Every major social media platform has a privacy policy and, for EU and UK users, legal obligations under GDPR. But the gap between what the law says and what platforms actually do is wide. This guide breaks down the real removal paths on Facebook, Twitter/X, LinkedIn, Instagram, YouTube, and Reddit -- covering your own old posts, content posted about you by others, and the harder question of what happens when that social media content ends up republished in a news article.
Your own content vs. content others posted about you is the single most important distinction. Platforms erase your own data far more readily than they remove a third party's speech about you.
GDPR erasure requests reach platform-held data, not third-party speech. EU and UK users have real rights, but those rights have real limits once another user's expression is involved.
Platform removal and search engine removal are two separate problems. A tweet deleted from Twitter can still rank in Google through a news article that quoted or screenshotted it.
When social media content migrates into news coverage, the news article becomes the priority target. That is where RemoveNews.ai operates -- the editorial and deindexing layer that platforms cannot touch.
The right to be forgotten is most commonly associated with Google: the 2014 Court of Justice of the European Union ruling in Google Spain v. AEPD established that individuals could request search engines to delist links to certain personal information. What receives less attention is that the same GDPR framework -- and the UK GDPR that carried it forward post-Brexit -- also creates erasure rights against the data controllers operating the platforms where content originally appears.
This creates a two-layer problem that most people conflate into one. The platform layer is where content lives: a tweet, a Facebook post, a Reddit thread, a YouTube video. The search index layer is where people find it: Google's results, Bing, and increasingly AI-generated summaries. Removal from one layer does not guarantee removal from the other. A deleted tweet still shows up in Google if a news outlet published a screenshot before it was removed. A Google deindexing request removes the search result but leaves the original post intact on the platform for anyone who navigates there directly.
There is a third complication: the difference between content you created and content others created about you. When you delete your own post, that is straightforward account action. When you ask a platform to remove something another user posted, you are asking them to restrict another person's speech -- and platforms, particularly those operating in jurisdictions with strong free expression norms, apply very different thresholds. GDPR erasure rights are not a universal content veto. They are data rights that operate within a framework of competing interests, including the public interest in accurate information and the rights of other speakers.
Under GDPR Article 17, the right to erasure applies when personal data is no longer necessary for the purpose it was collected, consent has been withdrawn, data was processed unlawfully, or erasure is required for compliance with EU law. These grounds are narrower than most people expect. Platform content that is in the public interest, relates to a public figure's public conduct, or is part of legitimate journalism may be exempt from erasure obligations even when it contains personal data about you. The balance between privacy rights and other rights is determined case by case.
For EU and UK users, Meta Ireland Ltd is the data controller for both Facebook and Instagram. This means GDPR erasure requests are processed under Irish law with the Data Protection Commission (DPC) serving as the lead supervisory authority. If you are in the EU or UK and Meta refuses your erasure request, the DPC is the body to escalate to -- with the option of further judicial remedy if the DPC's response is unsatisfactory.
For your own content: Deleting posts, photos, and stories through your Facebook or Instagram account removes them from public view and, after a grace period, from Meta's systems. If you want to formally exercise your GDPR right to erasure -- including erasure of associated metadata, engagement data, and processing records -- Meta provides a dedicated privacy rights request form through its Privacy Center at facebook.com/help. Account deletion is the most complete erasure path, removing your profile and all associated content from public access within 30 days, with full deletion from Meta's backup systems within 90 days.
For content others posted about you: This is substantially more difficult. If another user tags you in a post or photo, you can remove the tag but you cannot force removal of the underlying content unless it violates Meta's Community Standards. If the content constitutes harassment, non-consensual intimate imagery, or defamation, Meta's reporting mechanisms offer a path. For GDPR purposes, content posted by another user that contains your personal information may qualify for a privacy violation report if it includes private information you did not consent to sharing publicly -- home address, phone number, medical information, financial details. Content that is merely unflattering, critical, or embarrassing, without constituting a clear privacy violation or policy breach, is unlikely to be removed under GDPR alone.
