Skip to content
MONDAY, JULY 6, 2026
Analysis

X seeks to end 20-year privacy reporting order

By Jordan Vale3 min read

X asks the FTC to end a 20-year privacy order.

X Corp, the company formerly known as Twitter, has filed a petition with the Federal Trade Commission to set aside or modify a 2022 consent decree that requires it to report regularly on its privacy and information security posture. The petition arrives as the agency weighs how much ongoing oversight is needed after a long history of privacy enforcement tied to user data. The decree carries a $150 million civil penalty for past misrepresentations about data protections and lays out a rolling obligation to disclose security measures and incidents to the FTC. The 2022 decree is described as a renewal of an earlier arrangement dating back to 2011, when the FTC first said the company had failed to safeguard user information.

The 2011 settlement prohibited misrepresenting data protection measures, required the company to implement safeguards for user data, and mandated ongoing security reporting for twenty years. The 2022 renewal extended the reporting obligation all the way to 2042, embedding a long tail of regulatory oversight in the company’s operations. In its petition, X argues that since 2011 it has rebuilt its privacy and information security program, staffed by new personnel under new leadership, with a philosophy centered on privacy and security. The company says these changes amount to a fundamental shift in how it handles user data and should permit modification or reversal of the consent decree.

The petition has triggered a serious pushback from privacy advocates. The Electronic Frontier Foundation, joined by Demand Progress Education Fund, National Consumers League, and the Electronic Privacy Information Center, urged the FTC to reject X’s bid. The groups contend that the agency should not let a name change or leadership shuffle erase the consent decree or the penalties tied to the original violations. They emphasize that the order was designed to ensure ongoing accountability for how user data was used to secure accounts and targeted advertising, and they warn that dropping or weakening the decree could leave gaps in oversight, even as security incidents and privacy concerns persist.

For compliance and tech leaders, the case tests how to balance corporate reforms with enforceable obligations. The filing states the petition seeks to “waive or modify” the consent decree, which could dramatically shorten or end the reporting duties currently scheduled through 2042 if granted. The strategic stakes are high: if the FTC grants any relief, the agency would need to clarify what, if any, continuing obligations remain and whether new reporting timelines would apply. If the FTC denies the petition, X would face a continued 20 year plus oversight regime and the risk that further modifications might still be contested later.

Two to four practitioner-level takeaways stand out. First, enforcement teams should note that consent decrees tied to privacy data can outlive a corporate rebrand, creating a long tail of accountability that survives leadership change. Second, the cost and complexity of maintaining a robust posture can become a bargaining chip in negotiations, but the tradeoff is prolonged regulatory risk and public scrutiny. Third, the decision could set a signal about how aggressively the FTC will police post settlement oversight after a high profile tech company changes leadership. Finally, compliance officers should watch for the FTC’s response to the open comments period, including any proposed modifications, timelines for a ruling, and whether the agency signals a path to renegotiation or continued strict monitoring.

The outcome will influence how other tech platforms think about consent decrees and privacy reform after a branding or leadership shift. The FTC has not yet decided, and the open comments window remains a key arena where public input could shape the agency’s next move.

Sources
  1. EFF and Allies: X’s FTC Petition to Waive Privacy Violation Order Should be Rejected
    EFF Updates / Mainstream / Published JUL 02, 2026 / Accessed JUL 06, 2026

Newsletter

The Robotics Briefing

A daily front-page digest delivered around noon Central Time, with the strongest headlines linked straight into the full stories.

No spam. Unsubscribe anytime. Read our privacy policy for details.