电子前沿基金会(EFF)致联邦贸易委员会(FTC)关于 X 公司同意令的信函 [PDF]
EFF letter to FTC on X consent order [pdf]

原始链接: https://www.eff.org/deeplinks/2026/06/eff-and-allies-xs-ftc-petition-waive-privacy-violation-order-should-be-rejected

X Corp. 已向联邦贸易委员会(FTC)提出请求,要求终止一项 2022 年的同意令。该同意令要求该公司在因滥用用户信息进行定向广告投放后,必须定期报告其数据安全实践。 电子前沿基金会(EFF)及一个隐私倡导组织联盟正敦促 FTC 驳回此请求。该联盟认为,公司重组和领导层变更并不能免除公司的法律义务,因为这些义务对实体本身具有约束力,而非针对个人员工。此外,这些组织强调,X 公司近期的行为——包括未经同意使用用户数据训练其人工智能模型 Grok,以及在 2025 年遭受重大数据泄露——证明了持续监管的必要性。 X Corp. 声称合规阻碍了其人工智能创新,并表示已从根本上改变了其隐私文化。批评人士驳斥了这些论点,指出合规成本与公司估值相比微不足道,且人工智能带来了新的、更高的隐私风险。鉴于该公司有多次违规记录,倡导者坚称 FTC 必须保持严格监管,以确保用户数据免受未来的滥用。

电子前沿基金会(EFF)及一个公共利益组织联盟近期向美国联邦贸易委员会(FTC)提交了一封信函,反对 X 公司修改现行同意令的请求。该联盟认为,X 公司未能证明该命令造成了不当的财务负担,并指出相比该公司在与 xAI 合并后的估值,其合规成本微不足道。 此次提交引发了 Hacker News 用户间的激烈辩论,核心议题集中在生成式人工智能的风险上。评论者讨论了 X 公司的“Grok”人工智能,该模型曾生成非自愿的私密图像及描绘儿童性虐待(CSAM)的内容。尽管一些人认为 EFF 应优先考虑计算自由而非监管,但另一些人则为该信函辩护,认为这是捍卫用户隐私及制衡企业不负责任行为的必要举措。 讨论还突显了在术语使用上的分歧:部分用户强调了非自愿深度伪造带来的独特伤害,而另一些人则争论“隐私”或“诽谤”究竟哪种法律框架更适合处理人工智能生成的滥用问题。最终,许多参与者达成共识,认为 X 公司历史上对安全防护措施把关不严,使得 EFF 及其合作伙伴所请求的监管审查显得尤为必要。
相关文章

原文

X Corp. should not be able to escape privacy compliance because it changed its name. 

On May 15, X Corp. filed a petition before the Federal Trade Commission (FTC) to set aside or modify an order issued in 2022 requiring the company to report regularly to the FTC for its violations of user data. The order or “consent decree” is a result of misleading the platforms’ 140 million users by using private information given to secure accounts, like phone numbers and email addresses, for targeted advertising. It also fined the company $150 million for the infraction. As part of an open comments period, EFF and allies including Demand Progress Education Fund (DPEF), National Consumers League (NCL) and Electronic Privacy Information Center (EPIC) call on the FTC to reject this petition.

The 2022 order was a renewal of an order stemming from a previous violation. Back in 2011, Twitter (now X) reached a settlement with the FTC after the regulator found Twitter had failed to secure users’ personal information, resulting in exposure of that data to hackers. The settlement banned the company from misrepresenting its data protection measures, required it to set up safeguards on user data, and regularly report its security posture for twenty years. The renewal updated the expiration of X’s obligations to 2042, but if the FTC accepts X's petition, it would end much sooner.

In arguing to set aside the order, X remarks that since the order in 2011 it has “built an entirely new privacy and information security program staffed by new personnel operating under new leadership with a … philosophy grounded on the importance of privacy and information security.” 

These sweeping assurances that corporate restructuring led to a fundamental change in X’s policy and practices around user data should be met with a healthy dose of skepticism, given evidence to the contrary. For example, the company’s quiet rollout integrated its AI model Grok with the platform in 2024, trained (without meaningful consent) on X user data. The company was also subject to a massive data breach in 2025. Even if a rotation of leadership led to prioritizing privacy and information security, our letter highlights that this would not be sufficient grounds to remove the order, “because the FTC orders bind the corporate entity. Those obligations do not dissolve when the employees who negotiated or administered it depart.”

X argues that its entry into the AI space should be reason not to continue the oversight, claiming that “terminating the Order is critical to advancing American leadership in artificial intelligence.” Here again, broad-stroke claims that the guardrails in place “[diverts] engineering resources from innovation to compliance paperwork” ignores the dangers that AI introduces to user data. Far from being a reason to waive the order, clever attacks on models trained on user data has the ability to supercharge the types of secondary use violations that led to the 2022 order renewal. After all, an entire art has been developed around engineering LLM prompts to reveal the data a model was originally trained on.

Our response to X’s petition debunks many claims the company uses in its arguments. For example, there’s little evidence the order placed an undue financial burden on X. In our letter, we note that the compliance cost is merely “a rounding error against the $200 billion valuation of X Corp. following the xAI merger.”

Strong safeguards on our information require eagle-eyed oversight when that data is abused and misused for profiteering ventures. X’s actions not only showed us this in the past, but continue to do so in the present day. We and our civil society partners urge the FTC to take the clear, sensible path and reject X’s petition.

联系我们 contact @ memedata.com