Elon Musk renews push to avoid FTC audits of X data

▼ Summary
– The FTC imposed a 20-year data-privacy order on X, requiring regular independent audits and document requests to ensure compliance.
– The order stemmed from a Twitter coding error that allowed phone numbers and email addresses for two-factor authentication to be used for targeted ads between 2013 and 2019.
– Twitter settled with the FTC for $150 million and agreed to monitoring until 2042, just before Elon Musk’s 2022 takeover.
– Musk failed to get the order revoked in 2023, arguing the FTC was biased and had increased investigative demands excessively.
– The FTC argued Musk’s layoffs and cost-cutting impaired X’s compliance, with security staff sometimes disobeying Musk to follow the order.
Critics are mobilizing to prevent Elon Musk from sidestepping a stringent data-privacy order imposed by the Federal Trade Commission (FTC) just before he acquired Twitter.
That order locked down X’s data usage for two decades, mandating regular, independent audits and giving the FTC the power to request documents at will to verify compliance. The FTC stepped in after Twitter voluntarily reported that, from May 2013 to September 2019, a coding glitch had inadvertently allowed phone numbers and email addresses submitted for two-factor authentication to be funneled into targeted advertising. In a settlement reached mere months before Musk’s takeover in 2022, Twitter agreed to pay $150 million and submit to FTC oversight of its data practices through 2042 to safeguard user privacy.
Musk attempted to overturn the order in 2023 but failed. At the time, he charged the FTC with ramping up investigative demands aggressively and argued the order was invalid because the agency was “tainted by bias.” The FTC countered that Musk’s acquisition raised serious doubts about X’s ability to adhere to the order, especially after he eliminated key personnel who had long ensured compliance. An engineer testified in a deposition that layoffs and “cost-cutting pressure and decisions” had hindered X’s capacity to “put technical restrictions and controls in place… around the company’s use of contact data to make sure that it was being used… for the purpose that the particular contact data was collected,” according to an FTC filing.
“No one was responsible for about 37 percent of X Corp.’s privacy program controls,” the agency argued. Additional alarm bells for the FTC included Musk’s push to give journalists access to internal systems for the “Twitter Files” and a text in which Musk demanded an executive assistant be granted system access “immediately,” warning that “anybody standing in the way” would “be fired.” By 2024, the FTC claimed that X’s security staff sometimes had to deliberately disobey Musk to stay compliant. As Twitter’s functionality faltered amid steep layoffs, the FTC argued it had “every reason to seek information about whether these developments signaled a lapse in X Corp.’s compliance.”
(Source: Ars Technica)




