Users in the EEA, Switzerland, and UK have the right to access, correct, delete, port, restrict, or object to processing of their personal data, and may withdraw consent at any time or lodge a complaint with a data protection authority.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy explicitly enumerates GDPR and UK GDPR data subject rights and provides a mechanism for exercising them through account settings, giving EEA and UK users enforceable controls over their personal data.
The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users o…
EEA, Switzerland, and UK users can request access to, correction of, deletion of, or portability of their personal data, and can object to or restrict processing, by visiting www.midjourney.com/account; consent withdrawal does not affect prior lawful processing.
How other platforms handle this
If you are located in the EEA, UK, or Switzerland, you have certain rights with respect to your personal information, including the right to access your personal data, to correct or delete your personal data, to restrict processing of your personal data, to data portability, and to object to process...
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
If you are located in the EEA or UK, you may have the following rights under applicable data protection law: the right to access your personal data; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict processing of your personal data; the ...
Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Additionally You have the following data protection rights: You can request access, correction, updates or deletion of your Personal Data. You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent. You have the right to complain to a data protection authority about our collection and use of your Personal Data.— Excerpt from Midjourney's Midjourney Privacy Policy
1) REGULATORY LANDSCAPE: This provision directly implements GDPR Articles 15 through 21 (access, rectification, erasure, restriction, portability, and objection rights) and UK GDPR equivalents. The right to lodge a complaint engages EU national data protection authorities and the UK ICO as relevant enforcement bodies. The policy's note that consent withdrawal does not affect prior processing is consistent with GDPR Article 7(3). The Swiss Federal Act on Data Protection provides equivalent rights for Swiss users. 2) GOVERNANCE EXPOSURE: Medium. The operational capacity to fulfill access, deletion, portability, and objection requests within GDPR's statutory timeframes (generally one month, extendable to three months for complex requests) creates ongoing operational obligations. The policy directs users to www.midjourney.com/account for rights requests, and compliance teams should confirm this mechanism is functional, documented, and capable of meeting response timeframes across all request types. 3) JURISDICTION FLAGS: EEA member states, the UK, and Switzerland are specifically addressed. Rights fulfillment obligations differ in detail between GDPR, UK GDPR, and Swiss FADP, and compliance processes should account for these variations. Users in other jurisdictions are not covered by this section of the policy. 4) COMPLIANCE CONSIDERATIONS: Legal and compliance teams should verify that the rights request mechanism at www.midjourney.com/account is operationally capable of handling all enumerated rights (access, rectification, erasure, restriction, portability, objection), that identity verification procedures are in place, that response timeframes are tracked and met, and that data subject request logs are maintained. The ability to fulfill deletion requests for data used in ML training should be specifically assessed. 5) CONTRACT AND VENDOR IMPLICATIONS: Where Midjourney processes personal data on behalf of enterprise customers, the rights fulfillment process should be coordinated with those customers' own data subject request workflows to ensure end-to-end compliance.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy explicitly enumerates GDPR and UK GDPR data subject rights and provides a mechanism for exercising them through account settings, giving EEA and UK users enforceable controls over their personal data.
EEA, Switzerland, and UK users can request access to, correction of, deletion of, or portability of their personal data, and can object to or restrict processing, by visiting www.midjourney.com/account; consent withdrawal does not affect prior lawful processing.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.