EFF and Allies: X’s FTC Petition to Waive Privacy Violation Order Should be Rejected
Summary
On May 15, X Corp. petitioned the Federal Trade Commission (FTC) to modify a 2022 order, a consent decree stemming from X (then Twitter) misleading 140 million users by using private account security data for targeted advertising, which incurred a \$150 million fine and mandated regular reporting on user data violations. The 2022 order renewed a 2011 settlement for similar data security failures, extending obligations to 2042. X argues corporate restructuring, new leadership, and AI initiatives (claiming compliance diverts resources and is "critical to advancing American leadership in artificial intelligence") justify terminating the order. However, the Electronic Frontier Foundation (EFF) and allies urge the FTC to reject this petition. They cite X's 2024 Grok AI rollout (trained on user data without meaningful consent), a 2025 data breach, and emphasize corporate obligations bind the entity regardless of personnel changes. They contend AI introduces new data dangers, making oversight more critical, and compliance costs are negligible against X's \$200 billion valuation.
Key takeaway
For policy makers evaluating corporate petitions to waive privacy compliance, you should critically assess claims of improved data security and innovation. Corporate restructuring or AI development does not negate existing regulatory obligations. Instead, new technologies like AI can introduce heightened risks for user data misuse. Maintain robust oversight to protect consumer privacy, especially when companies have a history of violations, ensuring accountability remains paramount.
Key insights
Corporate name changes or leadership rotations do not dissolve regulatory privacy obligations, especially with ongoing data misuse.
Principles
- Regulatory orders bind the corporate entity, not individual employees.
- AI integration can supercharge secondary use data violations.
- Compliance costs can be negligible for large corporations.
In practice
- Scrutinize claims of privacy improvement post-corporate restructuring.
- Assess AI models for potential data leakage vulnerabilities.
- Advocate for continued regulatory oversight despite innovation claims.
Topics
- X Corp.
- FTC Enforcement
- User Data Privacy
- AI Data Training
- Regulatory Compliance
- Data Breaches
Best for: CTO, VP of Engineering/Data, Director of AI/ML, Legal Professional, Policy Maker, AI Ethicist
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Deeplinks.