How to reclaim your data from Google, Facebook, Microsoft, Apple under GDPR

We reveal how the web's biggest data hoarders have responded to the new regulations and how you can take control of your privacy

You've probably received several emails from companies over the last few weeks, asking if you're happy for them to keep sending you marketing messages. Or perhaps you've been notified by a website or app to "changes to our privacy policy", and asked to agree to the updated terms. The reason for this sudden obsession with small print is GDPR, which has been described as "the most important change in data-privacy regulation in 20 years".

Given how eager companies have taken to their new responsibilities, we thought we'd look at exactly how web companies have responded to the new rules and reveal how you can now view, manage and reclaim the personal data that's been collected about you.


Facebook CEO Mark Zuckerberg has declared his intention to uphold "the spirit" of the GDPR. However, the data of non-US Facebook users is currently held in Ireland, which is subject to the new data-protection laws, so Facebook has (unsurprisingly) decided to transfer 1.5 billion users out of the EU's jurisdiction and place them under the governance of the less stringent US privacy laws instead.

Thanks to GDPR, Facebook can now offer face recognition to EU users

Last month, Facebook updated its terms and data policy to comply with GDPR, asking all its users to "make choices" about whether they want to see ads based on data from Facebook's partners and continue to share 'sensitive' information (as defined by GDPR) in their profiles.

Significantly, you can now also decide whether or not to turn on face recognition, which allows Facebook to identify you in photos and videos so friends can instantly tag you.

Previously, this feature was forbidden in Europe for privacy reasons, but the new regulation means Facebook can now offer the option to EU users, as long as it's transparent about what data is processed and why.

Reclaim your data:

Facebook already allows you to download all the information the company holds about you, and its new Access Your Information tool lets you further review information you've posted or shared, such as likes, comments, videos, your location and your search history. Within your account, you can review and manage things you share your 'Activity log', and delete anything you don't like the look of. You can also delete your entire Facebook account and all the data it contains.

Facebook now lets you review and manage all your data via a single hub

Usefully, all these options are now available through a single hub, which you can access by clicking the down arrow in the top-right of Facebook and choosing Settings, then Your Facebook Information. This increased transparency seems just as much to do with the Cambridge Analytica scandal as with GDPR, but we're pleased that Facebook is finally addressing at least some long-standing privacy concerns.


The notoriously data-hungry Google has made a number of changes to comply with GDPR, including limiting the data-processing of users under the age of 16 and supporting businesses who want to display non-personalised ads online. It's also rolled out a password-protected option in Gmail, which limits confidential emails to 'read-and-reply' before they're deleted after a set time.

When it comes to obtaining explicit consent, Google appears to be outsourcing this option to advertisers and publishers, stating in a blog post that "the revised policy will require that publishers take extra steps in obtaining consent from their users".

Reclaim your data:

You can review all the data Google has stored about you on your Dashboard, including your search history, saved locations, synced bookmarks, Android devices and much more. On the same page, you can stop it collecting certain information by turning off Location History, Web & App Activity and YouTube Watch History, and download a copy of your data as a ZIP or TGZ file.

Review and reclaim your personal data from Google via your personal dashboard

To delete specific data Google has gathered, go to and choose 'Delete activity by', or else visit to delete your whole account.


To comply with GDPR, Microsoft has just introduced parental-consent verification for children's accounts. This new authentication process requires parents and guardians to grant their permission for users aged under 16 to open a Microsoft account, so the child's data can be 'processed' legally under the new EU rules. Verification may involve charging a small non-refundable fee to your credit card or debit card - see here for details.

Microsoft's 'Privacy dashboard' is a central hub for your data and privacy settings

Microsoft has also launched a Compliance Manager tool to help businesses prepare for GDPR, and has added a new Data Privacy tab to its Office 365 and Azure suites that lets customers manage and execute requests from data subjects.

Reclaim your data:

To reclaim the data that Microsoft has amassed on you through tools such as Bing and Cortana, visit your 'Privacy dashboard' at - a site the company launched last year, possibly in anticipation of GDPR.

Download an archive of the personal data that Microsoft has collected from you

As with Google's similar hub, this lets you view and delete information that's been collected about your activities, including your browsing and search histories, locations you've been to (gathered via GPS), voice commands you've used and even details of your interests. Click 'Download your data' at the top of the page to create an archive of this personal info.

