Ireland's data privacy regulator is investigating Elon Musk's X. The country's Data Protection Commission (DPC) said on Friday (via Reuters) that it's opening an inquiry into the social platform's use of European users' public posts to train its Grok AI chatbot. In this case, Ireland handles EU regulation enforcement because X's European headquarters are in Dublin. The DPC said it will probe "the processing of personal data comprised in publicly-accessible posts posted on the'X' social media platform by EU/EEA users." Under Europe's General Data Protection Regulation (GDPR) rules, Ireland has the legal muscle to fine X up to four percent of its global revenue.

I'm Mark Scott, POLITICO's chief technology correspondent, and after a week of vacation, I'm honestly struggling to get myself up and running this week. With that in mind, here's the pep song that has been keeping me going as I've written this week's newsletter. Warning: it'll get stuck in your mind. We'll tell you where to look for it. HERE'S MY PUBLIC SERVICE ANNOUNCEMENT OF THE WEEK: let's cool the hype around OpenAI, Google's Bard and the sudden tsunami of so-called generative artificial intelligence use cases that have just popped up (looking at you, Pope in a puffer coat.)

The Italian Data Protection Authority said Friday that ChatGPT was violating the European Union's strict General Data Protection Regulation (GDPR) in multiple ways, ranging from the fact that it sometimes spews out incorrect information about people, to OpenAI's failure to tell people what it's doing with their personal data. Until it can satisfy the privacy regulator that it has brought its practices into compliance with the GDPR, OpenAI now has to stop processing the personal data of people in Italy, which means the authority wants it to stop serving users there. It has 20 days to comply with the ban, or face fines that could theoretically go up to €20 million ($22 million) or 4% of global revenue, whichever is higher. OpenAI's revenues are not publicly disclosed. According to OpenAI documents seen by Fortune, the company was projected to have less than $30 million in revenues in 2022 but was forecasting revenues would grow rapidly to exceed $1 billion by 2024.

The data protection authority in Hamburg, Germany, for instance, last week issued a preliminary order saying New York-based Clearview must delete biometric data related to Matthias Marx, a 32-year-old doctoral student. The regulator ordered the company to delete biometric hashes, or bits of code, used to identify photos of Mr. Marx's face, and gave it till Feb. 12 to comply. Not all photos, however, are considered sensitive biometric data under the European Union's 2018 General Data Protection Regulation. The action in Germany is only one of many investigations, lawsuits and regulatory reprimands that Clearview is facing in jurisdictions around the world. On Wednesday, Canadian privacy authorities called the company's practices a form of "mass identification and surveillance" that violated the country's privacy laws.

The Dutch data protection agency has asked Microsoft's lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data. Back in 2017 the privacy watchdog found Microsoft's platform to be in breach of local privacy laws on account of how it collects telemetry metadata. After some back and forth with the regulator, Microsoft made changes to how the software operates in April last year -- and it was in the course of testing those changes that the Dutch agency found fresh reasons for concern, discovering what it calls in a press release "new, potentially unlawful, instances of personal data processing". Since the agency's investigation of Windows 10 started a new privacy framework is being enforced in Europe -- the General Data Protection Regulation (GDPR) -- which means Microsoft's lead EU privacy regulator is the Irish Data Protection Commission (DPC), where its regional HQ is based. This is why the Dutch agency has referred its latest concerns to Ireland.