Every connection to a site, every application opened on a phone generates personal data: IP address, location, browsing history, account identifiers. Protecting one’s privacy online involves limiting the collection, storage, and use of this information by third parties, whether they are advertising platforms, data brokers, or malicious actors.
Digital footprints and re-identification by AI: an underestimated risk
Most cybersecurity guides focus on passwords and VPNs. The problem has scaled up. Artificial intelligence models are now capable of cross-referencing fragments of public data (social media posts, photos, file metadata) to re-identify a person even under a pseudonym.
Further reading : How to Obtain an Error-Free Carrefour Invoice Online: Practical Guide and Tips
A partially blurred face, a recurring background in photos, a regular posting schedule: these elements are enough to reconstruct an identity. Blurring or using a pseudonym no longer guarantees anonymity against these automated correlation techniques.
The direct consequence: any information published, even fragmentary, can be linked to a real profile. Before sharing content, the question to ask is less about “who will see it” than about “which algorithms can link it to my identity.” To delve deeper into the issues of digital security in a professional or personal context, resources are available at https://www.j3m.fr/ that cover these topics.
See also : How to Effectively Manage Your Professional Emails with Online Tools
Advertising profiling and rights under the GDPR: what changes with the DSA
The GDPR has granted concrete rights since 2018: access to one’s data, deletion, opposition to processing, de-referencing. These rights remain the legal basis for any online privacy protection efforts in Europe.
The framework has been strengthened. The European legislative package on digital services and markets (DSA/DMA) imposes additional obligations on very large platforms. They must provide simplified access to privacy settings and offer the option to refuse advertising profiling based on personal data.
In practice, this means that the options to “refuse personalized targeting” must be as accessible as the acceptance options. If a social network or search engine makes refusal more complex than acceptance, it violates these rules.
Exercising rights with the CNIL
The CNIL remains the point of contact for any request not satisfied by a data controller. A complaint can be filed online when a company does not respond within one month to a request for access or deletion.
De-referencing allows one to request a search engine to remove a result associated with their name. This procedure does not delete the source content but severs the link between a name search and the concerned page.
Securing devices and browsing on a daily basis
The most common vulnerabilities do not come from sophisticated hackers. They arise from poorly configured devices and absent reflexes. Three technical areas deserve particular attention.
- Device encryption (phone, laptop) protects data in case of loss or theft. On most recent systems, this option exists in the security settings but is sometimes disabled by default.
- Operating system and application updates fix vulnerabilities that are actively exploited. Delaying an update by several weeks is equivalent to leaving a documented open door.
- A password manager generates and stores unique identifiers for each service. Reusing the same password across multiple sites exposes one to a domino effect: a single leak compromises all associated accounts.
VPNs and encrypted DNS: useful in specific contexts
A VPN masks the IP address and encrypts traffic between the device and the provider’s server. Its usefulness is real on a public Wi-Fi network (hotel, train station, café). On a home connection, the benefit mainly depends on the trust placed in the access provider compared to the VPN provider.
Encrypted DNS (DoH or DoT) prevents a third party from observing the domain names consulted. This feature can be configured in the network settings of the browser or system. It complements the VPN without replacing it.
Data brokers and unintentional exposure of personal data
Data brokers collect and resell aggregated profiles: name, address, shopping habits, family situation. This information comes from legal sources (public records, loyalty programs, online forms) and feeds into advertising targeting or identity verification.
Removing one’s data from these brokers is possible but tedious. Each broker has its own opt-out procedure. Specialized services automate these requests, but their effectiveness varies by jurisdiction.
Prevention remains more effective than correction. Before filling out a form or signing up for a loyalty program, checking the data sharing policy with third parties limits the feeding of these databases upstream.
Social networks: privacy settings and metadata
Photos published on social networks often contain EXIF metadata (GPS coordinates, device model, date and time). Some platforms automatically remove them upon upload, while others retain them. Checking this behavior for each network used avoids unintentionally sharing one’s location.
Default privacy settings favor maximum visibility. A regular audit of these settings, two or three times a year, helps adapt to frequent changes in interfaces and data protection policies.
Securing online privacy relies less on a single tool than on a combination of technical and legal reflexes. Encryption protects devices, the GDPR and DSA provide concrete levers against platforms, and vigilance over shared data upstream remains the most effective filter against massive collection.