Elon Musk speaks onstage during The New York Times Dealbook Summit 2023 at Jazz at Lincoln Center on November 29, 2023 in New York City.
Slaven Vlasic | Getty Images
Elon Musk’s X has been hit with a complaint from privacy activist Max Schrems, which alleges the platform broke the European Union’s hard-hitting privacy rules.
Lodged on Thursday by Schrems’ campaign group Noyb with the Dutch data protection authority, the complaint purports that X unlawfully used people’s political views and religious beliefs to target them with ads.
The European Union is also accused of using X to target users based on their political views and religious beliefs.
In the complaint, Schrems alleges that X showed him an ad from the European Commission that promoted online content regulation to tackle child sexual abuse and the grooming of children online.
Schrems says the ad explicitly targets users from the Netherlands and excludes 44 “targeting segments,” such as political parties like Alternative for Germany, Vox, Sinn Fein, and the English Defense League, as well as far-right politicians Viktor Orban and Marine Le Pen.
The ad also does not target people based on their use on X of terms related to “euroscepticism and/or nationalist political views,” according to the complaint.
The filing states that the allegations are based on the ads repository of X.
X was not immediately available for comment when contacted by CNBC. In reply to a CNBC email, the Commission said that it was aware of reports of the campaign and was conducting a “thorough review.”
“Internally, we provide regularly updated guidance to ensure our social media managers are familiar with the rules and that external contractors also apply them in full,” the Commission said.
“Also, in view of an alarming increase in disinformation and hate speech on social media platforms in recent weeks, we advised Commission services already back in October to refrain from advertising at this stage on X.”
The Commission added that, under its Digital Services Act, a major content regulation law in the EU, platforms including X “must not display targeted advertisements based on the sensitive data of a user.”
Per the complaint, X is able to take users’ clicking behavior and replies to tailor content to them — a practice known as “microtargeting.” Microtargeting was used by Cambridge Analytica during the 2016 presidential election to help Donald Trump win the vote by a narrow margin, the complaint notes.
Who is Max Schrems?
Schrems is a high-profile figure in European privacy campaigning. He most notably won a legal battle against Meta parent company Facebook, defeating the company’s use of the EU-U.S. so-called safe harbor data-transferring mechanism to send Europeans’ information to the U.S.
Scrutiny of the complaint is in its early days. It has been filed with the Dutch data protection authority, which is tasked with investigating the main highlights of the complaint to assess whether there was a breach of GDPR.
X has its main European headquarters in Ireland, meaning that the Dublin data watchdog is the primary privacy regulator for the platform in Europe. Schrems is submitting the complaint to the Dutch authority, rather than Ireland, as he is a Dutch citizen.
The complaint could ultimately lead to a full-blown investigation under the European Union’s General Data Protection, a strict EU privacy regulation introduced by the bloc in 2018.
GDPR has led to massive fines for U.S. technology giants, including Amazon and Meta. Under GDPR, firms can be fined up to 4% of their global annual revenues for breaches.
X has been in a hard place lately, with brands including Apple, Disney and Microsoft, pulling ads from the platform due to controversies surrounding Musk, including sharing a post that explored a popular antisemitic conspiracy theory.
Every weekday, the CNBC Investing Club with Jim Cramer holds a “Morning Meeting” livestream at 10:20 a.m. ET. Here’s a recap of Friday’s key moments. 1. The S & P 500 turned higher Friday. The index opened lower after posting its worst one-day performance since Oct. 10. Still, Wall Street remains cautious of Big Tech’s heavy spending and stretched valuations. Jim Cramer reminded investors to stick with profitable companies — like Nvidia and Microsoft , both Club names, and Alphabet — rather than those that make promises they can’t back. While our trusted S & P Short Range Oscillator is not yet oversold, we’re eyeing some select buying opportunities among stocks that have pulled back. We’re preparing to free up more cash as we look to move on from Disney , where linear television networks have been weighing on profits. Jim said Disney is “in denial” about their challenges. 2. Shares of drugmaker Bristol Myers fell more than 3.5% on Friday after a phase 3 trial for one of its experimental drugs was halted due to a patient health issue. The drug in question was not Cobenfy — the schizophrenia treatment we’ve been bullish on for its potential use on Alzheimer’s. A big Cobenfy readout is due by the end of the year. It’s a make-or-break update for us as investors, given management’s consistent issues with execution. “It’s hard to have faith in management after a series of miscues,” said portfolio director Jeff Marks. We’ve been selling the stock, and as Jim said during Thursday’s November Monthly Meeting , if the shares resume their recent rise, we would look to trim further. 3. Looking ahead to next week, there are four Club names reporting earnings, starting with Home Depot on Tuesday before the opening bell. The near-term setup makes it challenging to maintain a positive stance due to the current elevated state of mortgage rates. At the same time, there’s a significant amount of pent-up demand in the housing sector, which should be beneficial for the home improvement retailer. Next up is TJX on Wednesday before the opening bell. The off-price retailer is a big under-promise, over-deliver story, as it tends to beat the high end of guidance. Nvidia also reports on Wednesday, but after the closing bell. There are a lot of bears on the stock right now, but Jim maintains his “own it, don’t trade it” stance. Finally, cybersecurity firm Palo Alto Networks reports on Wednesday, after the bell, and we’re interested in hearing how management plans to beef up its agent-based security. 4. Stocks covered in Friday’s rapid fire at the end of the video were: Applied Materials , Walmart , Gap , and Nucor . (Jim Cramer’s Charitable Trust is long DIS, BMY, HD, TJX, NVDA, PANW. See here for a full list of the stocks.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
An exterior view of the new JPMorgan Chase global headquarters building at 270 Park Avenue on Nov. 13, 2025 in New York City.
