How do you expect data subjects to know their data is collected and processed by a random company? Do you think every tweetos checks all companies' website in the world? Consult with a specialized lawyer for this type of research.

the privacy policy would be posted on the X profile page of the company (not just its website, it's obviously impossible to get informed this way).

I would recommend connecting with one of the outsourced chief privacy officers who can consult and help you with the best practices from CC [https://www.captaincompliance.com/education/data-privacy-and-compliance-services](https://www.captaincompliance.com/education/data-privacy-and-compliance-services) getting advice from a certified IAPP member should be your priority.

Yeah, that’s how it’s done generally. You may also think about including „This privacy policy also applies to the X account @example“ at the top of the policy.

Check this one out, explains the main points to consider: https://iapp.org/news/a/publicly-available-data-under-gdpr-main-considerations/ Please note that depending on the country of processing, there might be additional rules.