AI Forensics exported ad data from X's Ads Repository covering roughly twenty months of activity, September 2023 through May 2025. Researchers manually inspected the targeting options advertisers chose, flagging any that appeared to infer categories the GDPR treats as sensitive: health conditions, political opinions, religious belief, sexual orientation, ethnic origin. They found the Dell, TotalEnergies, and Saudi PIF examples among others, and their archived data is publicly available for independent review (AI Forensics).

One methodological caveat matters. X denied the team API access, so the study relied on manual inspection of a limited advertiser sample. Le Monde, covering the same investigation, reported that many ads used sensitive targeting criteria in ways likely to conflict with EU law, according to AI Forensics, which cited that reporting directly. How widespread the practice is across X's full advertiser base is unknown. The data shows what was possible and what some major brands did; it does not establish the full scope.

The inference mechanism is also worth understanding precisely. None of these advertisers necessarily attached a label like "gay" or "diabetic" to a specific user profile. The system works through keywords: a user who follows certain accounts or engages with certain content gets grouped into a keyword audience. The advertiser selects "interest in [medication name]" or "interest in [political figure's name]" and reaches that group. No protected label is applied explicitly. Researchers argue this still functions as targeting by a sensitive category in practice, which is why they characterize it as raising GDPR concerns though as of the cited materials, no regulator has ruled on X's specific platform practices.

The transparency paradox here is real. X looks worse in this story partly because it disclosed more. Its Ads Repository reveals the actual keywords advertisers use to target users; Meta, by contrast, limits its ad disclosures to broad demographic information, according to AI Forensics. The absence of comparable data from Meta, Google, or TikTok is not evidence those platforms behave differently. It is evidence they are harder to investigate. Opacity is not protection; it is concealment dressed as policy.

The X findings expose one layer of a larger system. Understanding why it matters requires seeing both layers together.

On X, the inference is internal. The platform matches a user's follows and engagement signals against advertiser keyword lists before the ad ever appears. The advertiser sees an audience segment; the user sees an ad; the matching step happens invisibly between them. X shows what a closed platform can infer and act on from its own behavioral data.

The second layer runs across most of the open web, and it operates at a scale that makes the platform-specific problem look contained. Nearly every time a person loads a page or opens an app, a real-time bidding auction begins in the background, completing in the milliseconds before the ad populates on screen. A supply-side platform sends a bid request to advertising exchanges containing granular user data device identifiers, IP address, GPS location, browsing history, and personal characteristics. The exchange broadcasts that data to multiple potential buyers simultaneously, with only one winning the placement (FTC). The Electronic Privacy Information Center estimates this happens roughly 178 trillion times annually across the US and Europe.

Every losing bidder in that auction still receives the data broadcast. The FTC has noted that few, if any, technical controls prevent those parties from retaining or repurposing it after the auction ends (FTC). The complaint against Mobilewalla alleged exactly this: the company was retaining data from auctions it had lost, in violation of the exchanges' own terms. The architecture invites the abuse it cannot technically prevent.

Location data illustrates how much these signals can reveal without ever touching a named sensitive category. The FTC has stated directly that location data reveals where people live, work, and worship, where they seek medical care, and whether they attend political events or protests calling it "sensitive data, full stop" (FTC). An advertiser does not need to ask whether a user is religious or politically active. The signal from a pattern of location visits answers the question anyway.

The harms from RTB data are not hypothetical. EPIC documents that bidstream data was used to profile attendees at Black Lives Matter protests, that it was implicated in the outing of a gay Catholic priest, and that the Irish Council for Civil Liberties uncovered its use to identify likely survivors of sexual abuse. These were not deliberate campaigns by any single advertiser. They were downstream consequences of a system that broadcasts personal data to potentially dozens of bidders per auction, with no reliable mechanism to control what happens to it afterward.

Enforcement has started. The "first-ever" framing attached to recent settlements is worth reading carefully: it marks genuine progress, but it also reveals how long the oversight gap ran.

In January 2024, the FTC settled with data broker X-Mode Social and its successor Outlogic in what the agency described as its first-ever action against a data broker over the collection and sale of sensitive location data. The FTC's complaint established that the company sold precise, non-anonymized location data linked to mobile advertising IDs data capable of tracking individuals to reproductive health clinics, places of worship, and domestic abuse shelters. It had no policies to filter sensitive locations from the data it sold until May 2023, according to the FTC. In at least one documented contract, the company sold audience data built from visits to medical facilities and pharmacies to a private clinical research company for marketing purposes.

The FTC's Mobilewalla action, settled in December 2024, introduced what the agency described as its first restrictions specifically governing how bidders may use consumer data accessed through ad auctions, including a ban on retaining data for any purpose beyond the auction itself (FTC). Both cases addressed practices that had been operating for years before any formal action.

Broader regulatory attention has grown. Targeted advertising has drawn scrutiny from the European Data Protection Board, the White House Office of Science and Technology Policy, and other bodies, according to Northwestern's Journal of Technology and Intellectual Property. The cited materials do not show a regulator ruling specifically on X's ad targeting system, and the legal status of X's platform practices remains unresolved.

The limits of reforms already in place are also significant. Some major platforms have deprecated third-party cookies under regulatory and market pressure. Northwestern researchers found this does not prevent topic-based or keyword-based targeting from continuing precisely the mechanism AI Forensics documented on X. Cookie deprecation removes one data collection method while leaving the category and keyword inference systems intact. Consent banners and ad-topic toggles work at the interface level; they do not reach the RTB broadcast layer, where data distribution happens before a user has any practical opportunity to intervene. The privacy exposure in RTB is structural. It is not something individual settings can fix.

The practical implication of all this is specific, and it cuts against how most people understand online advertising. The ad you see is the visible artifact. The privacy event is what happened upstream: your data broadcast to potentially dozens of bidders before any ad loaded, to parties whose names you will never encounter and whose data practices you cannot audit.

What the AI Forensics investigation clarifies is that platform transparency can function as a meaningful scrutiny tool not just a compliance gesture. X's repository allowed independent researchers to document actual advertiser behavior against named categories, something that other platforms' opacity makes structurally impossible. Requiring ad repositories to disclose targetable keyword categories, not just ad creatives and broad demographics, would give regulators and the public the same visibility into Meta or Google that AI Forensics found in X.

Enforcement is moving. The X-Mode and Mobilewalla settlements confirm that regulators now treat these data practices as legal violations (FTC; FTC). But each settlement addresses a specific company's specific conduct, while the RTB architecture that distributes user data to potentially dozens of bidders per page load, roughly 178 trillion times a year, continues running underneath all of it. Enforcement is catching up. It is doing so one first-ever settlement at a time.