日中韓自由貿易協定(FTA)交渉の第10 回交渉会合(局長/局次長会合)が開催されます
「活力あふれる『ビンテージ・ソサエティ』の実現に向けて」(研究会報告書)をとりまとめました
自動走行との連携が期待される、地図情報に関する国際規格が発行されました
東京電力株式会社の会社分割について、電気事業法に基づき認可しました
【おすすめ本】孫崎 享 『米国一極支配の終焉と日本の選択』―ポスト冷戦〝後〟の日本外交を問う=森原 康仁(専修大学教授)
LGBT Q&A: How Can I Wipe Online Data That Points To My Queer Identity?
This Pride, we’re answering all your digital rights questions in season two of our initiative, LGBT Q&A.
You Asked: Is there a way for me to wipe data about me online that could point to my queer identity?
EFF’s Answer: You cannot protect everything all the time, but there are ways to wipe information about yourself online.
Most information available about you online will typically be found in two places:
- The site where you voluntarily posted the data, such as your pictures and videos on social media, comments in user reviews and forums, and even classified postings for items you’ve sold.
- A data broker. These companies collect personal information, repackage it, and sell it to the highest bidders. This information often includes your address, phone number, details about your family members, and more.
So you might not want this information out there, especially if it points to your queer identity.
The best time to take steps to protect yourself is before anything bad happens, because once this information is in the hands of bad actors you have fewer options.
To see what information people might find about you online, you can look for it for yourself. This is as simple as opening up a search engine and entering your name, nickname, handle, avatar and seeing what comes up. It can also be worth searching for your address, phone number, and email addresses to check what's out there.
Do this in a private browsing window or a separate browser than the one you normally use to ensure you’re not logged into any accounts that might skew the results, like a Google account.
It’s also best to try to make a lot of your information hard to find in the first place—and we’ve got you covered on how to do this.
- Establish a strong security baseline: use unique passwords (a password manager helps simplify this) and set up two-factor authentication for your online accounts to add an extra layer of protection when logging into your accounts.
- Add our install-and-forget tracker blocking tool, Privacy Badger, which lets you browse in peace and stops the sorts of web trackers that compile information about your habits for advertising purposes and for data brokers.
- Remove your advertising ID on your phone to help prevent some tracking there, too (directions for Android or iPhone). This way less information about you is available for purchase, making it harder for corporations to profit from your online activities.
- Ask data brokers to delete your personal data. You might spend the time doing it yourself. If you’re in California, you can use the Privacy Protection Agency’s tool for this. You also might use professional services like EasyOptOuts and Optery to help minimize the information available about you online from data brokers and similar sources.
- You can remove yourself from Google results by heading to the “Results about you” page, then entering your information. Once set up, you’ll get notifications if some new types of information about you appear in Google Search. Just remember that this will not remove the information from the internet, it just won’t show up in Google’s search.
You also should consider auditing your digital footprint on public-facing social media and forums. Different people have different tolerance for risk when it comes to announcing who we are and what we are doing in these online spaces. You can make a list of every social media or forum account you’ve had over the years, and review the public-facing content about you, including your name, contact information like email addresses or phone numbers, and pictures that might show your home or workplace. You can also review the account settings to ensure you’re comfortable with the privacy options and that you’ve got strong login credentials.
For more in depth advice check out our Surveillance Self Defense guide on managing your digital footprint.
EFF and Allies: X’s FTC Petition to Waive Privacy Violation Order Should be Rejected
X Corp. should not be able to escape privacy compliance because it changed its name.
On May 15, X Corp. filed a petition before the Federal Trade Commission (FTC) to set aside or modify an order issued in 2022 requiring the company to report regularly to the FTC for its violations of user data. The order or “consent decree” is a result of misleading the platforms’ 140 million users by using private information given to secure accounts, like phone numbers and email addresses, for targeted advertising. It also fined the company $150 million for the infraction. As part of an open comments period, EFF and allies including Demand Progress Education Fund (DPEF), National Consumers League (NCL) and Electronic Privacy Information Center (EPIC) call on the FTC to reject this petition.
The 2022 order was a renewal of an order stemming from a previous violation. Back in 2011, Twitter (now X) reached a settlement with the FTC after the regulator found Twitter had failed to secure users’ personal information, resulting in exposure of that data to hackers. The settlement banned the company from misrepresenting its data protection measures, required it to set up safeguards on user data, and regularly report its security posture for twenty years. The renewal updated the expiration of X’s obligations to 2042, but if the FTC accepts X's petition, it would end much sooner.
In arguing to set aside the order, X remarks that since the order in 2011 it has “built an entirely new privacy and information security program staffed by new personnel operating under new leadership with a … philosophy grounded on the importance of privacy and information security.”
These sweeping assurances that corporate restructuring led to a fundamental change in X’s policy and practices around user data should be met with a healthy dose of skepticism, given evidence to the contrary. For example, the company’s quiet rollout integrated its AI model Grok with the platform in 2024, trained (without meaningful consent) on X user data. The company was also subject to a massive data breach in 2025. Even if a rotation of leadership led to prioritizing privacy and information security, our letter highlights that this would not be sufficient grounds to remove the order, “because the FTC orders bind the corporate entity. Those obligations do not dissolve when the employees who negotiated or administered it depart.”
X argues that its entry into the AI space should be reason not to continue the oversight, claiming that “terminating the Order is critical to advancing American leadership in artificial intelligence.” Here again, broad-stroke claims that the guardrails in place “[diverts] engineering resources from innovation to compliance paperwork” ignores the dangers that AI introduces to user data. Far from being a reason to waive the order, clever attacks on models trained on user data has the ability to supercharge the types of secondary use violations that led to the 2022 order renewal. After all, an entire art has been developed around engineering LLM prompts to reveal the data a model was originally trained on.
Our response to X’s petition debunks many claims the company uses in its arguments. For example, there’s little evidence the order placed an undue financial burden on X. In our letter, we note that the compliance cost is merely “a rounding error against the $200 billion valuation of X Corp. following the xAI merger.”
Strong safeguards on our information require eagle-eyed oversight when that data is abused and misused for profiteering ventures. X’s actions not only showed us this in the past, but continue to do so in the present day. We and our civil society partners urge the FTC to take the clear, sensible path and reject X’s petition.