This is the first in a new four-part series about online privacy and what the internet knows about you. Plain English, practical, for everyone.
Think back to everything you have done online in the past week. The websites you visited. The things you searched for. The photos you posted, or were tagged in by someone else. The app you downloaded and quickly forgot about. The newsletter you signed up for to get a discount code. The fitness app that knows your running route. The smart speaker that heard you mention a holiday destination.
Every one of those actions left a trace. Collectively, those traces make up what is called your digital footprint — and most people have never stopped to think about how large theirs actually is.
This is not a series about becoming invisible online. That ship has sailed for almost everyone, and it is not really the goal worth chasing. It is a series about understanding what you are leaving behind, who can see it, and what meaningful control looks like.
So what actually is a digital footprint?
A digital footprint is the trail of data created by your activity online. It comes in two distinct types, and understanding the difference matters.
Your active footprint is everything you deliberately share. Social media posts, photographs, comments, reviews, forms you fill in, accounts you create. You know you are creating this footprint, even if you do not always think about where it ends up or how long it lasts.
Your passive footprint is everything collected about you without a deliberate act of sharing. The websites you visit are logged. The links you click are recorded. Your device sends out an advertising identifier that lets companies build a profile of your interests across different apps and websites. Your phone's location is logged by apps that have permission to access it, often far more frequently than you would expect. Most people are surprised by how much of their footprint falls into this passive category — it is the part you cannot see being created.
Together, these two footprints form a remarkably detailed picture. Your searches reveal your health concerns, your relationship status, your financial worries, and your political views — often more candidly than you would ever post publicly. Your location history reveals where you live, where you work, where your children go to school, and your daily routine. Your purchase history reveals your habits and your means.
Why this matters
The NCSC — the UK's National Cyber Security Centre — puts it plainly: criminals can use your digital footprint to steal your identity or make phishing messages more convincing. This is not a hypothetical concern. It is the mechanism behind a significant proportion of the scams we have covered in this series and the last.
A criminal who knows your employer, your job title, your manager's name, and the fact that you recently moved house can craft a phishing email that references all of it. A criminal who knows your children's names and school can build a far more convincing "Hi Mum" scam message. None of this information needs to be stolen in a dramatic hack. Much of it is sitting in plain sight, posted by you, by your friends, or by your employer, and assembled by anyone who takes the time to look.
There is also a quieter, more pervasive use of your footprint: building a commercial profile of you that is bought and sold, often without your meaningful knowledge, to determine which adverts you see, which prices you are offered, and in some cases which decisions are made about you. We will cover this in detail in Part 3.
The regulatory backdrop — and why it matters right now
The UK's data protection law changed significantly on 5 February 2026, when the bulk of the Data (Use and Access) Act 2025 came into force. It does not replace UK GDPR, but it amends it in ways that affect how organisations handle your data — including a new lawful basis for processing data and changes to how subject access requests are handled.
Separately, and more visibly, the ICO has been taking increasingly assertive enforcement action specifically around how platforms handle data — particularly children's data. In February 2026 alone, the ICO fined Imgur's parent company £247,590 and fined Reddit £14.47 million, both for failing to put in place basic protections for children using their platforms. These are not abstract policy debates. They are regulators concluding that major platforms have been collecting and exposing more personal data than they should have been allowed to.
This context matters because it tells you something important: even the organisations responsible for protecting your data do not always get it right. Personal vigilance is not a substitute for regulation, but it remains a genuinely useful complement to it.
A simple way to see your own footprint
Before the next three articles in this series get into the detail — social media specifically, data brokers, and practical removal — here is a starting exercise worth doing this week.
Search your own name in a search engine, including in quotation marks. Look at what comes up across the first few pages, not just the first few results. Search your name alongside your town or employer. Check what is visible on your social media profiles when you are logged out, or when viewed from an account that is not connected to you — this shows you what a stranger actually sees, which is often more than you expect.
Most people who do this exercise for the first time are surprised, and not always pleasantly. Old accounts they had forgotten about. A forum post from a decade ago, still indexed. A photograph tagged by someone else, visible to anyone. This is not cause for alarm. It is simply useful information — the necessary first step before deciding what, if anything, you want to change.
What does this mean for me?
Do the search exercise this week. You cannot manage what you cannot see. Search your own name, check what is visible on your social profiles logged out, and take stock of what is actually public.
Distinguish between active and passive footprints. The conversation about online privacy often focuses on what you post. The bigger and less visible risk is often what is collected passively — location data, browsing history, advertising identifiers — without you ever consciously deciding to share it.
Remember why this matters practically. A smaller, more deliberate digital footprint is not about paranoia. It makes you a harder target for phishing, identity theft, and the kind of personalised scams covered in our previous series — because there is simply less raw material for a criminal to work with.
This is a process, not a one-off task. Your digital footprint grows every day. The goal of this series is not to eliminate it — that is neither possible nor necessary — but to build the habit of periodically checking and consciously managing it.
🧠 The Human Factor
| Technology involved | Search engines, social media platforms, mobile apps, advertising identifiers, and the wider ecosystem of services that collect data both actively (what you share) and passively (what is collected without a deliberate act) |
| Root cause | Most people are unaware of how much of their personal information is collected, retained, and potentially exposed — both by their own choices and by systems operating in the background |
| What was at risk | Identity theft, more convincing and targeted phishing attacks, and exposure to commercial profiling — with regulators (the ICO fining Reddit £14.47 million in February 2026 alone) confirming that platform-side protections are often inadequate |
| Prevention | Regularly auditing your own visible footprint; understanding the distinction between active and passive data collection; treating digital footprint management as an ongoing habit rather than a one-time fix |
Next in the series: What social media platforms actually know about you — and what they do with it.
References and sources
- NCSC: Social media: how to use it safely — ncsc.gov.uk
- ICO: Reddit fine of £14.47 million, MediaLab/Imgur fine of £247,590 (February 2026) — ico.org.uk
- Data (Use and Access) Act 2025 — provisions in force from 5 February 2026 — gov.uk
- University of Law: What is a digital footprint? (2025)