Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has jurisdiction over cross-border data practices and consumer privacy disclosures for US-based platforms.', 'full_name': 'Federal Trade Commission (FTC)', 'description': 'Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.', 'who_can_file': "Anyone affected by the company's practices (US or international)", 'complaint_url': 'https://reportfraud.ftc.gov/', 'what_you_need': 'Your account details, a timeline of relevant events, and a description of the specific issue', 'what_to_expect': 'Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation'}

What is the severity of this clause?

ConductAtlas classifies this International Data Transfer Consent clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

International Data Transfer Consent — X

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for X Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

By using X, you agree that your personal information can be transferred to and stored in the United States, Ireland, and other countries, which may have different privacy laws than your home country.

ⓘ

This analysis describes what X's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause operationalizes international data transfers as a component of the service's data handling framework, placing the legal basis for cross-border data movement within the scope of service use consent rather than requiring separate consent mechanisms.

Consumer impact (what this means for users)

Users in the EU, UK, and other jurisdictions with strong data protection laws may find their data subject to less protective legal regimes once transferred internationally. This is particularly significant for EU users given GDPR cross-border transfer restrictions.

How other platforms handle this

Windsurf Medium

If you are a resident in the EEA, Switzerland or the UK, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We may transfer Personal Information from the EEA, Switzerland or the UK to the U.S. and other third countries ...

Tabnine Medium

Tabnine is headquartered in the United States and operates globally. If you are located outside the United States, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home country. We rely on ap...

OpenAI Medium

We may share or transfer personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

See all platforms with this clause type →

Monitoring

X has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
You understand that through your use of the Services you consent to the collection and use (as set forth in the Privacy Policy) of this information, including the transfer of this information to the United States, Ireland, and/or other countries for storage, processing and use by us and our affiliates.

— Excerpt from X's X Terms of Service

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

Consent-based international data transfers under Article 49 GDPR are a high-risk mechanism that may not satisfy adequacy requirements; compliance teams should assess whether X relies on Standard Contractual Clauses or other transfer mechanisms as primary safeguards.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

Federal Trade Commission (ftc)

Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.

Who can file: Anyone affected by the company's practices (US or international)

What you need: Your account details, a timeline of relevant events, and a description of the specific issue

What to expect: Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation

File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

UK GDPR

United Kingdom

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

X Terms of Service

Entity

Document last updated

May 5, 2026

Tracking information

First tracked

March 6, 2026

Last verified

March 9, 2026

Record ID

CA-P-000260

Document ID

CA-D-00029

Evidence Provenance

Source URL

https://twitter.com/en/tos

Wayback Machine

View archived versions →

Content hash (SHA-256)

d71792a04e7ac686eb73a0bc5ed003d144856e19f5a48503c1e42af9dc2dd8e3

Analysis generated

March 6, 2026 20:08 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: X
Document: X Terms of Service
Record ID: CA-P-000260
Captured: 2026-03-06 20:08:59 UTC
SHA-256: d71792a04e7ac686…
URL: https://conductatlas.com/platform/x/x-terms-of-service/international-data-transfer-consent/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

High

Other risks in this policy

Broad Royalty-Free Content License high
$100 Aggregate Liability Cap high
Account Termination for Inactivity or Commercial Inviability high
Broad Content Enforcement and Removal Rights medium
Minimum Age Requirement (13 Years) medium
DMCA Copyright Reporting Process medium

Related Analysis

Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
23andMe Is Bankrupt. What Happens to Your DNA Now?
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does X's International Data Transfer Consent clause do?

How does this clause affect you?

Is ConductAtlas affiliated with X?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by X.