Meta's GDPR erasure process covers data Meta holds as a controller. It does not give you the right to delete another user's post simply because the post mentions you. The right to erasure under Article 17 must be weighed against "the right to freedom of expression and information" under Article 17(3)(a). Posts by other users expressing opinions about you -- even strongly negative ones -- typically fall within protected expression unless they contain private information you did not consent to disclose, constitute defamation actionable under applicable law, or otherwise violate Meta's specific policies.
Twitter/X's approach to removal reflects a strong speech-first orientation that creates notable friction for RTBF requests. The platform distinguishes sharply between personal data it holds about you as a user and content posted by other users that happens to mention or depict you.
For your own tweets and account data: Deleting individual tweets through the interface is immediate. Full account deletion removes your public profile and all your tweets from public access. Under GDPR, EU and UK users can submit a formal erasure request for personal data Twitter holds, including device identifiers, IP address logs, and inferred interests. Twitter's privacy center at help.twitter.com provides the request pathway. Note that deleted tweet data may persist in third-party archives and in the downstream caches of sites that embedded your tweets before deletion.
For tweets posted by others that contain your private information: Twitter has a private information policy that covers a defined set of categories -- home address, precise location, phone number, email address, financial account details, non-public medical information, and private identification documents. If another user has posted a tweet containing this type of private information about you without your consent, Twitter's dedicated private information removal form provides a path to removal that has historically been more responsive than general content reports. This path is distinct from GDPR and available globally, not just to EU/UK users.
For defamatory tweets: This is a legal matter, not a platform policy matter. Twitter/X removes content for defamation only in response to valid legal demands in jurisdictions where it operates -- a court order, a valid legal notice, or a DMCA takedown if the tweet reproduces copyrighted content without permission. Platform-level reports for defamation alone, without a legal demand, rarely result in removal unless the content simultaneously violates a separate policy such as the private information policy described above.
For tweets by journalists or public-interest accounts: Twitter/X's newsworthiness policy allows content that would otherwise violate privacy policies to remain if it serves genuine public interest. This is applied inconsistently but provides a formal basis for the platform to refuse removal of content it considers newsworthy. If a tweet has been widely covered in news articles, that coverage can reinforce Twitter's position that the content serves legitimate public interest and is therefore exempt from removal.
LinkedIn Ireland Unlimited Company is the data controller for EU and UK users, making the DPC the lead supervisory authority. LinkedIn's GDPR compliance posture is generally considered more cooperative than some other platforms, in part because its user base consists primarily of professionals with legitimate interests in accurate professional representation.
For your own profile and posts: You can delete posts, update your profile, and close your account through the standard interface. Formal GDPR erasure requests submitted through LinkedIn's data settings cover personal data LinkedIn processes as a controller. Account closure initiates erasure of your profile data within approximately 30 days. The erasure process covers LinkedIn's data -- it does not reach data that other users or systems have cached or copied.
For posts by other members about you: LinkedIn's content reporting system handles violations of its Professional Community Policies. Posts that constitute harassment, share your private contact information without consent, or make false factual claims that harm your professional reputation may qualify for removal under those policies. GDPR erasure rights against third-party member posts face the same limitations that apply across all platforms -- the right to erasure must be balanced against the expression rights of the posting member. LinkedIn, as a professional network, may apply greater weight to professional context: a post accusing you of specific professional misconduct is treated differently from a personal attack.
LinkedIn content frequently appears in Google results for professional name searches. A negative post or comment thread on LinkedIn can rank on page one of a name search just as a news article can. The removal pathway for third-party LinkedIn posts that are damaging but not clearly policy-violating is limited at the platform level. When such content has been cited by news articles or other external sources, the news article often becomes the higher-priority removal target because it carries greater search authority. See our guide on the complete right-to-be-forgotten framework for how platform removal and editorial removal interact.
YouTube is owned by Google and GDPR requests for YouTube go through Google's standard data rights process. For EU and UK users, Google LLC (or its Irish subsidiary, Google Ireland Limited) is the data controller. The same mechanisms that handle RTBF requests for Google Search also interface with YouTube, though the specific removal grounds and processes differ.