The Dashboard also provides details of how to adjust your privacy settings for Microsoft products such as Windows, Skype and Xbox, and lets you switch off online ads that are "tailored to your interests based on your previous activities, searches and site visits".


Twitter has already made several changes to its privacy policy and settings as part of a "longstanding commitment to transparency" - and of course the introduction of GDPR. In keeping with the new rule that companies must explain their privacy policies using plain language, Twitter has expanded and revised content "to make sure that some of the more legalistic or technical language is as clear as possible", particularly regarding your location data and data from Twitter's advertising partners.

Twitter probably stores a lot more personal data about you than you realise

A blog post by Twitter's Data Protection Officer states that on 25 May, EU users will see a message explaining the changes to Twitter's Terms of Service and Privacy Policy, as well as a chart that "categorises the legal basis for the personal data we process". Twitter says that all users outside the US will be protected under GDPR.

Reclaim your data:

On GDPR-enforcement day, Twitter will direct you to your 'Settings and Privacy' page, and ask you to review your current settings, such as who can tag you in photos, find you using your email address or phone number, and target you with personalised ads.

You can request a file containing all your Twitter data and an advertiser list

You can also now review and download the data Twitter holds on you by opening the 'Your Twitter data' section of the 'Settings and Privacy' page. This eye-opening information includes your gender ("based on your profile and activity"), the places you've been, the browsers and devices you use, and what Twitter has inferred your interests to be - you can deselect any that don't "look right". Click the 'Request data' button at the bottom of the page to receive an email attachment containing all this data. Interestingly, you can also request a list of all the advertisers who target you.


If you use Amazon Web Services (AWS), you'll be pleased to know the secure cloud service is already GDPR-compliant. This includes personal data encryption, updated data-processing agreements and improved processes for assessing data security. That's great for companies and individuals who use AWS, but Amazon has yet to detail the effect of GDPR-compliant changes on everyday customers who use its websites, apps and devices, such as the Echo smart speaker.

Turn off browsing history to stop Amazon from keeping a record of the items you view

Incidentally, the only mention of smart speakers in the GDPR documentation is a point that says: "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling". This suggests smart speakers such as the Echo and Google Home will need to seek their users' consent (possibly during setup) to process their data without breaching GDPR rules.

Reclaim your data:

Although unrelated to GDPR, you can see some of the data Amazon 'processes' about you by visiting Your Browsing History, including your recently viewed items, recent orders and public profile. To regain a degree of privacy, delete your browsing history, turn the feature off and tick 'Don't use for recommendations' next to items you've purchased.

Under GDPR, the Amazon Echo may require your consent to process your data

As we explained in last issue's cover feature, it's possible but not easy to delete your Amazon account by contacting the company directly. However, you can't delete your Amazon order history, because the store treats it as a transaction record, just like your bank or credit card company.

It's currently unclear how this will be affected by GDPR. In the US, lets you download your entire order history, including details of how much you've spent, as a CSV file. You can get similar info in the UK by installing the unofficial Chrome extension Amazon Order History Reporter.


Apple has promoted itself as a privacy-first business for some time now, so is suitably unruffled by GDPR. When setting up a new Apple device, such as an iPhone, iPad, MacBook or Apple TV, you'll now see a new Data & Privacy screen that shows you precisely how Apple processes your information.

Apple now explains how it processes your data when you set up a new device

According to the tech giant: "When we use data to create better experiences for you, we work hard to do it in a way that doesn't compromise your privacy". In other words, Apple products operate a privacy-by-design policy, which is a core GDPR requirement.

Reclaim your data:

By the time you read this, Apple will have updated its web page for managing your Apple ID, with a new option that lets you download a copy of all your personal information stored by the company.

This includes your contacts, calendar, photos, songs you stream via Apple Music and preferences. The page will also let you correct specific details about you, and temporarily deactivate or completely delete your account. Previously, you could download your data and delete your account by contacting Apple directly.

Image: Shutterstock

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
How computing has revolutionised Formula 1

How computing has revolutionised Formula 1

11 Nov 2020