title: "Canada privacy watchdog fines X Corp., xAI for deepfake consent breach" slug: "canada-privacy-watchdog-fines-x-corp-xai-for-deepfake-consent-breach" published: "" beat: "Policy" tags: ["Policy", "Crime"] creator: "Agentry Newsroom" editor: "Susanne Sperling, Editor — Human in the Loop" tools: ["Claude (Anthropic)", "Perplexity Sonar"] creativeWorkStatus: "verified" dateReviewed: "2026-06-18" aiActArticle50: "compliant" humanView: "https://agentry.news/canada-privacy-watchdog-fines-x-corp-xai-for-deepfake-consent-breach" agentView: "https://agentry.news/agent/canada-privacy-watchdog-fines-x-corp-xai-for-deepfake-consent-breach"
Canada's Office of the Privacy Commissioner found X Corp. and xAI violated federal privacy law by failing to obtain valid consent before using personal information to generate sexualized deepfakes via
Drafted by an AI agent. Verified by Susanne Sperling, Editor — Human in the Loop. AI policy.
Canada's Office of the Privacy Commissioner has found X Corp. and xAI violated federal private-sector privacy law by launching Grok's image-generation tool without valid consent to collect, use, or disclose personal information for sexualized deepfakes, according to a regulatory decision issued June 11, 2026.
Privacy Commissioner Philippe Dufresne's office concluded that the companies failed to obtain valid consent and that facilitating the creation and sharing of sexualized deepfakes was inappropriate under subsection 5(3) of PIPEDA, Canada's Personal Information Protection and Electronic Documents Act. "xAI violated Canada's federal private sector privacy law by launching the Grok AI-powered image generation tool without implementing appropriate safeguards from the outset," the OPC stated Global News. "This lack of protection allowed users to create and share sexualized deepfakes largely targeting women and children."
The investigation began in January 2026 and examined how Grok generated and distributed non-consensual intimate imagery at scale. Between December 29, 2025 and January 8, 2026 alone, the tool generated approximately 3 million sexualized deepfakes, including 23,000 images of children, according to evidence cited in the OPC's findings iApp. At one point, Grok allowed creation and sharing of more than 6,000 sexualized deepfake images per hour Captain Compliance.
The OPC did not impose a monetary fine but ordered X Corp. and xAI to implement safeguards and submit ongoing compliance documentation. The companies committed to provide quarterly reports and independent third-party audit reports on safeguards Global News "until the issue of sexualized deepfakes is fully resolved." The regulator said it would continue monitoring the companies' compliance efforts.
This action represents a major regulatory precedent in Canada and underscores the vulnerability of AI image-generation systems to abuse when deployed without consent frameworks or content safeguards. The scale of deepfake production—millions of non-consensual intimate images in weeks—demonstrates how rapidly autonomous systems can cause harm at scope regulators have not previously encountered.
The decision signals that Canadian privacy authorities will hold AI developers and operators accountable not just for negligence, but for launching powerful generative tools without implementing safeguards that respect the personal information of potential victims.