For videos you uploaded: Deletion through your YouTube account removes the video and its public metadata immediately. Google's data deletion process covers associated data it holds. For videos uploaded to an account you no longer control -- for example, a video you created years ago on an account with a lost password -- account recovery or formal Google data request processes apply.
For videos posted by others that feature you: YouTube's privacy complaint process covers three main categories: face blurring requests for videos where you appear involuntarily, removal requests for videos that contain private personal information such as your home address or financial details, and removal of non-consensual intimate content. These processes are available globally, not only to EU/UK users. Videos that depict you in an unflattering but not policy-violating context -- a public altercation caught on camera, an embarrassing moment filmed without consent in a public space -- occupy contested territory. YouTube's newsworthiness exception has historically protected journalistic and commentary content.
GDPR-specific erasure requests for YouTube content: EU and UK users can request erasure of content featuring their personal data through Google's EU privacy request portal. Google evaluates these requests against the same balancing framework applied to Search RTBF requests -- public interest, public figure status, journalistic purpose, accuracy of information. Success rates are higher for content involving private individuals in clearly private contexts than for content involving public figures or events of documented public interest.
Reddit presents a distinctive challenge for RTBF requests because of its pseudonymous architecture. Most Reddit users do not post under their real names. The platform's design assumes user pseudonymity as a default, which means that content about real, named individuals on Reddit is frequently posted by anonymous or pseudonymous accounts and may itself not contain identifying information about the poster.
For your own Reddit posts and account data: You can delete your own posts and comments through the interface, though Reddit's data architecture means deleted comments may be replaced with placeholder text while the comment structure remains. Account deletion removes your profile. Reddit maintains a GDPR-compliant data request process for EU and UK users that covers personal data Reddit holds, accessible through Reddit's privacy settings. Reddit Inc. is the data controller for the purposes of EU GDPR requests, with Reddit's Irish entity serving the EU addressee function.
For posts by other Reddit users that identify or discuss you: Reddit's privacy violation reporting covers doxxing -- posts that reveal your real name, address, phone number, workplace, or other private identifying information without consent. Reddit has historically been more responsive to doxxing reports than to general defamation claims. Content that criticizes you without revealing private information, including posts that are false and damaging, is protected by Reddit's speech norms and the platform's active commitment to minimizing content moderation. Reddit's content policies permit robust criticism and satire of named individuals.
For defamatory Reddit posts: The path here runs through legal demand or the specific subreddit's moderation structure. Individual subreddits are moderated by volunteer moderators with significant autonomy. A defamatory post in a subreddit whose moderators choose to act on reports may be removed relatively quickly; in a subreddit whose moderators are inactive or opposed to removal, the same post may persist indefinitely. Reddit's trust and safety team handles escalations, and legal demands citing actionable defamation are the most reliable path when community-level moderation fails.
Social media content that migrated into a news article? Platform removal leaves the article intact. Our team handles the editorial and deindexing work that platforms cannot touch.
Get a Confidential AssessmentThe most practically significant intersection of social media and reputation damage occurs when a tweet, Facebook post, Reddit thread, or YouTube video is discovered by a journalist and becomes the basis for, or is quoted directly in, a news article. At that point, the dynamics shift entirely.
Deleting the original social media post after a news article has published it accomplishes very little from a search visibility standpoint. The news article is an independent piece of content, indexed in Google under the publication's domain authority, containing the journalist's characterization of what you said or what was said about you. The article often includes screenshots or verbatim quotes, meaning the content survives the deletion of the original source. Removing the original tweet does not remove the article. It does not remove the Google result. It does not remove the screenshot.
This is the layer where most people get stuck: they successfully manage the platform side -- they delete the post, submit a GDPR erasure request, follow up with the platform -- and then discover that the news article ranking on page one of Google remains entirely unaffected. The article is not on the platform's servers. The article is not subject to the platform's content policies. The article has its own editorial relationship with its publisher and its own indexing relationship with Google.
Addressing the news article requires a separate set of processes: editorial outreach to the publication requesting correction, update, or removal; a Google RTBF deindexing request under EU/UK privacy law if the article contains personal information that meets the applicable grounds; and, in some cases, legal demand if the article contains actionable defamation. These processes are detailed in our guides on GDPR erasure applied to news articles and appealing a Google RTBF rejection.
