X Corp has formally petitioned the FTC to set aside or modify the consent decree under which Twitter agreed to pay $150 million for using phone numbers and email addresses collected for two-factor authentication to run targeted advertising without user disclosure. The FTC has opened a public comment period on the petition, accepting input until July 2, 2026, after which it will decide whether to void, modify, or maintain the settlement’s requirements.
How Twitter Used 2FA Phone Numbers and Emails to Build Advertising Audiences
Between 2014 and 2019, Twitter collected phone numbers and email addresses from more than 140 million users under the stated purpose of improving account security through two-factor authentication. The FTC found that Twitter simultaneously used those credentials as targeting inputs for its advertising platform — an undisclosed dual use that violated a prior FTC order requiring Twitter to accurately describe how it collected and used customer data. The $150 million settlement required Twitter to implement a comprehensive privacy program with regular compliance assessments.
X Corp’s Three Arguments for Vacating the $150 Million Twitter Privacy Decree
X Corp’s petition rests on three arguments: first, that the entity that committed the violations — pre-Musk Twitter — no longer exists as a corporate entity following Musk’s acquisition; second, that all individuals responsible for the original privacy failures have left the company; and third, that X has since built a comprehensive privacy and data-protection program making the settlement’s ongoing obligations redundant. X Corp also argues that modification of the consent decree is necessary for “advancing American artificial intelligence leadership,” linking privacy settlement relief directly to the administration’s AI policy agenda.
How Privacy Advocates Say an X Corp Win Would Let Any Acquirer Escape FTC Consent Decrees
Privacy advocates criticized the FTC’s decision to solicit public comment rather than summarily reject the petition. Their concern is structural: if the FTC accepts X Corp’s argument that a change of ownership broke continuity with the prior corporate entity’s legal obligations, it would establish a mechanism by which any company can shed regulatory accountability through a sale or acquisition. Critics argue the corporate continuity argument is a manufactured legal construct — X Corp is operationally continuous with Twitter in every commercially relevant sense, using the same infrastructure, serving the same user base, and monetizing the same data assets.
Why the FTC’s Decision to Open Comment Rather Than Reject X Corp’s Petition Matters
The FTC’s choice to seek public input rather than reject outright is procedurally significant: it extends the administrative process, signals the FTC is treating the petition as a substantive legal question rather than a frivolous one, and creates an official record that could inform future proceedings on consent decree enforceability across the technology sector. The decision arrives while the FTC is simultaneously managing consent decree compliance for multiple major technology companies, making the outcome of X Corp’s petition a reference point for those parallel proceedings.
What a Successful X Corp Petition Would Mean for FTC Privacy Orders Against Meta and Google
Meta, Google, and other technology companies currently operating under FTC privacy consent decrees would face a materially weaker enforcement posture if X Corp’s petition succeeds. Any of those companies could argue — through corporate restructuring, spinoff, or acquisition — that the entity bound by the original consent order no longer exists in a legally meaningful sense. The FTC’s track record of consent decree enforcement is one of its primary tools for long-term behavioral accountability over companies that have previously committed privacy violations; an X Corp win would introduce doubt about whether that tool survives structural corporate change.
