This research evaluates how major social platforms comply with GDPR's right of access through an analysis of their data download packages (DDPs).

• Incomplete implementation of GDPR requirements across all platforms studied
• Significant discrepancies between what data platforms collect versus what they make accessible
• Limited transparency in how user data is processed and shared with third parties
• Poor standardization making DDPs difficult for users to understand and analyze

These findings matter for security professionals as they highlight critical privacy vulnerabilities in how personal data is managed by major platforms, potentially exposing users to risks they cannot properly assess.

Setting the Course, but Forgetting to Steer: Analyzing Compliance with GDPR's Right of Access to Data by Instagram, TikTok, and YouTube