Data and Privacy
What actually happens to your data online — the tracking infrastructure, your legal rights across different jurisdictions, and the options available for taking back some control.
What Happens to You Online
The surveillance infrastructure — trackers, fingerprinting, real-time ad bidding, and data brokers — explained mechanically, without alarm.
What a Tracker Actually Sees
A typical news website contains dozens of third-party trackers. This topic explains mechanically what each type of tracker observes, how that data is transmitted, and what a composite profile looks like — using real, documented examples rather than speculation.
Your Data Broker Profile — The Dossier You've Never Seen
Data brokers compile detailed profiles on individuals from hundreds of sources — purchase history, public records, social media, location data — and sell them to marketers, insurers, employers, and others. Most people have never seen their profile.
"Free" Means You Are the Product
The economics of free digital services: when a platform charges nothing in money, the exchange is typically data, attention, or behavioural influence. This topic explains the business model, not to alarm, but to make it legible.
Cookies, Fingerprinting, and Third-Party Requests
Cookies were the original tracking mechanism, but fingerprinting and third-party requests have become more persistent and harder to block. This topic explains how each works technically and what the transition means for privacy.
How Ad Networks Profile You — The Real-Time Bidding Pipeline
In the milliseconds between a page loading and an ad appearing, your profile is auctioned to hundreds of advertisers. This topic explains how real-time bidding works, what data is shared in the process, and what the ICO and EDPB have said about its legality.
Taking Your Data Back
Your legal rights across UK/EU, California, and the rest — and the practical options that exist for reducing your digital footprint.
Your Privacy Rights by Jurisdiction
Privacy rights vary dramatically depending on where you are. This topic maps the key frameworks — UK GDPR, EU GDPR, California CCPA/CPRA, and the broader US patchwork — explaining what each provides and where they differ. The aim is to help readers understand what the law says, not to give personalised legal advice.
How Subject Access Requests Work Under UK/EU GDPR
Under UK and EU GDPR, individuals have the right to request copies of their personal data from organisations that hold it. This topic explains how the process works, what organisations must provide, what exemptions apply, and how the ICO handles complaints — informing readers about the mechanism without giving personalised legal advice.
How CCPA and CPRA Requests Work in California
California's Consumer Privacy Act (CCPA), strengthened by the CPRA in 2023, gives California residents specific rights over their personal data. This topic explains what those rights are, how they compare to GDPR, and how the request process works — informing readers about the legal framework, not giving personalised advice.
Reducing Your Digital Footprint — What Options Exist
A range of tools and settings can reduce the amount of data collected about a person online. This topic explains how they work at a technical level, what their actual effectiveness is, and what trade-offs exist — without prescribing a personal regime.
Messenger Comparison — Honest Trade-offs
Messaging applications differ substantially in their encryption approach, metadata collection, business model, and jurisdiction. This topic presents an honest comparison of the major platforms — not tribal advocacy for one, but an evidence-based account of what each provides and what it doesn't.
Browsers, Search Engines, and VPNs — What They Actually Do
Browser choice, search engine selection, and VPN use all affect what data is collected about you and by whom. This topic explains the technical reality behind each option — including honest accounts of what VPNs do and don't protect against.
What Your Employer Can Legally Know About You
Workplace monitoring — of email, computer activity, location, and communications — is increasingly common. The legal framework governing it differs significantly between the UK and the US. This topic explains what the law provides in each jurisdiction, informing readers about the legal landscape without giving personalised employment advice.