X designates Twitter International Unlimited Company as the data controller for EEA and UK users, and X Corp for other users, and states that EEA and UK users have rights to access, correct, delete, object to, and restrict processing of their personal data.
This analysis describes what X's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision identifies the legal entity responsible for your personal data based on your location and states the privacy rights available to you, which determines who you contact to exercise rights and what legal framework applies to your data.
EEA and UK users have the right to access, correct, delete, object to, or restrict processing of their personal data, and can exercise these rights by contacting Twitter International Unlimited Company. Users outside those regions are subject to X Corp's practices and the rights available under their local law.
How other platforms handle this
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
If you are located in the EEA or UK, you may have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the ...
If you are located in the EEA, UK, or Switzerland, you have certain rights with respect to your personal information, including the right to access your personal data, to correct or delete your personal data, to restrict processing of your personal data, to data portability, and to object to process...
Monitoring
X has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Economic Area (EEA) or United Kingdom, the data controller for your personal information is Twitter International Unlimited Company. If you are located outside of the EEA, United Kingdom, and Switzerland, the data controller is X Corp. You have the right to access, correct, or delete personal information we hold about you. You also have the right to object to or restrict certain types of processing, and where processing is based on your consent, to withdraw that consent at any time. You can also request a machine-readable copy of your personal data.— Excerpt from X's X Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 15-22 (data subject rights), Article 4(7) (definition of data controller), and Article 13 (transparency obligations). UK GDPR mirrors these provisions post-Brexit. The designation of Twitter International Unlimited Company as EEA controller creates regulatory accountability to EU supervisory authorities, principally the Irish Data Protection Commission. Swiss users are subject to the revised Federal Act on Data Protection. GOVERNANCE EXPOSURE: Medium. The controller designation is a standard GDPR compliance mechanism. Governance exposure arises if data subject rights requests are not handled within the statutory timeframes (generally one month under GDPR Article 12) or if the stated lawful bases for processing are challenged by supervisory authorities. JURISDICTION FLAGS: EEA users have the right to lodge complaints with their national data protection authority if they believe their rights are not being respected. UK users can complain to the Information Commissioner's Office. The Irish DPC is the lead supervisory authority for Twitter International Unlimited Company under GDPR's one-stop-shop mechanism. Swiss users have rights under the revised FADP. CONTRACT AND VENDOR IMPLICATIONS: Organizations operating as joint controllers or processors with X in EEA data flows should verify that controller designation and data processing agreements are consistent with the designations stated in this policy. COMPLIANCE CONSIDERATIONS: EEA-based compliance teams should maintain documented records of data subject rights requests and responses, ensure that rights request procedures are operational and accessible, and monitor Irish DPC guidance and enforcement activity relating to X's processing practices.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision identifies the legal entity responsible for your personal data based on your location and states the privacy rights available to you, which determines who you contact to exercise rights and what legal framework applies to your data.
EEA and UK users have the right to access, correct, delete, object to, or restrict processing of their personal data, and can exercise these rights by contacting Twitter International Unlimited Company. Users outside those regions are subject to X Corp's practices and the rights available under their local law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by X.