexual Deepfakes Illegal Under Privacy Law

Canada’s Privacy Commissioner, Philippe Dufresne, released findings on June 11 concluding that Grok, the AI chatbot developed by Elon Musk’s xAI, violated Canadian federal privacy law by generating non-consensual intimate deepfake images. The investigation revealed that over 1.8 million sexualized deepfake images were created globally through Grok in just 10 days earlier this year. The Commissioner noted that while X (formerly Twitter) and xAI have implemented some safety measures, the issue is far from resolved, as users can still produce and share unauthorized pornographic content using Grok.

The investigation, launched in January 2026, ran concurrently with similar probes in the United Kingdom and California. Canada’s privacy commissioner focused on whether the companies obtained “valid consent” when collecting, using, and disclosing personal data to generate deepfakes. Dufresne stated that Grok’s image-generation tool was launched without sufficient safeguards and without adequate consideration of potential privacy harms. Although X and xAI have committed to fixes, the Commissioner said “the issue has not been satisfactorily resolved.”

Meanwhile, Canada’s Liberal government introduced the Safe Social Media Act on June 10, requiring online platforms to remove sexually explicit content—including AI-generated deepfakes—within 24 hours, and proposing to criminalize the sharing of such images. This ruling adds further pressure on social media and AI companies to curb deepfake abuse. Canada’s privacy regulator stressed that tech firms must embed privacy protections into product design from the start, rather than relying on after-the-fact fixes.

Commentary: The Grok deepfake scandal serves as a stark reminder that the lack of ethical and legal guardrails for AI-generated tools is triggering a global regulatory backlash. Canada’s ruling and subsequent legislation may offer a governance model for other regions, but the real challenge lies in balancing technological innovation with privacy protection.