Your Data & Privacy Settings
Every major platform ships with settings that maximise data collection by default. Most people never change them. This module covers the specific settings that make the biggest difference, and exactly where to find them.
The Settings No One Told You To Change
Fatima had been using Gmail, Instagram, and Google Maps for six years.
She was careful about what she posted publicly. She did not share personal information with strangers. She felt reasonably private.
Then she requested her Google data through Google Takeout out of curiosity.
The download contained 14 years of search history, every location she had visited since 2017 mapped on a timeline, every YouTube video she had watched, every ad she had clicked, and a detailed interest profile Google had built from all of it - including inferred information about her health concerns, relationship status, and financial situation.
She had consented to all of it. The consent was in the terms she agreed to when she created her account. The collection had been running silently since day one.
None of the settings that limited this were on by default.
What Is Actually Happening: The Default Problem
72%
of people have never reviewed their social media privacy settings since creating their account.
Platforms update their data collection practices regularly. Reviewing once is not enough.
Source: Pew Research Center Digital Privacy Survey, 2024Google Infers 5,000+ Interest Categories Per User
Google's ad profile for an average user includes thousands of inferred interest and demographic categories, built from search, maps, YouTube, Gmail metadata, and location history.
Meta Tracks You on Sites You Have Never Visited
The Facebook pixel is embedded on millions of third-party websites. Meta tracks your browsing behaviour across the web even when you are not logged into Facebook or Instagram.
Your Platform Data Is Sold to Third Parties
Platform data is shared with advertising and analytics partners under terms buried in privacy policies. Limiting data sharing settings reduces how far your profile travels.
You Can See Everything Platforms Hold on You
Every major platform provides a data download. Most people have never requested theirs. Seeing the actual data is often what motivates meaningful privacy action.
Why Defaults Are Set Against You
When a platform sets ad personalisation to "on" by default, that default is worth money. Every user who never changes it represents ad revenue the platform would not have if the default were "off."
Default settings are product decisions, not neutral choices. They reflect what is in the platform's commercial interest, not what is in yours.
Changing defaults is not paranoia. It is correcting settings that were made without your active input.
What Google Knows - and How to Limit It
Go to myaccount.google.com to see your Google data and manage settings.
High-impact settings to check:
- Ad Personalisation: My Ad Centre > turn off. Stops Google from building an ad profile from your activity.
- Location History: Data & Privacy > Location History > pause. Stops the automatic recording of everywhere you go.
- Web & App Activity: Data & Privacy > Web & App Activity > turn off. Stops recording every search and website visit.
- YouTube History: Data & Privacy > YouTube History > pause. Stops your watch and search history feeding recommendations.
- Third-Party Apps: Security > Third-party apps with account access > remove old connections.
What Meta Knows - and How to Limit It
High-impact settings on Facebook and Instagram:
- Off-Facebook Activity: Settings > Your Facebook Information > Off-Facebook activity > Disconnect future activity. Stops cross-site tracking by Meta's pixel.
- Post Visibility: Settings > Privacy > Who can see your future posts > Friends.
- Ad Preferences: Settings > Ads > Ad Preferences > remove interest categories.
- Data Sharing with Partners: Settings > Privacy Policy > Ad partners > limit sharing.
Data Minimisation as a Habit
Beyond platform settings, the underlying principle is data minimisation: share only what is necessary, with only who genuinely needs it.
Practical applications:
- Do not use "Sign in with Google" or "Sign in with Facebook" for sites you rarely use. Create a separate account with a throwaway email instead.
- Do not fill in optional fields on forms (birthday, phone number, location) unless the service requires them to function.
- Review which personal details your social profiles display publicly. Phone number and email are almost never necessary to share.
- Check your platforms every 6 months. Settings change when platforms update their terms.
Monthly Digital Hygiene Checklist
A single monthly pass across the following keeps your settings current without becoming a full audit.
| What to check | Where | Takes |
|---|---|---|
| Review active sessions on email | Account > Security > Active devices | 2 min |
| Remove any app permissions you granted last month | Settings > Privacy | 3 min |
| Check for OS and app updates | Settings > Software Update | 1 min |
| Scan for apps you have not opened in 30 days | App Library (iPhone) or App Drawer (Android) | 2 min |
| Review who can see your most recent social posts | Profile > Privacy | 1 min |
| Check HaveIBeenPwned.com for new breaches involving your email | haveibeenpwned.com | 1 min |
10 minutes once a month covers the most common drift points. Set a repeating calendar reminder.
Try It: Privacy Settings Sprint
Pick a platform. Work through 6 high-impact privacy settings with the exact path for each. Check them off as you go. Takes about 4 minutes.
What That Just Showed You
1. The most impactful settings are rarely obvious. Ad personalisation, off-platform tracking, and location history are not in the obvious "Privacy" section on most platforms. They are spread across multiple menus.
2. Platform defaults favour the platform. Every setting that was "on by default" in the sprint was generating data for the platform. The default was a commercial decision, not a neutral one.
3. A 4-minute sprint covers the most important ground. You do not need to change every setting. The 6 highest-impact settings per platform - when changed - significantly reduce how much of your activity feeds into advertising profiles.
4. Set a reminder to repeat this in 6 months. Platforms update settings and introduce new data collection features regularly. A review you did last year may be incomplete today.
Three Things Worth Doing
1. Turn off ad personalisation on Google today. Go to myaccount.google.com > Data & Privacy > My Ad Centre > turn off personalised ads. Takes under 2 minutes.
2. Disconnect Off-Facebook Activity. Facebook > Settings > Your Facebook Information > Off-Facebook Activity > Disconnect future activity. This is the single most impactful Meta privacy setting available to you.
3. Download your data from one platform. Google Takeout (takeout.google.com) or Facebook's "Download Your Information" option will show you the actual profile held on you. Seeing it once changes how you approach default settings permanently.
One Question Before You Continue
Fatima was careful about what she shared publicly, yet Google held a detailed profile of her health concerns, relationship status, and finances. How was this possible?