The internet, while convenient, comes with risks. From hackers to legitimate companies, it can feel like everyone is constantly asking for your personal information. While legitimate businesses hopefully aren’t trying to steal your banking credentials, many still use your data for their own benefit—or share it with third parties.
Some types of data can be particularly sensitive that consumers do not want companies to have or share.
So, it’s a valid question: How do I even know who has my data?
1. Check the Company’s Privacy Policy
The first place to look is a company’s privacy policy, assuming they have one. Certain laws, like California’s Online Privacy Protection Act (CalOPPA), require companies that collect personally identifiable information (PII) from California residents to maintain a clear and conspicuous privacy policy.
These policies typically outline what types of data they collect and the types of data they share, but they don’t always make it easy to read or understand. The best way to look for these types of provisions is reading the privacy policy headings. Look out for section headings like:
- “Data We Collect”
- “How We Share Your Data”
- “Third-Party Disclosures”
Unfortunately, not all companies disclose their data collection practices or do not do so in a way reasonable consumers can understand. For instance, some use broad categories like “data” or “activity information” but who knows what data is included in “data” or what the company even means by “activity information”? Thus, while reading a privacy policy can be helpful, it’s not guaranteed to tell you the full scope of a company’s data collection or sharing.
2. Use a Pixel Tracker
To make matters worse, plenty of data collection happens behind the scenes—in ways that consumers can’t detect.
One powerful (and often invisible) way companies collect and share data is through tracking pixels—small snippets of code embedded on websites. These pixels silently collect user behavior, device info, and even IP addresses.
To combat this, several privacy-focused organizations have developed pixel tracking tools to help users identify which sites are using trackers and what data is being sent.
We created one, too—and it’s completely free for consumers to use. You can access it here [Insert link to your pixel tracker]
4. Submit a Data Access Request ("Right to Know")
Another option is to directly request access to your data. Thanks to evolving privacy laws, many consumers now have a legal right to know what companies have collected about them.
For example:
Under the California Consumer Privacy Act (CCPA), certain businesses are required to disclose personal data they’ve collected upon request.
States like Colorado and Connecticut have similar laws under the Colorado Privacy Act (CPA) and Connecticut Data Privacy Act (CTDPA).
These are often called “Right to Know” laws and typically give you the right to:
Confirm whether your data is being processed
Access categories and specific pieces of personal information
Learn whether your data has been shared or sold
- Concerned About Your Data? Contact Us
If you have concerns about your online privacy or believe your data has been misused, we’re here to help. Contact us today to speak with an attorney and understand your rights. You can also fill-out the below form to be added to our mailing list, where we send out alerts for potential privacy violations.
