Just how safe is your personal info in the hands of online companies?


Personal information should be just that – personal. But if you’re looking to engage with the digital world, you will need to give online companies some of your personal info. This could range from your email address to your date of birth, or even a set of security passwords. And you’ll need to do this because online companies need to be certain you’re who you say you are. But, they also do it so they can market other products and services to you.

How is your data at risk?

Whenever you’re asked to give personal information to an online company, remember that the information belongs to you. Plus, the companies who take it from you have a responsibility to keep it safe.

Despite this, even the biggest companies are guilty of compromising customer data. In the last few years, mega-firms such as Facebook, eBay, Uber, and Canva have all fallen foul of data breaches. Or even been the victims of hackers. These incidents have left millions vulnerable to the threat of scammers and fraudsters.

So, what can you do to understand the risks of giving them your personal information??

The type of personal information companies can hold on you

Any data that identifies you is usually deemed personal information. Of course, this includes your name but could also include your IP address. But it also depends on the regulations that apply to you as an individual:

  • If you’re based in the EU, GDPR defines this as “Personal data are any information which is related to an identified or identifiable natural person”.
  • In the US, several laws protect the rights of citizen’s data. These are outlined by the Federal Trade Commission (FTC) as “personal information”.
  • In Canada the Personal Information Protection and Electronic Documents Act (PIPEDA) protects you. In Australia, it’s the Notifiable Data Breach Scheme.

Specific types of personal information may include:

–          Passport number

–          Location data

–          Racial or ethnic origin

–          Religious beliefs

–          Sexual orientation

–          Biometric data, including facial and fingerprint images

In the UK, GDPR data protection rules state your data must be:

  •  Managed according to a consumer’s rights as outlined in the Data Protection Act 2018
  • Accurate, relevant, up-to-date, and not excessive to the context
  •  Obtained for specified purposes, and not used in ways you didn’t agree to
  •  Not kept for longer than is necessary
  •   Made secure

What can online companies do with your personal info?

To hold personal data on you, online companies must first request your consent. And how they plan to use your data should be set out in their privacy policy, or terms and conditions. In practice, before you began using their services, you would have agreed to these terms.

And don’t forget, internet firms are not only requesting this for security purposes. They want your data in exchange for using their services. In other words, instead of paying to use their platform, you agree to share your data with advertisers. This is because good marketing requires good data.

So, to give you a sense of what can happen, here are some of the ways companies can use your data:

Data profiling

Personal data profiling is where companies collect data to market their services to you. Usually, this is a way of enhancing your experience of their platform. For example, Amazon Prime Video captures data on what you’ve watched and uses it to find other titles you may enjoy. They’ve also set up individual viewer profiles. This allows many users to have separate, personalized experiences using one account.

Direct Marketing

Third-party marketers can use your information to promote their products or services. Companies will advertise to you using banner ads, sponsored posts, and promotional updates. They usually collect your data from the companies you’ve shared it with, but also through cookies. So, if you’ve consented to cookies, there’s a good chance they’ve helped to build a picture of you as a consumer.

Data Broking

Today, data is the new currency. So, by giving your data to companies, they get an opportunity to sell it on to others. All your online activity is made available for other companies to buy. This is because, when third-party companies know more about you, they can sell you things you’ll want. Data broking is a 200-billion-dollar industry and one that’s becoming more of a concern for regulators.

Steps you can take to keep your personal info safe

Today, it’s inevitable that some online companies will have your personal data. But it’s also your legal right to request they share the info they hold with you.

The best way to do this is by issuing a subject access request. When you submit a subject access request, a company must reveal all the information they hold about you. This is a good way to feel more certain about how your data is being managed. But if you discover mishandling of your data, or that the company has violated their agreement, you also have a right to request deletion.

In general, you should take every step you can to keep your personal information safe when you’re online. This means being selective over the details you give to certain companies. And remember, there is no failsafe way to erase the risk of your data becoming exposed. Because of this, it could be worth taking out separate policies. You could protect your online identity or payment methods, for example.

Always check who you’re giving your data to

Before signing up to use an online company, it’s important to inspect their terms. So, when you’re presented with a company’s privacy policy, always review the conditions first.

And, if you do feel uncomfortable with anything you see, think twice about agreeing to them. Or, give some thought to whether it’s worth compromising your data to use their products or services.


Again, personal information should be kept personal. However, in order to use popular platforms and services online giving away some of your information is often unavoidable. The good news is that you can take steps to keep control of your personal information, whether this is understanding the policies of each site you sign up to or (less time-consuming!) send a deletion request via Rightly after you use a company’s website.


Please enter your comment!
Please enter your name here