Angela Weiss | AFP | Getty Images
JPMorgan Chase has secured deals ensuring it will get paid by the fintech firms responsible for nearly all the data requests made by third-party apps connected to customer bank accounts, CNBC has learned.
The bank has signed updated contracts with fintech middlemen that make up more than 95% of the data pulls on its systems, including Plaid, Yodlee, Morningstar and Akoya, according to JPMorgan spokesman Drew Pusateri.
“We’ve come to agreements that will make the open banking ecosystem safer and more sustainable and allow customers to continue reliably and securely accessing their favorite financial products,” Pusateri said in a statement. “The free market worked.”
The milestone is the latest twist in a long-running dispute between traditional banks and the fintech industry over access to customer accounts. For years, middlemen like Plaid paid nothing to tap bank systems when a customer wanted to use a fintech app like Robinhood to draw funds or check balances.
That dynamic appeared to be enshrined in law in late 2024 when the Biden-era Consumer Financial Protection Bureau finalized what is known as the “open-banking rule” requiring banks to share customer data with other financial firms at no cost.
But banks sued to prevent the CFPB rule from taking hold and seemed to gain the upper hand in May after the Trump administration asked a federal court to vacate the rule.
Soon after, JPMorgan — the largest U.S. bank by assets, deposits and branches — reportedly told the middlemen that it would start charging what amounts to hundreds of millions of dollars for access to its customer data.
In response, fintech, crypto and venture capital executives argued that the bank was engaging in “anti-competitive, rent-seeking behavior” that would hurt innovation and consumers’ ability to use popular apps.
After weeks of negotiations between JPMorgan and the middlemen, the bank agreed to lower pricing than it originally proposed, while the fintech middlemen won concessions regarding the servicing of data requests, according to people with knowledge of the talks.
Fintech firms preferred the certainty of locking in data-sharing rates because it is unclear whether the current CFPB, which is in the process of revising the open-banking rule, will favor banks or fintechs, according to a venture capital investor who asked for anonymity to discuss his portfolio companies.
The bank and the fintech firms declined to disclose details about their contracts, including how much the middlemen agreed to pay and how long the deals were in force.
Wider impact
The deals mark a shift in the power dynamic between banks, middlemen and the fintech apps that are increasingly threatening incumbents. More banks are likely to begin charging fintechs for access to their systems, according to industry observers.
“JPMorgan tends to be a trendsetter. They’re sort of the leader of the pack, so it’s fair to expect that the rest of the major banks will follow,” said Brian Shearer, director of competition and regulatory policy at the Vanderbilt Policy Accelerator.
Shearer, who worked at the CFPB under former director Rohit Chopra, said he was worried that the development would create a barrier of entry to nascent startups and ultimately result in higher costs for consumers.
Source: Robinhood
Proponents of the 2024 CFPB rule said it gave consumers control over their financial data and encouraged competition and innovation. Banks including JPMorgan said it exposed them to fraud and unfairly saddled them with the rising costs of maintaining systems increasingly tapped by the middlemen and their clients.
When Plaid’s deal with JPMorgan was announced in September, the companies issued a dual press release emphasizing the continuity it provided for customers.
But the industry group that Plaid is a part of has harshly criticized the development, signaling that while JPMorgan has won a decisive battle, the ongoing skirmish may yet play out in courts and in the public.
“Introducing prohibitive tolls is anti-competitive, anti-innovation, and flies in the face of the plain reading of the law,” said Penny Lee, CEO of the Financial Technology Association, told CNBC in response to the JPMorgan milestone.
“These agreements are not the free market at work, but rather big banks using their market position to capitalize on regulatory uncertainty,” Lee said. “We urge the Trump Administration to uphold the law by maintaining the existing prohibition on data access fees.”
Govini has fired Eric Gillespie from its board of directors after the founder was charged with attempting to solicit sexual contact with a minor online.
“The actions of one depraved individual should not in any way diminish the hard work of the broader team and their commitment to the security of the United States of America,” the defense software startup said in a release late Wednesday.
The company said the 57-year-old had no access to classified information since stepping down as CEO nearly ten years ago.
On Monday, the Pennsylvania Attorney General’s Office charged Gillespie with four felonies, including multiple counts of unlawful contact with a preteen.
A judge denied bail for Gillespie, who lived in Pittsburgh, citing flight risk and public safety concerns.
At the time, the Pentagon officials told CNBC that they were investigating the arrest and possible security risks.
Read more CNBC tech news
Last month, the Arlington, Virginia-based startup surpassed $100 million in annual recurring revenue and announced a $150 million growth investment from Bain Capital.
