X Corp. Seeks to Sidestep FTC Privacy Oversight, Advocates Push Back
Social media giant **X Corp.** (formerly **Twitter**) is petitioning the **Federal Trade Commission (FTC)** to terminate or modify a 2022 consent order stemming from privacy violations. This order mandates regular reporting on user data practices and was a renewal of a 2011 settlement. Privacy advocates, including the **Electronic Frontier Foundation (EFF)**, are urging the FTC to reject **X Corp.'s** petition, citing ongoing concerns about data privacy and the company's recent actions.
**X Corp.**, the entity formerly known as **Twitter**, is making a concerted effort to extricate itself from long-standing privacy obligations imposed by the **FTC**. On May 15, **X Corp.** filed a petition requesting the modification or termination of a 2022 order that requires the company to report regularly to the **FTC** regarding its handling of user data. This order, which also included a $150 million fine, was a direct consequence of the company misleading 140 million users by leveraging private information, such as phone numbers and email addresses provided for account security, for targeted advertising purposes.
In response to **X Corp.'s** petition, a coalition of public interest advocates, including the **EFF**, **Demand Progress Education Fund (DPEF)**, **National Consumers League (NCL)**, and the **Electronic Privacy Information Center (EPIC)**, has formally called on the **FTC** to reject the company's request.
### A History of Privacy Missteps
The 2022 order was not an isolated incident but a renewal of an earlier settlement from 2011. That year, **Twitter** (now **X Corp.**) settled with the **FTC** after the regulator found the company had failed to adequately secure users' personal information, leading to data exposure via hackers. The original settlement prohibited the company from misrepresenting its data protection measures, mandated the implementation of user data safeguards, and required regular reporting on its security posture for two decades. The 2022 renewal extended these obligations until 2042; if **X Corp.'s** petition is granted, these commitments could end much sooner.
### Corporate Restructuring vs. Enduring Obligations
**X Corp.** argues that its corporate restructuring since the 2011 order has led to a fundamentally new approach to privacy and information security. The company claims to have "built an entirely new privacy and information security program staffed by new personnel operating under new leadership with aβ¦philosophy grounded on the importance of privacy and information security."
However, privacy advocates are urging skepticism towards these assurances. Evidence suggests a continued disregard for user privacy, such as the quiet rollout of **Grok AI** in 2024, which was reportedly trained on **X** user data without meaningful consent. Furthermore, the company was subject to a massive data breach in 2025. The advocates emphasize that **FTC** orders bind the corporate entity, and these obligations do not dissolve with changes in leadership or personnel.
### AI Innovation and Data Security Concerns
Curiously, **X Corp.** also posits that its entry into the artificial intelligence space should be a reason to terminate oversight. The company claims that guardrails in place "[diverts] engineering resources from innovation to compliance paperwork" and that terminating the order is "critical to advancing American leadership in artificial intelligence."
This argument, however, overlooks the inherent privacy risks introduced by AI, particularly large language models (LLMs) trained on vast datasets. Far from being a reason to waive oversight, the potential for sophisticated attacks to exploit LLMs to reveal their training data could exacerbate the very "secondary use" violations that led to the 2022 order. Techniques have emerged specifically to engineer LLM prompts to extract sensitive information from their training data.
### Financial Burden or "Rounding Error"?
The joint response to **X Corp.'s** petition also debunks claims of undue financial burden. The advocates highlight that the cost of compliance is merely "a rounding error against the $200 billion valuation of **X Corp.** following the xAI merger."
Strong safeguards and vigilant oversight are crucial when user data is at risk of being abused or misused for commercial gain. Given **X Corp.'s** historical and recent actions, privacy advocates are calling on the **FTC** to reject the petition and uphold its commitment to protecting user privacy.