There is also the Wayback Machine problem: archive.org and similar services capture web pages at intervals, preserving old versions of news articles even if the live version has been updated or removed. See our guide on removing archived articles from the Wayback Machine for how that layer is addressed.
A question some clients raise is whether they should respond publicly to a negative article or post rather than pursuing removal. This involves a different set of considerations, covered in our analysis of whether to respond publicly to a negative article. The short version: public responses often feed the article's search authority rather than diminishing it, and should be approached with caution.
The difference between RTBF directed at a platform and RTBF directed at a search engine is fundamental, and conflating the two is a common source of confusion and frustration.
Platform RTBF targets the content itself. If successful, the post, profile, or video is removed from the platform. It no longer exists at its original URL. Anyone who navigates to that URL finds a 404 error or a deletion notice. The content is gone from the platform's accessible surface. This is the most complete form of removal, but it is also the most difficult to achieve for content posted by third parties about you, and it does nothing about copies, screenshots, or quotations that have already circulated elsewhere.
Search engine RTBF -- most commonly a Google RTBF request under EU/UK GDPR -- targets the link in Google's index. The content itself remains untouched on the platform or publication. Anyone who knows the direct URL can still access it. What changes is that Google's search results for your name no longer show that link. For EU users, this is a meaningful privacy protection. For global audiences, it is incomplete -- Google's RTBF only applies to results shown to users searching from within the EU, not to results shown globally.
For full practical removal, both requests are often necessary and neither alone is sufficient. Platform removal without search engine removal leaves the Google result pointing to a dead link -- temporarily, until Google re-crawls and updates its index. Search engine removal without platform removal leaves the content accessible by direct URL and may not survive the next time a journalist or researcher finds it and cites it anew.
The hub resource that ties all of these strategies together is our complete right-to-be-forgotten guide, which maps the full landscape of erasure mechanisms available under EU and UK law and explains how platform removal, search deindexing, and editorial removal interact in practice.
The table below summarizes the removal landscape across the seven most common scenarios. Difficulty ratings reflect real-world outcomes rather than theoretical legal entitlements.
| Content Type | Platform RTBF Process | GDPR Erasure Applies? | Difficulty | Best Path |
|---|---|---|---|---|
| Your own old post or profile | Delete via account; formal GDPR erasure request covers associated data | Yes | Low | Delete directly; submit erasure request for metadata and processing records if needed |
| Someone else's post about you | Content report under harassment or privacy policy; GDPR claim limited by third-party expression rights | Partial | High | Policy report if guidelines violated; legal demand for defamation; editorial removal if article exists |
| Post containing your private PII (address, phone) | Dedicated private information removal form; faster processing than general reports | Yes | Moderate | Private information removal request; GDPR erasure request; simultaneous Google RTBF if indexed |
| Screenshot of your post republished in a news article | Platform removal of original does not affect the article; article is independent content | Not to article | High | Editorial removal or correction request to publication; Google RTBF deindexing; RemoveNews.ai |
| Defamatory post by another user | Legal demand required in most cases; policy report alone rarely sufficient for defamation claims | Indirect | High | Defamation legal demand; platform escalation with legal notice; editorial removal if republished |
| Old post about a resolved matter (arrest, lawsuit, dispute) | Erasure possible under GDPR if data no longer necessary for original purpose; public interest exception may apply | Case by case | Moderate | GDPR erasure request citing Article 17(1)(a) or (c); Google RTBF for search results; editorial for any news coverage |
| Post by journalist or verified public-interest account | Newsworthiness exception typically applies; platform unlikely to remove; Google RTBF also likely rejected on public interest grounds | Unlikely | Very High | Legal review for defamation or inaccuracy; editorial engagement with the journalist; suppression strategy for search results |
Platform removal is only part of the picture. When social media content migrates into news coverage, the article becomes the priority target -- and that requires editorial and deindexing expertise.
Free assessment. Confidential. No obligation.