Elon Musk is attempting a second effort to escape a Federal Trade Commission data-privacy order that restricts X's data use for 20 years and requires regular independent audits, according to critics monitoring the case. Musk previously failed to revoke the order in 2023, when he accused the FTC of bias and excessive investigative demands. The order originated from a settlement reached months before Musk's 2022 takeover of Twitter, after the company disclosed that a coding error between May 2013 and September 2019 allowed phone numbers and email addresses collected for two-factor authentication to be used for targeted advertising, resulting in a $150 million penalty and FTC monitoring through 2042.
FTC Order Origins and Settlement Terms
Twitter voluntarily disclosed that between May 2013 and September 2019, a coding error accidentally allowed phone numbers and email addresses that users shared for two-factor authentication purposes to be used for targeted advertising aimed at those same users. In a settlement that came just months before Musk's 2022 takeover, Twitter agreed to pay $150 million and to allow the FTC to monitor the platform's data-handling practices until 2042 in order to protect user privacy. The FTC order placed restrictions on X's data use for 20 years, while requiring regular independent audits and granting the agency authority to request documents as needed to ensure compliance.
Musk's 2023 Challenge and FTC Response
Musk tried and failed to get the order revoked in 2023. At that time, Musk accused the FTC of aggressively increasing the number of investigative demands. He claimed that the order was improper and should be terminated because the agency was "tainted by bias."
In response, the FTC pointed out that Musk's takeover of Twitter raised genuine questions about the company's ability to comply with the order, particularly after he terminated key staff who for years had ensured compliance. One engineer confirmed in a deposition that layoffs and other "cost-cutting pressure and decisions" impaired X's ability to "put technical restrictions and controls in place... around the company's use of contact data to make sure that it was being used... for the purpose that the particular contact data was collected," the agency's filing said.
Compliance Concerns After Takeover
"No one was responsible for about 37 percent of X Corp.'s privacy program controls," the FTC argued.
Also raising red flags for the FCC were Musk's demands that journalists get access to internal systems for the "Twitter Files," as well as a text from Musk insisting that an executive assistant get access to systems "immediately," threatening that "anybody standing in the way" would "be fired." In 2024, the agency claimed that X security staff sometimes had to pointedly disobey Musk in order to remain in compliance. As Twitter's functionality became spotty through steep layoffs, the FTC argued that it had "every reason to seek information about whether these developments signaled a lapse in X Corp.'s compliance."
FAQ
What violation led to the FTC order on X?
Between May 2013 and September 2019, a coding error at Twitter accidentally allowed phone numbers and email addresses collected for two-factor authentication to be used for targeted advertising. Twitter agreed to pay $150 million and accept 20 years of FTC monitoring through 2042 as part of a settlement reached months before Musk's 2022 takeover.
Why did Musk's 2023 attempt to revoke the FTC order fail?
Musk claimed in 2023 that the FTC order was improper and should be terminated because the agency was "tainted by bias" and had aggressively increased investigative demands. The FTC responded that Musk's termination of key compliance staff and subsequent operational changes raised genuine questions about X's ability to comply with the order, with one engineer confirming in a deposition that layoffs impaired the company's ability to implement technical restrictions around contact data use.
What specific compliance issues did the FTC identify after Musk's takeover?
The FTC argued that "no one was responsible for about 37 percent of X Corp.'s privacy program controls" following staff layoffs. The agency also cited concerns about Musk demanding journalists receive access to internal systems for the "Twitter Files" and threatening to fire staff who did not immediately grant system access to an executive assistant, with the FTC claiming in 2024 that X security staff sometimes had to disobey Musk to remain in compliance.
