Digital privacy is not a niche concern for the technically paranoid. It is a mainstream issue affecting everyone who uses a smartphone, browses the internet, shops online, or uses social media — which is to say, almost everyone in the developed world. The data collected about you by technology companies, advertisers, data brokers and, in some cases, governments is extraordinary in its scope and intimacy. Understanding what is being collected, by whom, and how to reduce your exposure is increasingly important for personal security, autonomy and psychological wellbeing.
This guide focuses on practical, achievable steps that meaningfully improve your digital privacy without requiring technical expertise or significant lifestyle disruption. You do not need to become a privacy expert; you need to make a handful of better choices.
Understanding What Is Being Collected and Why
The technology industry's dominant business model is attention and data. Free services — Google Search, Gmail, Facebook, Instagram, WhatsApp, TikTok, most free apps — are free because you are the product. Your browsing history, search queries, location data, contacts, purchase behaviour, and even the content of your messages in some cases are collected, analysed and used to build a detailed behavioural profile that is sold to advertisers. This is not a conspiracy theory; it is the disclosed business model of these companies, described (in dense legal language) in their privacy policies.
Third-party data brokers — companies you have likely never heard of such as Acxiom, Experian Marketing Services and LexisNexis — aggregate data from multiple sources to build profiles on individuals that may include estimated income, health status, political views, family composition and consumer behaviour. These profiles are sold to insurers, employers, marketers and others. Opting out of data broker databases is possible and increasingly important for financial and employment privacy.
The Most Impactful Changes: Browser and Search
Your web browser is one of the most significant privacy leaks in your digital life. Google Chrome, despite its excellent performance, sends browsing data to Google servers and enables extensive cross-site tracking. Switching to Mozilla Firefox with the uBlock Origin extension, or using Brave browser (which blocks trackers by default), is the single most impactful browser change most people can make. Both are free and for most purposes perform identically to Chrome.
Google Search collects and stores every search query you make, associated with your account and device. Privacy-focused search engines that do not track your queries include DuckDuckGo, Startpage (which delivers Google results without tracking), and Brave Search. The search results are generally excellent for most queries; the privacy benefit is immediate. Making one of these your default search engine takes approximately 60 seconds.
Passwords and Account Security
Weak and reused passwords remain the leading cause of account compromise. A password manager — 1Password, Bitwarden (free and open source), or Dashlane — generates and stores unique, complex passwords for every account you have. You remember one master password; the manager handles everything else. This single change eliminates the most common attack vector for personal account breaches. Enable two-factor authentication (2FA) on all important accounts — email, banking, social media — using an authenticator app such as Google Authenticator or Authy rather than SMS, which is vulnerable to SIM-swapping attacks.
Your Smartphone: The Most Personal Tracking Device
Your smartphone contains more personal data about you than any other object you own, and a significant proportion of the apps installed on it are collecting that data and sending it to third parties. Review the permissions granted to each app: does a weather app need access to your contacts and microphone? Does a shopping app need your location at all times? On both iOS (Settings > Privacy) and Android (Settings > Privacy > Permission Manager), review and revoke unnecessary permissions for each app. Location data is particularly sensitive; restrict it to "while using" for all apps that do not absolutely require continuous location access.
Email Privacy
Standard email is not secure. Gmail scans the content of your emails to serve targeted advertising, a practice that should disqualify it from carrying sensitive personal, financial or health-related communications. Privacy-focused email providers including ProtonMail and Tutanota offer end-to-end encrypted email that prevents the provider from reading your messages. For a free, privacy-respecting email account, ProtonMail (with 1GB of free storage) or Tutanota are both excellent options that are straightforward to set up and use.
Messaging and Social Media
For private messaging, Signal is the gold standard: open source, end-to-end encrypted by default, and used by journalists, lawyers and security researchers worldwide. WhatsApp uses Signal's encryption protocol but is owned by Meta, which collects metadata (who you message, when, how often) even if it cannot read message content. For genuinely private communications, Signal is significantly preferable. For social media, the most effective privacy step is simply using less of it — particularly the platforms with the most aggressive data collection (Facebook and Instagram). If you must use them, browser-based access through a privacy-focused browser is preferable to dedicated apps.
VPNs: Useful But Misunderstood
A Virtual Private Network (VPN) encrypts your internet traffic and routes it through a server in a location you choose, preventing your internet service provider and anyone monitoring your network from seeing what you are doing. This is genuinely useful on public Wi-Fi networks (cafes, airports, hotels), where your unencrypted traffic is otherwise visible. A VPN does not make you anonymous online — the VPN provider can see your traffic, and websites can still identify you through cookies and browser fingerprinting. Reputable paid VPN providers include Mullvad, ProtonVPN and ExpressVPN; free VPN services should be treated with considerable scepticism.
Your Rights Under UK Law
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have significant rights regarding your personal data: the right to access copies of data held about you (Subject Access Request), the right to have incorrect data corrected, the right to erasure in certain circumstances, and the right to object to processing. Exercising these rights against major technology companies and data brokers is time-consuming but increasingly mainstream. Services like Rightly in the UK automate SAR submissions to data brokers on your behalf.
"Digital privacy is not about having something to hide. It is about maintaining the autonomy and dignity that come from controlling information about yourself."
Digital privacy improvements do not require technical expertise or radical lifestyle changes. A handful of free tools — a privacy-focused browser, a search engine that does not track you, a password manager, two-factor authentication, and thoughtful app permission management — provide a meaningful baseline of privacy that dramatically reduces your data exposure with relatively modest effort.