EFF and Consumer Groups Push Back Against X’s Bid to Escape FTC Privacy Oversight

Consumer advocates led by EFF filed a July 2 letter urging the FTC to deny X Corp.'s petition to escape its 2022 privacy consent order. Citing ongoing data breaches, Grok AI controversies and negligible compliance costs, the groups argue oversight remains essential. The agency must now decide.
EFF and Consumer Groups Push Back Against X’s Bid to Escape FTC Privacy Oversight
Written by Victoria Mossi

X Corp. wants out from under a long-running Federal Trade Commission consent order born of repeated privacy lapses. The social media giant, formerly Twitter, argues the 2022 decree no longer fits a company transformed under Elon Musk’s ownership. Privacy advocates disagree. Strongly.

On July 2, a coalition of 15 consumer and digital rights organizations sent a detailed letter to the FTC. They urged the agency to reject X’s May 15 petition to set aside or modify the order. The signatories include the Electronic Frontier Foundation, Electronic Privacy Information Center, Demand Progress Education Fund, National Consumers League and Public Citizen, among others. (Electronic Frontier Foundation)

The letter pulls no punches. It calls X’s claims of fundamental change “sweeping assurances” that “should be met with a healthy dose of skepticism, given evidence to the contrary.” Short. Direct. And backed by specifics.

The Order’s Long Shadow

This isn’t X’s first run-in with the FTC. Back in 2011, the agency settled charges that Twitter had failed to safeguard users’ personal information. Hackers gained access. The company agreed to stop misrepresenting its privacy and security practices. It had to build a comprehensive program and submit regular assessments to the FTC for 20 years. (Federal Trade Commission)

Then came 2022. The FTC hit Twitter with a $150 million penalty. Why? The company had used phone numbers and email addresses — provided by users strictly for account security — to target ads. It deceived 140 million people. The settlement renewed and extended the oversight, pushing reporting obligations out to 2042. X now calls that burden outdated, expensive and unnecessary. The petition claims the original violators have left. A new privacy program is in place. And continued oversight could hinder American leadership in artificial intelligence.

The FTC opened the matter for public comment on June 3. The window closed July 2 — the same day the coalition’s letter arrived. Regulators will now review the record and vote. (Federal Trade Commission)

But the advocates say X’s arguments don’t hold up. The order binds the corporate entity, not specific executives. Changing owners or staff doesn’t erase obligations. “Those obligations do not dissolve when the employees who negotiated or administered it depart,” the letter states.

Costs? The coalition pegs compliance at roughly $16.6 million over four years. That’s a rounding error next to X’s roughly $200 billion valuation after its xAI merger. Hardly the crushing load X describes.

And then there are the recent incidents. In 2024, X trained its Grok AI model on user data without proper consent, according to the letter. Lawsuits and investigations followed over the model’s generation of child sexual abuse material. A massive 2025 data breach exposed 2.8 billion records. These events suggest the company’s approach to data hasn’t fundamentally shifted. They echo the very secondary-use violations that triggered the 2022 order.

Far from helping AI progress, the advocates argue, lifting the order could amplify risks. Sophisticated attacks on models trained on vast user datasets have the power to supercharge privacy harms. Oversight remains essential.

The letter dismantles other X claims one by one. Other privacy laws, such as those in Europe, don’t substitute for FTC scrutiny. The order doesn’t violate the First Amendment. It provides effective relief that continues to serve a purpose. And the legal bar for modifying or terminating such a consent decree is high. X hasn’t cleared it.

Industry watchers note the broader stakes. Some legal experts, including those at Kelley Drye & Warren, have filed comments suggesting the FTC reconsider its typical 20-year order lengths in light of rapid technological change. They argue shorter durations could better balance enforcement with innovation. Yet the coalition sees this case as no place to experiment. Past violations were serious. Current evidence shows ongoing hazards. Consumer protection must come first.

So what happens next? The FTC faces a clear choice. Accept X’s view that a restructured company with new leadership deserves a clean slate. Or side with the advocates who say history, recent events and the order’s modest costs justify keeping the guardrails in place.

The advocates leave little doubt where they stand. “Strong safeguards on our information require eagle-eyed oversight when that data is abused and misused for profiteering ventures,” the letter concludes. “X’s actions not only showed us this in the past, but continue to do so in the present day.”

Regulators have heard both sides. The decision will signal how seriously the current FTC takes platform accountability in an AI-driven era. Privacy groups hope it reinforces a simple principle. Promises about user data aren’t easily walked back. Especially not by companies with X’s track record.

Subscribe for Updates

InfoSecPro Newsletter

News and updates in information security.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us