Digital footprint management: Tools, laws and strategies

Why manage your digital footprint

Consumers want control over data because data brokers can scrape, package and sell data without the consumer's knowledge. Data broker sites sell data to tech companies, marketers and other data brokers who create sophisticated advertising products using all the contextual data they purchase. The consumer data can be compiled into demographic groups as well, which anonymizes it. However, with enough compiled data about an individual, the data can be deanonymized.

Most consumers don't request data brokers stop selling their information because most are relatively unknown. Many sites use third-party tracking cookies to gather information about user browsing history. Data brokers have been called the middlemen of surveillance capitalism. Some examples of data brokers include the following:

• Acxiom.
• BeenVerified.
• Experian Information Solutions.
• Intelius.
• J.D. Power.
• LexisNexis Risk Solutions.
• Oracle Data Cloud.
• Poshmark.
• TransUnion Healthcare.

Big tech companies also collect data about their users, and the scope of data types they collect is growing. For example, X, formerly known as Twitter, recently expanded its purview to collect biometrics and employment history. Other less tech-adjacent companies, such as retailers, also collect and sell data to third parties.

There are reasons a user might not want to delete the data a company has on them. For example, if a consumer belongs to a loyalty program of some kind, they would want the company to retain data about them. Deleting data also can mean deleting entire accounts, which might be undesirable if it means deleting someone's email account or social media account.

What a consumer wants to do with their data is an individual choice. The more knowledge a consumer has, the better they can make decisions regarding their data.

U.S. data privacy laws

Although there's no comprehensive federal data privacy regulation in the U.S. on the level of the EU's General Data Protection Regulation, there are a growing number of state regulations that protect consumer data privacy rights.

The California Consumer Privacy Act (CCPA), effective in 2020, set precedent for data privacy in the United States. Under the CCPA, consumers have the following rights:

• Request a copy of the data a company has.
• Tell a company they aren't allowed to sell the data.
• Request data be deleted from the company's database.

Although California was the first state to pass one of these privacy laws, other states are now joining with their own respective laws. At time of writing, states other than California with privacy laws signed include the following:

• Colorado, with the Colorado Privacy Act, effective July 1, 2023.
• Connecticut, with the Connecticut Data Privacy Act, effective July 1, 2023.
• Delaware, with the Delaware Personal Data Privacy Act, effective Jan. 1, 2025.
• Florida, with the Florida Digital Bill of Rights, effective July 1, 2024.
• Indiana, with the Indiana Consumer Data Protection Act, effective Jan. 1, 2026.
• Iowa, with the Iowa Consumer Data Protection Act, effective Jan. 1, 2025.
• Montana, with the Montana Consumer Data Privacy Act, effective Oct. 1, 2024.
• Oregon, with the Oregon Consumer Privacy Act, effective July 1, 2024.
• Tennessee, with the Tennessee Information Protection Act, effective July 1, 2025.
• Texas, with the Texas Data Privacy and Security Act, effective July 1, 2024.
• Utah with the Utah Consumer Privacy Act, effective Dec. 31, 2023.
• Virginia, with the Virginia Consumer Data Protection Act, effective Jan. 1, 2023.

Data privacy applications

Some consumer applications exist to help manage the data companies collect and make it easier for consumers to exercise their rights. Some cost money and some are free.

Permission Slip is a free mobile application from nonprofit organization Consumer Reports. The application is designed to help consumers manage their information online. The application is available on iOS and Android. It lets Consumer Reports submit data deletion or do-not-sell requests on the user's behalf.

Once initiated by the user, Consumer Reports submits the request, then keeps the user updated on the status of the request with the selected companies. Requests usually take some time to be fulfilled. Companies under the law have 15 business days to respond to an opt-out-of-sale request, and 45 business days to respond to a deletion request, according to most state laws.

The types of data that Permission Slip protects varies by organization. The process also differs from organization to organization. Sometimes an organization might respond with a request to verify the authenticity of the request, for example.

Permission Slip works with a large collection of companies not limited to big tech that includes Netflix, Disney and OpenTable.

Permission Slip aims to clarify exactly what data companies are collecting about consumers.

The user interface is modeled on dating apps, where upon logging in, users see a stack of cards that they can swipe left or swipe right on to decide which companies are allowed to have their data.

The goal is to align the company's use of consumer data with the consumer's best interest and create more transparency between consumers and companies.

Permission Slip works because of a provision within the CCPA data privacy law called Authorized Agent. The provision stipulates that a consumer can choose to have an agent -- another person or entity -- help them exercise their privacy rights.

Permission Slip does collect some necessary data to act as agent under the CCPA, such as telephone number, email address and home address. Consumer Reports also requires that users sign off on processing their data for research and reporting purposes. Users can opt out of Permission Slip's participation in targeted advertising in their multi-page privacy policy.

Permission Slip isn't the only application that helps consumers delete their data. Some others include the following:

• Optery. This app scrubs personal data from data broker websites for a yearly subscription fee and a free tier that offers data removal steps so consumers can do it manually. Optery also provides a detailed privacy report and a dashboard to view results.
• Incogni. This app removes consumer data from brokers at a monthly fee and monitors brokers to remove data if it gets reposted. Incogni also offers a personalized privacy score.
• DeleteMe. This app is a monthly subscription service that removes private information from data brokers. DeleteMe has a default list of data brokers and let consumers submit custom requests for data brokers not on their list. DeleteMe also tracks data to see if it reappears and provides the user with a privacy report.

There are many more tools like the previous, which specifically target data brokers. Other less formal tools are available to help manage online footprint. Some examples include the following:

• Mosint. Mosint is an email-checking tool that gathers information about a target email. A consumer could use this app to see the accounts associated with their email and take inventory of their accounts in total.
• Simple Opt Out. This is a website with a repository of companies and links to the place in their privacy policy that tells consumers how they can submit a request to opt out of data sharing for each company. Some of the links also just lead to a company's account login page.
• Cover Your Tracks. The Electronic Frontier Foundation has a tool named Cover Your Tracks that shows whether a browser is susceptible to browser fingerprinting, and whether it blocks tracking ads and invisible trackers.

Even with these apps, it's important to remember that data is collected everywhere. When possible, consumers should do the following:

• Avoid oversharing online.
• Use complex passwords.
• Check browsers for cookies.
• Configure browsers and application privacy settings.
• Delete accounts they no longer use.
• Create multiple email addresses.
• Use a VPN.
• Avoid public wireless networks.