More Legal Troubles for Elon Musk as X User Wins Shadowbanning Case

The company formerly known as Twitter, now rebranded as X, is facing significant legal challenges.

Elon Musk’s X has been hit with initial grievances by the European Union for suspected breaches of the Digital Services Act (DSA), which could result in penalties of up to 6% of global annual turnover for confirmed violations.

This isn’t the only setback Musk’s X has faced recently. TechCrunch reports that earlier this month, X was found to have violated multiple provisions of both the DSA and the General Data Protection Regulation (GDPR) following a legal challenge by an individual over shadowbanning.

X has been long criticized for its arbitrary shadowbanning practices, a severe issue for a platform advocating free speech. Danny Mekić, a PhD student, took legal action after discovering that X had applied visibility restrictions to his account last October. The restrictions followed his sharing of a news article related to a law proposal to scan private messages for child sexual abuse material (CSAM). X did not inform Mekić of the shadowban, which was a central issue in the litigation.

Mekić only realized his account was restricted when third parties informed him they could no longer see his replies or find his account in search suggestions. His attempts to contact X directly failed, leading him to file legal claims in the Netherlands under the EU Small Claims process. He alleged that X violated the DSA by failing to provide a point of contact (Article 12) and not giving a statement of reasons (Article 17) for the shadowban.

As a premium subscriber, Mekić also sued for breach of contract. Additionally, he filed claims under the GDPR for X’s failure to provide personal data information as required by EU law.

Court Rulings and Implications On July 5, a court ruled that X's Irish subsidiary (still known as Twitter) breached its contract and ordered compensation for Mekić. The court mandated that X provide Mekić with a point of contact within two weeks or face fines of €100 per day. The court also agreed that X should have provided a statement of reasons for the shadowban and deemed X’s terms and conditions in breach of the EU’s Unfair Terms in Consumer Contracts Directive.

On July 4, the court ruled on the GDPR case, finding that X significantly affected Mekić’s professional visibility and employment prospects by shadowbanning him. The court ordered X to provide meaningful information about the automated decision-making process and the withheld personal information within a month. If X fails to comply, it faces fines of up to €4,000 per day.

The rulings could have broader implications for the enforcement of the DSA and GDPR against X. Privacy advocates have long criticized the under-enforcement of the GDPR against major platforms, and this case highlights the need for robust regulatory oversight.