Rhys MorganMehdi Hasan's independent media platform Zeteo soft-launched in the UK this week at zeteonews.co.uk, with a full rollout planned for September 2026. The US-born subscription site has grown from 94,000 subscribers in early 2024 to more than 650,000 globally. But its UK arrival raises an important question for every consumer signing up: what happens to your data when you subscribe to an independent media platform?
What Is Zeteo UK?
Zeteo is the independent media venture launched by former MSNBC host Mehdi Hasan following his departure from the US broadcaster in December 2023. The platform has attracted a significant following with its progressive political coverage and investigative journalism, publishing on Substack before developing its own infrastructure.
The UK launch, reported by Press Gazette and Semafor on 8 June 2026, marks Zeteo's first international expansion. UK subscribers are offered access for £9 per month or £5 per month on an annual plan. The editorial team includes several high-profile hires from British mainstream media: Shehab Khan, formerly a political correspondent and presenter at ITV News; Becky Gardiner, former comment editor at The Guardian; and broadcaster Sangita Myska as a video podcast host.
Contributors including Owen Jones, Peter Oborne, Grace Blakeley, and Afua Hirsch give the platform an established roster familiar to UK audiences already.
Why Data Rights Matter When You Subscribe
When you hand over an email address and payment details to any subscription platform — whether it is Zeteo, a local newspaper, or a specialist newsletter — you are entering into a legal relationship governed by UK data protection law. That means your rights and the platform's obligations are set out in the UK General Data Protection Regulation and the Data Protection Act 2018.
For UK subscribers to Zeteo, the key question is which entity is the data controller: the UK arm (zeteonews.co.uk) or the US parent company. If data is processed in the United States, the platform must meet the UK's adequacy requirements for international data transfers. This threshold has become more contested since the US withdrew from key bilateral data-sharing frameworks in 2025.
The Information Commissioner's Office, the UK's data protection regulator, requires any organisation collecting personal data from UK residents to register with the ICO, maintain a lawful basis for processing, and provide a transparent privacy notice explaining exactly how data is used, stored, and shared.
What Your Rights Are as a Subscriber
Under UK GDPR, subscribers to platforms like Zeteo have several actionable rights that are often overlooked when people sign up in a hurry:
Right of access: You can request a copy of all personal data the platform holds about you — including reading habits, payment history, and any behavioural profiling used to target content or advertising.
Right to erasure: Also called the "right to be forgotten," this allows you to request deletion of your data when you cancel a subscription or withdraw consent. Platforms must comply unless they have a legitimate legal reason to retain the data.
Right to data portability: You can request your data in a machine-readable format, allowing you to move it to another service. For media platforms, this typically means your account data and subscription history.
Right to object to automated profiling: If a platform uses algorithms to profile your reading preferences or political views for advertising or content curation, you have the right to object.
These rights apply regardless of whether the platform is a large broadcaster like the BBC or a newer independent operator like Zeteo. The ICO can impose fines of up to £17.5 million or 4% of global annual turnover for serious UK GDPR breaches.
What Zeteo's Launch Means for Other UK Businesses
The arrival of Zeteo UK illustrates a broader trend: subscription-based digital services are proliferating rapidly, and many small and medium-sized UK businesses are following a similar model — newsletters, membership sites, paywall content, and subscription communities.
If your business collects email addresses, payment data, or behavioural data from UK residents, the same UK GDPR obligations apply regardless of whether you have 50 subscribers or 650,000. IT and data protection specialists identify several common compliance failures in new subscription platforms:
No ICO registration: Any organisation processing personal data must pay the data protection fee and register with the ICO before collecting subscriber information. Many startups skip this step.
Inadequate privacy notices: A generic "we take your privacy seriously" statement does not constitute a lawful privacy policy under UK GDPR. The notice must specify the legal basis for processing, data retention periods, and third-party sharing arrangements.
Unencrypted payment processing: Using embedded payment processors such as Stripe or PayPal does not automatically make your platform compliant. You must ensure data is encrypted in transit and at rest, and that your contracts with processors meet UK GDPR requirements.
Insufficient breach response plans: Platforms must report data breaches to the ICO within 72 hours of discovery — a timeline that catches many subscription businesses unprepared.
Getting Expert Help for Data Compliance
Whether you run an established business venturing into subscription models or you are building a new independent media or content platform from scratch, data compliance is not optional — and the complexity of UK GDPR has increased significantly since Brexit created a distinct UK regulatory regime alongside the EU's version.
An IT consultant or data protection specialist through ExpertZoom can help you audit your current data practices, draft a compliant privacy notice, assess your international data transfer obligations, and build a breach response plan. The cost of expert advice is a fraction of the cost of an ICO investigation.
With Zeteo UK now live and a growing wave of subscription media platforms arriving in the UK market, 2026 is a good moment for both consumers and businesses to understand exactly what happens to data — and who is responsible when things go wrong.
Disclaimer: This article provides general information about UK data protection law and does not constitute legal or professional advice. Always consult a qualified IT or data protection professional for guidance specific to your situation.
