Elon Musk is renewing efforts to escape Federal Trade Commission audits on X’s handling of user data, arguing the oversight is outdated and unnecessarily costly following structural changes to the company.
- FTC order enforces 20 years of audits on X's data practices
- Musk claims compliance issues resolved with new privacy measures
- FTC worried about lapses due to layoffs and internal access disputes
What happened
In 2019, Twitter disclosed that a coding error exposed users’ phone numbers and emails, intended for two-factor authentication, to targeted advertising. The Federal Trade Commission responded with a $150 million settlement and imposed a 20-year order restricting Twitter’s data use, requiring independent audits and agency access to documents to ensure compliance. This order remained in effect after Elon Musk acquired Twitter in 2022, which he later rebranded as X and merged into his broader company ecosystem.
Musk unsuccessfully challenged the order in 2023, citing overreach by the FTC. He renewed this effort in 2026 with a new petition, arguing that the FTC’s authority is no longer appropriate because Twitter has transformed, relevant staff linked to past violations have left, and X has implemented advanced privacy protections. Musk also claims the order duplicates compliance efforts already required by laws like the EU’s GDPR and amounts to excessive regulatory costs.
Why it matters
The FTC’s ongoing scrutiny reflects serious concerns about X’s ability to safeguard user privacy, especially after Musk’s significant layoffs and structural changes that allegedly weakened internal controls. The agency highlights instances where X security staff had to defy Musk’s directives to maintain compliance, signaling risks of regulatory breaches amidst leadership turmoil and cost-cutting measures.
This dispute illustrates the broader challenges regulators face in monitoring data privacy as major social media platforms evolve rapidly and integrate with diverse corporate entities. It also underscores the tension between tech executives and government agencies over accountability for past misconduct and the scope of future oversight.
What to watch next
The FTC’s response to Musk’s 2026 petition will be pivotal in determining whether the agency maintains its rigorous oversight regime on X or modifies its approach given the company’s transformation. Observers will closely monitor judicial and regulatory decisions to see how enduring privacy agreements apply to companies undergoing ownership and operational changes.
The outcome could set precedent for how long-term data protection orders are enforced in technology sectors undergoing mergers and leadership changes. It will also impact user trust and regulatory scrutiny around personal data use on platforms that blend social media functions with artificial intelligence and other emerging technologies.