You already know that Facebook, Twitter, Instagram, Snapchat, TikTok, LinkedIn and countless other platforms and web content that we use on a daily basis store different types of data and information linked to us.
From the very first moment we create an account, everything we share such as our personal data, photos, addresses and locations begins to make up our ‘digital footprint’.
Social Engineering
Unless we manage it adequately, cybercriminals can end up using the information available in this digital footprint to gain our trust or that of our family and friends. This is known as social engineering and it is at the heart of much of the phishing, scam calls and identity theft on messaging apps and social media, to name a few examples.
We need to be aware of how important this information is to us and it is essential to have a good privacy policy set up on our social media to avoid sharing information with unwanted third parties. This is tremendously important because by duly configuring who can access our data we can then know where and with whom it is being shared.
But no, you don’t have to become completely invisible to be safe online — that would be an impossible task! There are many ways to stay in control of your digital footprint and minimize the amount of personal data that is available online. Set out below are some useful tips to help you do this.
First things first, how is our data collected on the internet?
Data can be collected by applications and websites in two different ways:
- Intentionally (actively), when we are the ones who consciously share our own information on social media, forums, etc.
- Unintentionally (passively), when we do not know what information is actually shared, such as the use of cookies, permissions granted to apps (without our knowledge) and sharing of information by third parties.
When we manually enter data (1) on a platform, such as a social networking site or a review on a website, we are giving our consent for the data to be used and stored. We must therefore think very carefully about what we are sharing to avoid unpleasant surprises later on.
Data collection through cookies (2) provides companies with information of interest regarding IP addresses, locations, what we search for most or what we like every time we access a website or enter login data. To (partly) prevent companies from obtaining these data we need to periodically clear our browser cache, because by allowing sharing of browsing data we are providing them with very valuable information about our preferences, hobbies and internet search needs. Here is the easiest way for you to delete these data.
When we talk about data sharing by third parties, this is due to the permissions we grant on certain websites and mobile apps (often without reading the fine print) allowing the company receiving the information to share it with a third party, thereby making it more difficult to locate and delete.
How can we manage information shared on social media?
Social media are the biggest shop window on the internet and at the same time the largest database of personal information available. Think about all the data you share on social media… Is it really necessary to share so much information? The companies that store this data think it is (and those who like to gossip, too!).
The first step to control the information on your social media better is to review your privacy settings on each of them. That way, you can make sure that only the people you want can see what you share. Click here to learn more about the kind of information cybercriminals can use to gain your trust and make you share confidential data and codes.
There are different ways to delete information too, for example if you end up regretting publishing a post, photograph or video. Each of the social networking sites has its own way to delete this information, although we need to bear in mind that once uploaded to the platform that data will ultimately remain stored in one form or another.
Other options also exist that are only advisable if you will no longer use a social networking site or if you have several profiles and want to delete some of them, etc. If you no longer wish to be part of a social networking site or wish to permanently delete one of your online accounts, in many cases this is possible. Some social media such as Facebook, Instagram, and Twitter offer the option of removing data directly on their platform, allowing you to download the information and delete the account quickly.
In other cases, centralised services or companies are used for data erasure on the internet. This makes it easy for you to individually access each of the platforms where you are registered and request the deletion of your data. Online shopping platforms, press websites and social media are some of the services which allow you to delete your data with ease.If you do a simple Google or Bing search on how to delete data on the internet, there are numerous publications by cyber experts describing tools and mobile apps that facilitate the task of deleting data. Examples include AccountKillerand Just Delete Me.
How to avoid passive data sharing
In many cases, our data are shared passively. This can occur in a number of quite different ways which we will look at below.
The first situation is when we accept a series of permissions, in some cases without having even read them, which allow mobile apps or websites to share or collect information. Fortunately, these permissions can be revoked by reviewing your settings in the app managers of mobile devices or in the options of web browsers such as Chrome and Firefox. Geolocation, access to the microphone, camera or contacts, access to SMS messages and even access to other applications are the most commonly used permissions granted.
In the following image we can see an example of how to manage the permissions of an application on a device with Android operating system.
Cookies are another very common way of sharing certain data while we are browsing websites. In some cases it is unnecessary to accept their use in order to browse the website, while in other cases there is no alternative and you must accept them if you want to visit the website. As we have seen above, the information we store can be deleted.
Cookies have a positive side in that they offer an improved browsing experience because they know about our preferences and tastes and can therefore offer advertisements or messages in line with our possible needs.
The information from cookies is stored in the cache, which is made up of a series of files that our browser downloads when we browse the internet.
Apart from taking up disk space and sometimes slowing down our browser, cookies are used and shared to learn about our browsing habits.
Removal of data from websites you no longer need
After reviewing the privacy settings of your social media, correctly configuring the permissions of applications and browsers and deleting the information stored in the cache … you’re all sorted!
Well, unfortunately NO… just when you thought you’d finished! If we do a search in one of the search engines like Google or Bing … Voilá! Dozens of results that include our data are still active and publicly available.
One of the options we have to delete our information that we no longer need is to contact the administrator of the website where our data is hosted. Remember that search engines are simply indexers that collect information by making different sweeps of the web and providing the results according to the search criteria entered. Therefore, the best thing in these cases is to go to the original source of the information to request its deletion.
Depending on the number of results it can be a slow process, so we just have to be patient and go through each of the results and request deletion of the data by using the contact forms, or alternatively try using one of the data deletion tools mentioned above.
The last resort: the right to be forgotten
If we opt to manually delete data from the internet, we need to contact the website administrators and claim the right to be forgotten (RTBF) … but what exactly does that mean?
The General Data Protection Regulation (GDPR) and the Spanish Organic Law on Protection of Personal Data and Guarantee of Digital Rights enshrine a series of rights aimed at reinforcing privacy and data integrity in digital environments. One of these rights is the “right to be forgotten”, which grants citizens greater protection and control over their personal data.
Also known as the “right to erasure”, it is covered by Article 17 of the GDPR and recognised by the Spanish Data Protection Agency (AEPD)in its section on “Rights and Obligations”.
So what does the RTBF involve in layman’s terms? Well, it basically allows us to request the removal of personal data from websites where they appear, although, as with all things, there are certain exceptions. The most common exception arises in relation to personal data on the websites of public institutions, such as our names and surnames, ID number, date of birth, vehicle registration numbers, subsidies and even physical addresses (official gazettes, Traffic Sanctions Edictal Board – TESTRA, etc.).
Search engines and how to block results
To block the appearance of links with our personal data and prevent the results from being displayed, we need to contact the search engines and request the blocking of the results. Here are two links explaining how to block your data for certain search engines:
- You can request the removal of data from Google via the following link: Removal of data from Google
- This other link allows you to request the removal of data from BING: Request to block Bing search results in Europe
Once we have requested the removal of the data at the source and deletion of the results shown in the search engines, we can feel a little safer in the knowledge that there will be much less of our personal data exposed to the public eye.
Conclusion
Removing all our data from the internet is an impossible task, but we can and should manage our digital footprint well. There are many things we can do to prevent active and passive data sharing, and fortunately there are mechanisms that allow us to request deletion of our data. All it takes is a little time and patience to achieve very positive results.
Santander Global T&O is a global company of Santander Group with more than 3,000 employees and is based in Madrid. We work to make Santander an open platform for financial services.
Check out the positions we have open here to join this great team and Be Tech! with Santander.
Follow us on LinkedIn and Instagram.
Diego Regueira
Santander Global T&O
Passionate about cyber-investigation and OSINT. Cybersecurity specialist with more than 7 years of experience.
