If you are in the EU or UK, you have legal rights to access, correct, delete, or restrict how Midjourney uses your personal data, and to receive a copy of your data in a portable format.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes Midjourney's obligation to recognize and facilitate statutory data subject rights mandated by EU and UK data protection regulations. The provision operationalizes compliance with GDPR requirements that apply to the controller's processing activities.
Interpretive note: The policy does not specify the legal basis for AI training data processing under GDPR, which creates uncertainty about the scope of the right to object and how Midjourney would respond to such an objection in practice.
The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users of policy changes, and links to related policies. Users no longer have explicit disclosure of these practices within the privacy policy itself. The removal of language on how policy changes are communicated may mean users have less notice of future privacy modifications than previously stated.
View change record →EU and UK residents can formally exercise rights to access, correct, delete, or object to processing of their personal data by Midjourney, including data used for AI training purposes, and can escalate to their national data protection authority if requests are not fulfilled.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located in the European Economic Area or the United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) or the UK GDPR, including the right to access your personal data, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, and the right to object to processing.— Excerpt from Midjourney's Midjourney Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages GDPR and UK GDPR rights frameworks enforced by EU member state supervisory authorities and the UK Information Commissioner's Office (ICO). The right to object under GDPR Article 21 is particularly relevant to AI training data uses based on legitimate interests, and Midjourney's ability to continue processing for AI training in the face of an objection depends on whether it can demonstrate compelling legitimate grounds. GOVERNANCE EXPOSURE: Medium. The policy asserts GDPR rights but does not specify the designated EU or UK representative or the supervisory authority with which Midjourney is registered, which may be relevant for users seeking to escalate complaints. The absence of a specified legal basis for AI training processing creates a related governance gap. JURISDICTION FLAGS: EU and EEA residents have enforceable rights through national supervisory authorities. UK residents have comparable rights through the ICO. The adequacy of cross-border data transfer mechanisms for data flowing from the EU and UK to Midjourney's US operations is a material compliance question not fully addressed in the policy text. CONTRACT AND VENDOR IMPLICATIONS: Organizations subject to GDPR that use Midjourney for business purposes should assess whether a Data Processing Agreement with Midjourney is in place and whether it covers all relevant processing activities including AI training data use. The right to data portability may be relevant for enterprise users who wish to retrieve employee-generated content. COMPLIANCE CONSIDERATIONS: Legal teams should verify that Midjourney has a functional process for handling GDPR data subject requests within the required timeframes and that a valid cross-border transfer mechanism is in place for EU-to-US data flows. Compliance teams should document whether the right to object to AI training processing has been exercised and how Midjourney has responded.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes Midjourney's obligation to recognize and facilitate statutory data subject rights mandated by EU and UK data protection regulations. The provision operationalizes compliance with GDPR requirements that apply to the controller's processing activities.
EU and UK residents can formally exercise rights to access, correct, delete, or object to processing of their personal data by Midjourney, including data used for AI training purposes, and can escalate to their national data protection authority if requests are not fulfilled.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.