Public outcry mounts as Musk petitions FTC to end X’s 20-year privacy order

Elon Musk has filed a petition with the Federal Trade Commission (FTC) seeking to terminate a 20-year consent order imposed on X, formerly Twitter, arguing that the platform’s corporate restructuring and updated privacy protocols render the regulatory monitoring obsolete. The FTC has opened a public comment period, inviting stakeholders to submit feedback by 2 July 2026, as the agency reviews whether to lift the restrictions that mandate independent audits and limit data usage until 2042.

The petition, lodged in May, contends that the original order is no longer applicable because Twitter no longer exists as a standalone entity. X asserts that the platform was merged into xAI, which was subsequently folded into SpaceX, and claims that the leadership and engineers responsible for the initial privacy violations are no longer with the company. Musk argues that X has since established a robust privacy and data-protection programme, rendering the FTC’s intervention unnecessary.

X has characterised the ongoing compliance requirements as imposing $17 million in unnecessary costs annually. The company further argued that a separate lawsuit regarding the same two-factor authentication data issue resulted in a verdict in its favour, suggesting that the factual foundation of the FTC’s complaint has been dismantled. Additionally, X claimed the order chills free speech by creating a mechanism for regulatory pressure over hosted viewpoints and cited Donald Trump’s AI Action Plan as requiring agencies to drop such bureaucratic mandates.

Despite these arguments, early public feedback has largely supported maintaining the order. As of the reporting date, only a small number of comments have been received, with the majority anonymously urging the FTC to deny X’s petition. Commenters expressed deep scepticism regarding Musk’s commitment to data privacy, noting that he was aware of the order prior to his 2022 acquisition of the platform. One commenter noted that the compliance costs are proportionate to the scale of the violation, particularly considering X’s valuation at the time of purchase.

Substantive objections have highlighted significant post-acquisition security failures. Commenter William Pate II pointed to data breaches involving 200 million records in 2023 and 2.8 billion profiles in 2025 as evidence of poor data handling practices. Pate also cited the Irish Data Protection Commission’s 2024 formal inquiry into X’s use of user data to train the Grok AI model without adequate consent, arguing that the merger increases the commercial incentive to train AI on user data, making the order’s privacy review requirements more critical, not less.

Amanda Collins submitted a non-anonymous comment urging the FTC to protect the public rather than shield oligarchs, specifically noting Musk’s relationship with the Trump administration. She argued that the agency should operate from a position of protecting the American public and not allow political connections to influence regulatory decisions. The FTC previously rejected Musk’s 2023 attempt to revoke the order, citing concerns that his tenure raised genuine questions about the company’s ability to comply with the mandate.

The agency’s determination will follow the close of the comment period on 2 July 2026. Legal experts suggest that for X to defeat the order, it must demonstrate that the safeguards are unworkable or contrary to the public interest, and that no other remedy exists for alleged harms. The FTC has indicated that sustained oversight is necessary for repeat offenders, and nothing in the current petition establishes that the underlying concerns have been resolved.