X's Erosion of User Privacy Controls Post-Acquisition
How X has weakened privacy defaults, expanded data sharing with third parties, and introduced AI data training opt-outs that are difficult to find since Musk's takeover.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreKey Findings
- #1AI training opt-out was buried in settings under a non-obvious navigation path
- #2Data sharing expanded to unspecified 'business partners' in updated policy
- #3Previous commitment not to sell user data reportedly abandoned
- #4Irish DPC opened multiple investigations into X's privacy practices
- #5Former employees raised concerns about inadequate GDPR compliance staffing
Investigation Details
According to reports, X's September 2023 privacy policy update enabled the company to share user data with unspecified 'business partners' and use public posts for AI training with no opt-out mechanism initially provided. When an opt-out was eventually added, it was buried in settings under a non-obvious menu path. X reportedly began sharing data with third-party AI companies and abandoned Twitter's previous commitment to not sell user data. The platform's reduced privacy team raised concerns among former employees that compliance with GDPR and other privacy regulations had become inadequate, with the Irish DPC confirming it had opened multiple investigations.
twitter-x has been the subject of increasing scrutiny over its consent manipulation practices. Privacy researchers and regulatory bodies across multiple jurisdictions have documented concerns about how the company handles user data, particularly regarding consent, transparency, and data minimization principles. The findings suggest a pattern of prioritizing business metrics over user privacy, a trend observed across the broader technology industry. Users affected by these practices have limited recourse without proactive intervention such as filing formal complaints with data protection authorities or submitting DSAR requests.
Regulatory responses have varied significantly. European data protection authorities have been more aggressive in enforcement under GDPR, while US enforcement remains fragmented across state-level privacy laws. The investigation highlights the need for stronger federal privacy legislation and more transparent corporate data practices. Affected users should consider reviewing their privacy settings, submitting data deletion requests, and exploring privacy-preserving alternatives recommended by independent researchers.
Related Scandals
Take Action
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
What data does twitter-x collect?
Our investigation reveals twitter-x engages in consent manipulation. How X has weakened privacy defaults, expanded data sharing with third parties, and introduced AI data training opt-outs that are difficult to find since Musk's takeover.
Is twitter-x's consent manipulation legal?
The legality of twitter-x's practices varies by jurisdiction. Under GDPR, companies must have a lawful basis for data processing. Under CCPA, California residents can opt out of data sales.
How can I protect myself from twitter-x?
You can submit a data subject access request (DSAR) to twitter-x, opt out of data collection through their privacy settings, or use privacy-preserving alternatives.