5 steps you can take to protect your privacy now

Privacy tips for taking better control of your personal information online

This National Consumer Protection Week, take more control of your personal information.

Consumer alerts

Tips & Guides


Tero Vesalainen | Shutterstock.com

We’re all dependent on technology for work, school or play. Unfortunately a lot of our favorite sites and apps are collecting data about us in the background – often without us knowing.

Companies often sell our data to other companies in ways that have nothing to do with delivering the service we’re expecting to get. The more companies holding your data, the more it puts your personal security at risk. You’re more likely to have your information exposed in a breach or a hack and have your information end up with scammers or identity thieves.

Here are some steps you can take to better protect yourself and your information online:

1. Don’t accept web cookies.

Web cookies are a type of tracking technology that embed in your browser and follow you across websites over time, gathering data about your browsing history, web searches and online purchases. They can last for weeks or even months after you’ve hit “accept”, sending your data to companies you’ve probably never even heard of.

Most web cookies are not necessary for a website to work. To protect your information, you want to make sure you’re rejecting as many of them as you can.

Read: What are web cookies and why are they dangerous? 

What should I click on cookie pop-ups?

  1. See if there’s options besides “Accept”. If there’s a “reject all cookies” option, that’s best. Some may have buttons like “accept only necessary cookies”. That’s your second best option.
  2. Otherwise, you may need to look for an option such as “Manage my preferences” or “See cookies” – usually in small grey text at the bottom of the pop-up. In those menus, turn off as many types of cookies as you can – especially advertising and analytics cookies.
  3. Pay close attention to what you click. Many pop-ups are designed to deceive you into consenting to data collection by using confusing colors and default settings.

Not all cookie pop-ups will have options – many in the U.S. will simply inform you there are cookies and if you don’t like it, tough. Do your best to avoid websites that don’t you give you options.

2. Download Permission Slip and tell data brokers to delete your data.

Consumer Reports recently came out with a great new tool to help you take control of your information. With one click, you can request hundreds of data brokers and other companies delete your data. 

Your data is big business. Hundreds of companies you’ve never even heard of are very likely collecting and selling your data to one another. These companies, called data brokers, are terrible for your personal security. They don’t always have the best security protocols to protect your information. Plus the more companies that hold your info, the more likely it is it will eventually be exposed in a breach or a hack. This makes it more likely your data will fall into the wrong hands, like with scammers or identity thieves. 

The Permission Slip app is easy to use and free to download. We highly recommend it.

3. Turn on the default privacy settings on your smartphone.

It’s not just web browsers that can harvest a lot of your data – apps on your smartphone can, too. All smartphone brands have some version of these tools available in their settings. 

You can take advantage of Apple’s new privacy settings in the Privacy & Security menu in your Settings. Check out our special guide that can walk you through all the options step by step.

4. Download (free!) web privacy tools.

There are some good free tools from trustworthy groups that help stop websites from tracking you.

  • Change your web browser to an option that harvests less data. Apple’s Safari and Google’s Chrome tend to gather a lot of data. Instead, try Mozilla’s Firefox. Other options include DuckDuckGo or Brave.
  • Download Privacy Badger from the non-profit group Electronic Frontier Foundation. This tool automatically blocks 3rd party trackers on the sites you visit and uses algorithms to continually learn what to block. Once you download the browser extension, you don’t need to set anything – it handles everything itself.

Read: How to read a privacy policy

5. Skip the loyalty app.

Punch cards at your local coffee shop don’t pose a threat to your personal security. But when businesses use apps for loyalty programs or online ordering, these tools can gather data about you. This is not uncommon. In 2022, for example, Canadian regulators found the fast food chain Tim Hortons used its app to gather user’s location data 24/7, even when the app was closed.

Watch: How grocery stores are becoming data brokers

These days, companies often use loyalty apps to incentivize you to give up lots of information they don’t really need, like your email address, phone number and birthdate. Companies log every purchase you make in your account, and may sell this information to other companies along with anything else they’ve collected in the background from your phone.

At the end of the day, those discounts may very well not be worth the extra risks you incur when companies can collect and keep your information indefinitely.

Read: The new data brokers: retailers, rewards apps & streaming services are selling your data

States are passing weak consumer privacy laws

The U.S. currently lacks a comprehensive consumer privacy bill, leaving states to take the lead. Unfortunately for consumers, states are passing weak laws that do little to protect consumers’ privacy and security. We and our friends over at EPIC put out a scorecard report grading the 14 states that have passed consumer privacy bills since 2018. Of the 14 states, nearly half receive an F for failing to protect people’s personal information.

What does a bad state privacy bill look like?

All of the consumer privacy state laws give you basic rights including the right to request a company to give you access to the personal information it has collected about you, and the right to request it delete that data. It sounds nice on paper, but in reality it just puts a ton of work on you. To access, correct or delete your data, you have to submit requests one at a time to individual companies. Fully exercising these rights would be like taking on a part-time job. There are likely hundreds of third parties holding your information right now.

The best thing for consumers is for lawmakers to change how companies can collect and use data in the first place. It should be on companies to limit their data collection to only the data they need to deliver the service you’re expecting to get up front. There’s no good reason for your fast food loyalty app to be collecting your location 24/7 or your VR game app to be collecting your social security number.

While states are lagging right now, the good news is nothing is permanent. We at PIRG are working to educate lawmakers about what good privacy bills look like. States that have yet to pass laws can push back on the weak provisions tech lobbyists and industry giants are pushing in the states. States that have already passed laws can amend them so they do more to protect consumers.

Together we can give consumers the data privacy and security protections they deserve.


R.J. Cross

Director, Don't Sell My Data Campaign, U.S. PIRG Education Fund

R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, predatory auto lending and consumer debt. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder.