The FTC takes aim at X

Company documents reveal how a stalled data deletion project and inadequate data protections could put X in the agency’s crosshairs

The FTC takes aim at X
(Jaap Arriens / Getty Images)

Today let’s talk about how X’s failure to delete all user data when people close their accounts, coupled with ongoing concerns about employee access to that data, has increased the risk that the company will face new penalties from the Federal Trade Commission.

This week, the Department of Justice filed a response to X as part of the company’s effort to end its longstanding consent decree with the FTC over data privacy and security issues. (You can read the filing here.) Last year, under its previous owners, the company then known as Twitter agreed to settle new allegations of improper data practices. As part of the new agreement, Twitter paid a $150 million fine.

This year, X sought relief from its duties under the consent decree. “In seeking ‘relief’ from these obligations, X Corp. does not argue that the safeguards to which it consented have become unnecessary or unworkable,” the government noted dryly in its response. “Rather, it complains the FTC asked too many questions after Elon Musk acquired the company.”

Documents obtained by Platformer, along with interviews with employees, suggest those questions are warranted.

Internally, employees have raised two key concerns that could draw the FTC’s interest. One concerns a long-delayed project to ensure that users’ data is properly disposed of when they close their accounts. The other involves weak internal controls that could allow workers to improperly gain access to user data.