The new European General Data Protection Regulation has now been in effect for some time. But have you ever tried to view your private data with large companies like Amazon or Facebook? We conducted a self-experiment and requested our data from Google, Amazon, WhatsApp, Facebook, Instagram, and Apple.
How Can You View Your Data Under GDPR?
The EU Data Protection Regulation gives you the right to control what happens to your data and what data is stored about you. In principle, data may only be stored for as long as necessary, and only data that is absolutely essential should be collected.
As a consumer, you also have the right to request a copy of your data. The request can be made informally, by mail or electronically. You don’t need a template or sample for this. A response from the company should then be provided within one month. And it must be possible, among other things, to have this data deleted. More detailed information is available, for example, on the consumer advice center’s website:
Many large companies have pre-made forms for data access requests to make it easier for users. In practice, it looks like this:
- Google: Simply visit https://takeout.google.com, enter your data, and wait.
- Amazon: The process is more complicated with Amazon. Under ‘Contact’, choose ‘Other’ as the reason and then select the topic ‘Request data privacy information’. And wait…
- WhatsApp: WhatsApp has a suitable function directly in the app under ‘Settings’, ‘Account’, ‘Request account info’.
- Facebook: When logged in, you’ll find the option ‘Download a copy of your Facebook data’ under ‘Settings’, ‘General Account Settings’.
- Instagram: Simply confirm your email address at https://instagram.com/download/request/, then ‘Request Download’. And wait…
- Apple: Log in at https://appleid.apple.com, select ‘Manage Data and Privacy’, and then ‘Request a copy of your data’
Does It Really Work?
We took the plunge and requested data from all these companies.
With Google, we were positively surprised and the data was surprisingly available for download within a few hours. We were less positively surprised by the internet giant’s data collection zeal: We received thousands of pages with search terms. Including image searches and searches in the maps service. You receive a location history, and at least we were amazed at what was all recorded there. Very frightening are the purchases that are listed: hotel bookings, flights, purchases from Amazon, and more. One wonders where all this data comes from. And a small tip: Don’t print out the data. It’s really an enormous amount of data!
With Amazon, the request process is more difficult. First, you have to confirm by email that you really want to make the request. Then more emails are exchanged and eventually came the announcement that all data would be available ‘soon’. Some data can also be viewed directly anytime online at Amazon, e.g., all stored data from Alexa or info on personalized advertising. For the exciting stuff, Amazon took a bit longer. In some forums, you read that this data is sent via USB stick. We received this data after about four weeks via download – but all information is only available for download for about 90 days. The data itself is substantial: All account information, the complete communication history, all previous orders, all returns, everything ever read or played on registered Kindle devices. Interestingly, all search terms used are only listed since 2017.
With WhatsApp, you can download your personal data package after a few days. The data is surprisingly sparse: profile photo, your own number, the numbers of all contacts, and the names of all chat groups you participate in. No chats, nothing.
At Facebook, the data is also accessible within a few hours. All companies in the Facebook group are truly exemplary in this regard. However, Facebook’s own data collection is much more comprehensive than WhatsApp and Instagram: everything that Facebook believes might interest the user is listed. Additionally, all uploaded photos, videos, messages, and comments are recorded. Furthermore, every login to Facebook is listed, including date, time, and IP address. This gives one an uneasy feeling about what could happen if someone were to obtain this data.
Instagram is also quick. After a few hours, you receive a file with all uploaded photos videos, all searches, all your own comments, and likes. Very exemplary.
With Apple, a download link arrives via email after a few days. You receive information about all your previously used phones, the websites visited on them, email addresses contacted, information about calls, and various location data. This also leaves an uneasy feeling.
Conclusion: All companies respond very quickly, at least. With Amazon, it took a bit longer, and we only gained access to the data after a few weeks. Some of the data collected by Apple, Amazon, Facebook Co. is at least questionable. Why does Apple need all the email addresses contacted and all website visits? How does Google know about purchases? One wonders what justification these companies have for collecting this data…
And a small tip to conclude:
Only enter the data that is truly necessary on the internet. And if possible, turn off automatic data collection, e.g., of locations.
