In March, The Federal Trade Commission (FTC) started the investigation of X (formerly Twitter) on the basis of staff layoffs, the launch of Twitter Blue (blue ticks as subscription services), and the Twitter files, a series of releases of select internal documents published from December 2022 through March 2023 on Twitter.

The FTC has been watching X for years since it had agreed to a 2011 consent order alleging serious data security lapses. But the agency’s concerns spiked when Elon Musk took over the company in October 2022. 

Fast forward to this week, and a court filing by the Department of Justice (DOJ) suggests that Elon Musk may have violated a 2022 Federal Trade Commission (FTC) order on data privacy and security practices at X. The filing, which includes depositions from former employees, indicates that Musk made business decisions such as rapid launches and data handling, allegedly conflicted with company policies and impacted security and privacy compliance, potentially breaching the FTC order. 

The FTC's consent order is a crucial tool for addressing data privacy issues in the absence of federal privacy laws. Former employees of X testified that Elon Musk often gave directives that were against the company's normal processes and policies.

For example, in December, Musk ordered the relocation of company servers without wiping the data, a move that potentially exposed sensitive personal data that had not been fully encrypted.

The updated order requires X Corp to implement a privacy and data security program in compliance with the FTC as of 2023.

What do you think is the future of X? Join the conversation in our Yes We Trust community, a free discussion group for data privacy professionals and enthusiasts on LinkedIn: