If you live in the EU or EEA, you have legal rights to see, correct, delete, or move your personal data, and to object to certain types of processing.
This analysis describes what Medium's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are legally enforceable under GDPR and give EU users meaningful control over their personal data held by Medium, including the ability to request full deletion of their account data.
EU and EEA users can formally request access to, correction of, or deletion of their personal data held by Medium, and can object to data processing used for advertising or profiling purposes.
How other platforms handle this
If you are located in the EEA or UK, you may have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the ...
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
If you are located in the EEA, UK, or Switzerland, you have certain rights with respect to your personal information, including the right to access your personal data, to correct or delete your personal data, to restrict processing of your personal data, to data portability, and to object to process...
Monitoring
Medium has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are located in the European Union or European Economic Area, you have certain rights under applicable law, including the right to access, rectify, erase, or restrict the processing of your personal data, the right to data portability, and the right to object to the processing of your personal data.— Excerpt from Medium's Medium Privacy Policy
REGULATORY LANDSCAPE: This provision reflects GDPR Articles 15 through 22, covering rights of access, rectification, erasure, restriction, portability, and objection. Medium's acknowledgment of these rights confirms it operates as a data controller under GDPR. Enforcement is handled by national data protection authorities (DPAs) in each EU member state, coordinated under the one-stop-shop mechanism where applicable. GOVERNANCE EXPOSURE: Medium. The policy asserts GDPR rights without specifying the response timeframe, the format in which data will be provided, or the process for appealing a denied request. GDPR requires responses to data subject requests within one month, with a possible two-month extension for complex requests. Failure to meet these timelines or to provide adequate responses creates enforcement exposure. JURISDICTION FLAGS: Applies specifically to EU/EEA users and UK users under UK GDPR. Non-EU users do not benefit from these statutory rights under this policy, though California residents have analogous rights under CCPA. The geographic scope of GDPR rights may extend beyond EU residents to any user physically located in the EU when accessing the service. CONTRACT AND VENDOR IMPLICATIONS: Organizations whose employees use Medium while located in the EU should consider whether employee data processed by Medium triggers their own GDPR controller obligations. Vendor contracts with Medium should include provisions addressing data subject request handling timelines and processes. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Medium's data subject request process is functional, documented, and able to meet GDPR's one-month response requirement. Internal procedures should be established for escalating data subject requests received indirectly through enterprise customers. The right to object to processing for direct marketing purposes should be clearly accessible in account settings.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are legally enforceable under GDPR and give EU users meaningful control over their personal data held by Medium, including the ability to request full deletion of their account data.
EU and EEA users can formally request access to, correction of, or deletion of their personal data held by Medium, and can object to data processing used for advertising or profiling purposes.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Medium.