Elon Musk’s X is asking to escape an FTC order that keeps the platform under close privacy monitoring. Privacy and consumer protection advocates say the agency should do the opposite: keep the audits, keep the document powers, and treat X’s move into artificial intelligence as a reason for more scrutiny.
Why X wants the FTC order gone
The dispute centers on an FTC order that came after the agency found that then-Twitter had improperly shared users’ contact information for ad targeting. That contact information had originally been provided for two-factor authentication, and the problem was tied to a coding error.
Under the order, X faces independent audits. The FTC also has authority to demand documents to check whether the company is complying with data privacy laws, without first having to bring additional legal action.
X argues that the order is no longer needed. According to the company, the monitoring is costly and burdensome. X also says the platform has changed since Musk took over Twitter, including its rebrand, and argues that similar obligations under the European Union’s General Data Privacy Regulation make the FTC requirements duplicative.
The FTC opened the matter for public comment ahead of a July 2 deadline. That prompted a coalition of 15 privacy and consumer protection advocates, including Demand Progress, the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the National Consumers League, to push back against X’s request.
Advocates say the privacy risks have grown
The advocates’ central argument is straightforward: the changes at X do not remove the need for oversight. In their view, those changes create new reasons for the FTC to remain involved.
They say X has not met the demanding standard needed to end the order. Their letter urges the FTC to reject what they call X Corp.’s effort to avoid accountability, and warns that the company’s current leadership presents a serious risk to Americans’ privacy and data security.
“X Corp.’s foray into artificial intelligence development should prompt greater FTC oversight of the company’s privacy practices, not less,” advocates said.
The letter points to several issues that advocates believe should matter to the FTC:
- Concerns around Grok and X’s use of public posts for AI training.
- A lawsuit from three girls accusing X of allowing the chatbot to generate child sex abuse materials and other non-consensual intimate images.
- A claim that “2.8 billion records leaked from the platform” just last year.
- The FTC’s earlier finding that Musk had directed employees to take actions that would have violated the order.
- Concerns about journalists being given broad access to internal data during the “Twitter Files” effort.
For advocates, these are not separate controversies. They describe them as signs of the same basic risk: a platform with massive amounts of user data should not be allowed to loosen oversight when its data practices are under fresh pressure from AI development.
AI training puts user consent at the center
The biggest new concern is X’s AI strategy. Advocates say X collected “hundreds of millions of posts on the X platform” for AI training “without meaningful or explicit user consent.” Rather than seeking that consent directly, they say X updated its terms.
That distinction matters because consent is not only a legal formality. For a social platform, it shapes whether users understand how their posts, behavior, and account activity may be used after they publish. When AI training is added to the picture, old content can become part of a new product pipeline.
Cambridge Analytica, cited in the source article, argued that X’s approach to training Grok resembles the data model behind one of the biggest data scandals in history. It described the model as one built around extracting behavioral data, building prediction models, and selling persuasion capability.
Cambridge Analytica also said opt-out methods are available but “practically invisible,” citing research finding that “73 percent of X users were unaware their tweets trained Grok.” It further suggested that deleting posts may not erase the behavioral signal already captured by the AI model, meaning the system could continue using information connected to content a user chose to remove.
That is the deeper privacy question facing the FTC. The issue is not just whether X has a checkbox or policy page somewhere. It is whether ordinary users can realistically understand and control how their activity becomes training material for Grok.
Why GDPR does not settle the FTC question
X has argued that the European Union’s General Data Privacy Regulation creates overlapping obligations. Advocates disagree. They say GDPR compliance cannot replace the FTC’s own monitoring powers over X’s handling of American users’ data.
Their argument is sharpened by the fact that X is currently under investigation for its “unauthorized collection of European users’ data to train its Grok AI model without valid GDPR consent.” In other words, advocates say the presence of GDPR obligations does not prove X’s AI data practices are already under control.
They also argue that the FTC should not surrender enforcement tools simply because X finds the order inconvenient. Ending the order, they warn, would strip away some of the agency’s strongest accountability mechanisms against a company they describe as a known repeat offender.
That point goes to the practical stakes of the dispute. If the order remains in place, X continues to face independent audits and FTC document demands. If it ends, the agency would lose a direct monitoring structure that was designed in response to earlier data-handling failures.
X has support, but the FTC must decide
X did not respond to Ars’ request for comment. But the company has received support from former US Attorney General William Barr, who submitted comments backing X’s position.
Barr argued that the FTC’s hundreds of information demands after Musk bought Twitter were excessive. He also pushed back against what he described as “permanent agency control of private companies,” and asked the FTC to stop treating termination of consent orders as something that requires extraordinary circumstances. At minimum, he urged the agency to reopen the order and consider whether the scope of X’s restrictions remains proper.
That leaves the FTC with a clear choice. X says the old Twitter order no longer fits the company it has become. Privacy advocates say the company X has become is exactly why the order should stay.
The outcome will signal how regulators treat social platforms that turn user activity into AI training data. For X users, the immediate question is narrower but more personal: how much control should they have over data they created for one purpose when the platform later uses it for another?