X can't shirk FTC privacy settlement, or block Elon Musk's deposition

In court on Thursday, X attorney Daniel Koffman said there has been “uncommon and alarming conduct by a government agency.”

Nov 17, 2023 - 06:56
X can't shirk FTC privacy settlement, or block Elon Musk's deposition

Elon Musk and X, the social media company formerly known as Twitter, can't get out from under the thumb of the Federal Trade Commission, a federal judge ruled.

In an 11-page order issued less than an hour after a hearing in San Francisco federal court on Thursday, U.S. Magistrate Judge Thomas Hixson ruled he has no authority over the FTC’s administrative proceedings and declined to throw out or pause the settlement. He also said he has no authority to bar the agency from deposing the company’s owner and former CEO, Elon Musk.

X has accused the FTC, led by Chair Lina Khan, of misconduct and bias against both the company and Musk. X claimed the FTC issued an inappropriate barrage of demands for documents and testimony accusing it of not complying with the settlement after Musk took control of the company in October 2022. The agency’s bias against the company necessitates nixing the settlement, the company said.

In court on Thursday, X attorney Daniel Koffman said there has been “uncommon and alarming conduct by a government agency.” Central to those allegations is the claim that the FTC pressured Ernst & Young, the auditor overseeing compliance with the settlement, to make a finding that the company engaged in misconduct.

Yet in his ruling, Hixson said his order approving the settlement is separate from the administrative agreement X entered into with the FTC, a matter he has no authority over. Hixson said his oversight is limited to enforcement of a related $150 million fine and the FTC’s cooperation with the Justice Department in the investigation.

An FTC spokesperson declined to comment. A spokesperson for X did not immediately respond for comment.

Twitter has had a consent decree with the FTC since 2011 to resolve cybersecurity vulnerabilities that resulted in data breaches in 2009. The order put strict requirements on the company, including mandated independent audits of its privacy and security practices. The order was renewed last year due to violations of the previous 2011 order.