Deepfake consent violation (privacy enforcement)

Using an AI tool to generate realistic fake images or videos of a real person—particularly intimate or sexual images—without their consent. Privacy regulators are now ruling that making such a tool publicly available without adequate consent safeguards is itself a breach of privacy law, regardless of whether the tool was used maliciously.

The Canadian privacy regulator's ruling against xAI's Grok image tool establishes that providing AI-generated deepfake capabilities without proper consent mechanisms creates direct corporate legal liability under privacy law. This reasoning is likely to be adopted by regulators in other jurisdictions.