How to reclaim your data from Google, Facebook, Microsoft, Apple under GDPR
We reveal how the web's biggest data hoarders have responded to the new regulations and how you can take control of your privacy
Given how eager companies have taken to their new responsibilities, we thought we'd look at exactly how web companies have responded to the new rules and reveal how you can now view, manage and reclaim the personal data that's been collected about you.
Facebook CEO Mark Zuckerberg has declared his intention to uphold "the spirit" of the GDPR. However, the data of non-US Facebook users is currently held in Ireland, which is subject to the new data-protection laws, so Facebook has (unsurprisingly) decided to transfer 1.5 billion users out of the EU's jurisdiction and place them under the governance of the less stringent US privacy laws instead.
Thanks to GDPR, Facebook can now offer face recognition to EU users
Last month, Facebook updated its terms and data policy to comply with GDPR, asking all its users to "make choices" about whether they want to see ads based on data from Facebook's partners and continue to share 'sensitive' information (as defined by GDPR) in their profiles.
Significantly, you can now also decide whether or not to turn on face recognition, which allows Facebook to identify you in photos and videos so friends can instantly tag you.
Previously, this feature was forbidden in Europe for privacy reasons, but the new regulation means Facebook can now offer the option to EU users, as long as it's transparent about what data is processed and why.
Reclaim your data:
Facebook already allows you to download all the information the company holds about you, and its new Access Your Information tool lets you further review information you've posted or shared, such as likes, comments, videos, your location and your search history. Within your account, you can review and manage things you share your 'Activity log', and delete anything you don't like the look of. You can also delete your entire Facebook account and all the data it contains.
Facebook now lets you review and manage all your data via a single hub
Usefully, all these options are now available through a single hub, which you can access by clicking the down arrow in the top-right of Facebook and choosing Settings, then Your Facebook Information. This increased transparency seems just as much to do with the Cambridge Analytica scandal as with GDPR, but we're pleased that Facebook is finally addressing at least some long-standing privacy concerns.
The notoriously data-hungry Google has made a number of changes to comply with GDPR, including limiting the data-processing of users under the age of 16 and supporting businesses who want to display non-personalised ads online. It's also rolled out a password-protected option in Gmail, which limits confidential emails to 'read-and-reply' before they're deleted after a set time.
When it comes to obtaining explicit consent, Google appears to be outsourcing this option to advertisers and publishers, stating in a blog post that "the revised policy will require that publishers take extra steps in obtaining consent from their users".
Reclaim your data:
You can review all the data Google has stored about you on your Dashboard, including your search history, saved locations, synced bookmarks, Android devices and much more. On the same page, you can stop it collecting certain information by turning off Location History, Web & App Activity and YouTube Watch History, and download a copy of your data as a ZIP or TGZ file.
Review and reclaim your personal data from Google via your personal dashboard
To delete specific data Google has gathered, go to myactivity.google.com/myactivity and choose 'Delete activity by', or else visit myaccount.google.com/deleteaccount to delete your whole account.
To comply with GDPR, Microsoft has just introduced parental-consent verification for children's accounts. This new authentication process requires parents and guardians to grant their permission for users aged under 16 to open a Microsoft account, so the child's data can be 'processed' legally under the new EU rules. Verification may involve charging a small non-refundable fee to your credit card or debit card - see here for details.
Microsoft's 'Privacy dashboard' is a central hub for your data and privacy settings
Microsoft has also launched a Compliance Manager tool to help businesses prepare for GDPR, and has added a new Data Privacy tab to its Office 365 and Azure suites that lets customers manage and execute requests from data subjects.
Reclaim your data:
To reclaim the data that Microsoft has amassed on you through tools such as Bing and Cortana, visit your 'Privacy dashboard' at account.microsoft.com/privacy - a site the company launched last year, possibly in anticipation of GDPR.
Download an archive of the personal data that Microsoft has collected from you
As with Google's similar hub, this lets you view and delete information that's been collected about your activities, including your browsing and search histories, locations you've been to (gathered via GPS), voice commands you've used and even details of your interests. Click 'Download your data' at the top of the page to create an archive of this personal info.
The Dashboard also provides details of how to adjust your privacy settings for Microsoft products such as Windows, Skype and Xbox, and lets you switch off online ads that are "tailored to your interests based on your previous activities, searches and site visits".
Twitter probably stores a lot more personal data about you than you realise
Reclaim your data:
On GDPR-enforcement day, Twitter will direct you to your 'Settings and Privacy' page, and ask you to review your current settings, such as who can tag you in photos, find you using your email address or phone number, and target you with personalised ads.
You can request a file containing all your Twitter data and an advertiser list
You can also now review and download the data Twitter holds on you by opening the 'Your Twitter data' section of the 'Settings and Privacy' page. This eye-opening information includes your gender ("based on your profile and activity"), the places you've been, the browsers and devices you use, and what Twitter has inferred your interests to be - you can deselect any that don't "look right". Click the 'Request data' button at the bottom of the page to receive an email attachment containing all this data. Interestingly, you can also request a list of all the advertisers who target you.
If you use Amazon Web Services (AWS), you'll be pleased to know the secure cloud service is already GDPR-compliant. This includes personal data encryption, updated data-processing agreements and improved processes for assessing data security. That's great for companies and individuals who use AWS, but Amazon has yet to detail the effect of GDPR-compliant changes on everyday customers who use its websites, apps and devices, such as the Echo smart speaker.
Turn off browsing history to stop Amazon from keeping a record of the items you view
Incidentally, the only mention of smart speakers in the GDPR documentation is a point that says: "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling". This suggests smart speakers such as the Echo and Google Home will need to seek their users' consent (possibly during setup) to process their data without breaching GDPR rules.
Reclaim your data:
Although unrelated to GDPR, you can see some of the data Amazon 'processes' about you by visiting Your Browsing History, including your recently viewed items, recent orders and public profile. To regain a degree of privacy, delete your browsing history, turn the feature off and tick 'Don't use for recommendations' next to items you've purchased.
Under GDPR, the Amazon Echo may require your consent to process your data
As we explained in last issue's cover feature, it's possible but not easy to delete your Amazon account by contacting the company directly. However, you can't delete your Amazon order history, because the store treats it as a transaction record, just like your bank or credit card company.
It's currently unclear how this will be affected by GDPR. In the US, Amazon.com lets you download your entire order history, including details of how much you've spent, as a CSV file. You can get similar info in the UK by installing the unofficial Chrome extension Amazon Order History Reporter.
Apple has promoted itself as a privacy-first business for some time now, so is suitably unruffled by GDPR. When setting up a new Apple device, such as an iPhone, iPad, MacBook or Apple TV, you'll now see a new Data & Privacy screen that shows you precisely how Apple processes your information.
Apple now explains how it processes your data when you set up a new device
According to the tech giant: "When we use data to create better experiences for you, we work hard to do it in a way that doesn't compromise your privacy". In other words, Apple products operate a privacy-by-design policy, which is a core GDPR requirement.
Reclaim your data:
By the time you read this, Apple will have updated its web page for managing your Apple ID, with a new option that lets you download a copy of all your personal information stored by the company.
This includes your contacts, calendar, photos, songs you stream via Apple Music and preferences. The page will also let you correct specific details about you, and temporarily deactivate or completely delete your account. Previously, you could download your data and delete your account by contacting Apple directly.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now