It’s easy to forget, now that X is folded into Musk’s wider AI and aerospace ecosystem, that the Federal Trade Commission’s data-privacy order stems from a surprisingly specific blunder: a coding error at Twitter between May 2013 and September 2019. The mistake let the platform turn phone numbers and email addresses—shared by users solely for two-factor authentication—into fodder for targeted ads, effectively bypassing user consent on a scale that would later sting even the most data-hungry social network.
The resolution was less a principled retreat than a pragmatic one: Twitter agreed in March 2022 to pay $150 million and accept 20 years of external oversight, with the FTC retaining unfettered access to internal documents and systems for compliance checks. At the time, most observers assumed the settlement marked closure; after all, the folks responsible for the error had long since moved on. But when Elon Musk bought Twitter in October 2022, he inherited more than a platform—he inherited an obligation he would spend the next four years trying to shed.
Sarah Singh will walk you through what actually changed between 2019 and today, why Musk insists the FTC overreach is “unjustifiable,” and where regulators still hold the hammer. It’s a story about governance, incentives, and what happens when someone purchases a platform with little regard for legacy constraints—and then complains when those constraints don’t just vanish.
The First Bid to Kill the Order—And Why It Flopped in 2023
Musk first tried to dismantle the order in 2023, claiming the FTC had become unfairly aggressive and that the mandate itself was “improper” and “tainted by bias.” The phrasing was characteristically combative, but it wasn’t just a soundbite. According to the FTC’s rebuttal, Musk’s takeover of Twitter raised genuine alarm bells precisely because he fired the very engineers and compliance staff who had kept Twitter in line for years.
One engineer even confirmed under deposition that layoffs and “cost-cutting pressure” directly undermined X’s ability to implement technical controls on contact data. The FTC estimate was blunt: “No one was responsible for about 37 percent of X Corp.’s privacy program controls.” That’s not just a budget cut—it’s an operational gap.
But the FTC didn’t stop there. Musk’s own actions after the acquisition added fuel to their case, particularly his handling of the “Twitter Files” and a now-infamous text in which he ordered an executive assistant to gain system access “immediately,” warning that anyone blocking him would be fired. The agency noted in its filing that X security staff sometimes had to deliberately defy Musk’s wishes just to remain compliant.
In short, the FTC argued Musk wanted to shut them down because he hoped to “limit the FTC’s investigation into alarming developments related to its data privacy and security practice.” The court concurred, ruling it had no authority to amend or end the order. Musk didn’t appeal, and that first attempt quietly expired—until this year.
The 2026 Reboot: Mergers, AI, and the “X-is-Dead” Argument
Fast-forward to May 2026, and Musk is back with a fresh petition to the FTC. This time he’s relying on corporate alchemy: X, once a stand-alone entity, was merged into xAI, which itself was then folded into SpaceX. From Musk’s perspective, the original order no longer applied because “X no longer exists.”
That’s only half true—and here’s why regulators push back hard: while the legal entity may have shifted, the user base and data flows remain intact. More importantly, Musk’s latest pitch ties directly into his AI ambitions. The FTC order demands regular independent audits and document requests to verify compliance, but X has also been training its Grok AI on user data. The Irish Data Protection Commission launched a formal inquiry in 2024 precisely because X allegedly processed user data for AI training without adequate consent.
To Musk’s team, GDPR compliance should absolve them of U.S. scrutiny: if Europe is satisfied, why does America need more checks? But as one commenter during the FTC’s recent comment period pointed out, GDPR isn’t self-executing. X’s privacy policies don’t magically harmonize with foreign regimes just because Musk declares them sufficient.
The math only compounds the tension: the company has paid $17 million in “needless costs,” Musk argues, referencing a separate lawsuit where Twitter narrowly avoided liability over the same 2019 bug. But the FTC sees this differently: a jury verdict in Twitter’s favor doesn’t erase the systemic failures that triggered the original order. As William Pate II wrote in a detailed public filing, “The order runs through 2042 because the Commission concluded that a repeat offender required sustained oversight.”
Four years in, X has done nothing to prove that underlying condition has changed—especially after two major breaches: 200 million records in 2023 and a staggering 2.8 billion profiles in 2025.
Public Reaction: Mostly “Deny the Petition”—and Here’s Why
The FTC’s recent update sought public comment on Musk’s latest bid to end oversight. So far, only a little over a dozen comments have been filed, but the overwhelming majority urge denial—not because regulators are uniquely stubborn, but because the public remembers what Musk’s leadership has looked like in practice.
One commentor joked, “buyer beware,” a gentle dig at Musk’s $44 billion valuation of Twitter that now seems like little more than a headline for overconfidence. Others urged intensification rather than termination: “It should stay or become more strict,” one anonymous commenter wrote, citing Musk’s DOGE-related activities and possible Privacy Act violations.
The lone supportive comment didn’t back Musk’s claims so much as rail against perceived FTC overreach elsewhere, but even that wasn’t a ringing endorsement of X’s practices. Instead, it highlighted how the commission could wield similar pressure against other platforms—a systemic concern, not a X-specific one.
That’s key: Musk is framing this as an free-speech issue, claiming the FTC order “creates a permanent mechanism through which future regulators can pressure the Company over the viewpoints it hosts.” That line sounds appealing to certain audiences, but it doesn’t line up with the factual basis of the order—neither the 2019 error nor the ongoing compliance gaps.
A Bigger Picture: Data Governance in an AI-First World
This isn’t just about X. It’s about how to govern platforms when AI training demands that much more raw data, often scraped from user interactions that weren’t designed for modeling. The FTC’s order predates Grok, Claude, and the rest—but its structure—external oversight, internal documentation, regular audits—looks increasingly like a template for other tech giants racing toward generative AI.
William Pate’s comment captures this shift best: “The order becomes more relevant, not less, because the combined entity likely has strong commercial incentives to train AI on user data.” That’s exactly what regulators fear, and why the clock still runs until 2042. Musk might call it “unjustifiable” now, but unless he can convince a court or the FTC that X’s privacy program has been verified and hardened—not just advertised—he’ll keep running into a wall of due diligence.
One Last Thing: What Comes Next?
The FTC has only just posted its update, and the public comment period runs through July 2, after which a decision is expected. For now, the order remains in full effect.
If Musk’s team really wants to dismantle it, they’ll need more than clever arguments about corporate reorganization or a few million dollars in compliance spend. They’ll have to demonstrate, with verifiable data and external validation, that X has rebuilt its privacy program from the ground up—and that it won’t crumble under the next leadership tantrum or cost-cutting initiative.
That’s a tall order, especially when the most damning evidence may already be on the public record: emails, internal memos, and the 2.8 billion-profile breach—all pointing to a company that operates with more ambition than discipline.
Musk can keep filing petitions, but unless someone at X offers up a convincing pivot—or the courts find a new angle—the 2042 deadline looks less like a sunset and more like a checkpoint that still needs passing.
