Cyber Brew: Personal data protection tips from our security experts

This Cyber Brew session features:

• Sigita Jurkynaitė (moderator), information security manager at Nord Security
• Darius Belejevas, head of Incogni at Surfshark

We dedicated this session to one of our top priorities — personal data security. Here, our experts answer questions on spring-cleaning your digital accounts, managing app permission, dealing with data brokers, and protecting your family’s information online — because everyone has a right to a private and secure digital life.

Why your phone probably has more junk than your junk drawer — and what to do about it

Sigita: At work we delete unnecessary emails, unsubscribe from lists, report phishing — we do everything right. But our personal email inboxes? They flash “94% full” and we just buy more storage instead of cleaning up. We’re disciplined about digital hygiene at work, but our personal devices become graveyards for forgotten apps.

Quick question — how many apps are on your phone right now? If you don’t know, it’s time for some spring cleaning. Deleting those forgotten apps not only frees up space on your phone, but also means fewer apps quietly collecting your data in the background.

Any data you already shared with that app is probably still on their servers. You can request deletion under privacy laws like the CCPA (in California) or the GDPR (in the EU), but there’s no guarantee they’ll comply. The best you can do is be selective about what you download from the start.

And if you decide to delete an app — do it right. Revoke all its permissions, clear its cache, and disconnect all connected accounts. You want to cut all ties and make sure no personal data lingers in the app’s servers.

The invisible companies that know you better than some of your friends — and how to “unfriend” them

Sigita: Since we started talking about personal information removal, I thought it would be great to invite Darius Belejevas, the head of Incogni, a personal information removal service, at Surfshark. Could you tell us more about what Incogni does?

Darius: When it comes to Incogni, the idea is pretty simple. There are companies that most of us haven’t heard about — data brokers — that know more about us than some of the closest people in our lives. And Incogni helps you delete your personal data from those sites.

There are hundreds of data broker companies globally operating in this massive, scattered industry. And they're building incredibly detailed profiles about you by trading information between themselves.

Data brokers build incredibly detailed profiles about you.

Sigita: How do they get our data in the first place? 

Darius: Unfortunately, we’re usually the ones who give it to them. We do it unknowingly when we download apps or register for services.

But here’s where it gets really concerning — it’s not a particular collection model or company that’s the problem, but the whole ecosystem. Someone might collect data on your shopping habits, or someone else might scrape LinkedIn or get your financial information. Then these companies start trading that data back and forth between themselves. What you get is incredibly detailed profiles about you that are being used by unknown entities for unknown purposes.

Sigita: So what can they do with your information?

Darius: Pretty much whatever they like. They sell your personal information to create targeted ads, build detailed profiles of who you are, perform risk assessments on you, and package everything up to sell to the so-called people search websites. The scary part? They do all this without your knowledge or consent.

Sigita: Can you find out if they have your data?

Darius: It’s difficult to know for sure. You can check some data broker registries and search individual broker sites, but many require you to create an account just to see if they have your information. Services like Incogni use algorithms to predict which brokers likely have your data, then demand those companies delete your data on your behalf.

Sigita: How can we minimize that personal data giveaway to the companies online? Or maybe we shouldn’t even bother because it’s a lost cause?

Darius: It’s not a lost cause. Just use your common sense and don’t sign up for services in a rush — take your time. It would be best if you read the apps’ privacy policy to find out what data it collects and if it shares that data with its partners and affiliates.

Your best defense — think before you download.

If you’re downloading an app, check what data it collects and consider if it really needs it. If a calculator app is asking for your location data, that’s a red flag. If a flashlight app wants access to your contacts, something’s fishy. What should you do? Look for an app that only requires what it really needs to deliver a service. If it’s a flashlight app — it needs access to your camera's flash, and that's it. No contacts, no location, no storage access.

One more thing you can do is create a separate email address just for apps and online services you don’t fully trust. This way, your main email stays clean from spam and marketing emails, and you protect your real personal email address from being sold to data brokers. If an app or service gets breached or starts sending you junk, you can simply abandon that throwaway email without affecting your important communications.

Use the privacy laws to your advantage.

Darius: Privacy laws give us tools to protect our rights. In the EU, we can contact services and say: “Hey, based on the GDPR, I want you to delete any data you have about me.” If you are getting emails from a service you didn’t sign up for, you should simply write back and say “Okay, how did you get my email address?” and demand it stops sending you emails and deletes your data from its system.

Privacy regulations are finally catching up. Multiple US states have introduced their own privacy laws — such as Virginia, Utah, Colorado, and Wisconsin — while California is planning a system for users to opt out from data brokers by 2026. You’re not powerless against data brokers, you just have to know your rights and use them.

Family data security: What to do when your kids are downloading everything

Sigita: I have a question about family security online, specifically, about kids installing games without their parents’ knowledge. Naturally, they simply install all the games they find on the app store. Should parents be worried?

Darius: This is a tricky one because in most cases collecting data without proper consent from children is illegal, but how can developers know that it’s a child downloading the app? While it’s illegal to collect children’s data, enforcement is nearly impossible. Should app developers enable cameras to verify ages? That sounds even creepier, right?

Sigita: What can parents actually do about this?

Darius: At Incogni, we’ve been looking into whether we can enhance our service to cover minors, but I don’t have a solution just yet. Right now we’re focusing on covering elderly users first because they’re often less technically inclined. We have users who come to us saying “Hey, we want to enroll our parents, but they don’t want to go through the onboarding process.” That’s the first challenge we’re trying to solve.

Be selective about which apps your kids download. Do it together, make an activity out of it.

Sigita: So parents are basically on their own for now, right?

Darius: Not completely, but they’re not fully protected either. The best defense right now is to be selective about which apps your kids download and to check app permissions before they install them. Download games together, make an activity out of it. Begin those first steps into what it means to protect yourself online. Monitoring your child each time they pick up a tablet isn’t a perfect solution, but it’s better than hoping app developers will find a way to check whether it’s a minor who’s downloading their app.