Safeguarding Personal Information
At the end of this module, I can:
- You will understand what personal information is and why it matters, including less obvious data like photos, location, and online activity. You will be able to recognise common online risks such as scams, phishing, fake profiles, and oversharing.
- You will learn practical steps to protect your data, such as adjusting privacy settings, using strong passwords, and thinking before posting. You will also be better prepared to support young people in making safer digital choices.
- You will understand your digital footprint, you will see how your online presence can affect your reputation, wellbeing, and future opportunities.
- You will know where to seek help, apply safeguarding practices, and understand your basic rights and responsibilities under GDPR.
Introductory Theory
What Is Personal Information?
Personal information (or personal data) refers to any information that can identify an individual, either on its own or when combined with other data. Under the European Union’s General Data Protection Regulation (GDPR), organisations and individuals who process such data must ensure it is handled in compliance with strict legal standards. The regulation also gives people rights over their data, including the right to access it, correct it, delete it in certain circumstances, and understand how and why it is being used. Even indirect identifiers, such as online activity or device information, can qualify as personal data if they can be linked back to a person.
GDPR principles for handling personal data
- Lawfulness, fairness, and transparency in collection and use
- Purpose limitation (used only for a specific, stated reason)
- Data minimisation (collect only what is necessary)
- Accuracy and ability to correct outdated information
- Storage limitation (keep data only as long as needed)
- Security and confidentiality (protect against loss or misuse)
- Accountability by the organisation processing the data
Why Does Personal Information Matter?
Your personal data has real value and, if mishandled or exposed, it can be used for fraud, identity theft, scams, or
unwanted monitoring. In the digital world, information shared online can be difficult to fully remove, as copies may remain stored on servers, backups, or third-party systems even after deletion. For this reason, the General Data Protection Regulation (GDPR) gives individuals important protections and control over their information
GDPR gives you rights:
- Organisations must ask for your consent before collecting or using data
- Only data that’s necessary should be collected
- You can request to access or delete your data
Data must only be used for the purpose stated
Why Learn About This?
Knowing how to protect yourself and others, is especially important in youth work settings where responsibility and safeguarding are essential. Understanding your digital rights and responsibilities helps you make informed decisions and act ethically online.
Key reasons why this module is important:
- Stay in control of what you share online
- Identify risks and recognise unsafe digital behaviour
- Protect yourself and others, especially in youth work environments
- Understand your digital rights and responsibilities
- Build confidence in using digital tools safely and responsibly
- Promote a culture of online respect, safety, and accountability
Even private messages or “friends-only” posts can easily become public or remain accessible permanently. Many people assume that content shared in closed groups or private chats is completely safe, but this is not always the case. Digital content can be copied, stored, or redistributed without your knowledge or consent. Even when you delete something, it may still exist on servers, backups, or someone else’s device. That’s why it’s important to think carefully before sharing anything online, even in spaces that feel private.
Why this happens:
- Screenshots can be taken and saved
- Messages can be forwarded or screen-recorded
- Apps may store data even after it is “deleted”
- Friends or contacts might share posts accidentally or intentionally
Tools and Strategies
Self-care Practice 1: Setting Healthy Boundaries
Every time you post something, you are revealing a piece of your identity. This could include your habits, routines, relationships, values, workplace, location, or emotional state. Individually, these details may seem harmless. However, when combined, they can create a detailed picture of who you are, where you go, and how you live. This is known as your digital footprint, the trail of information you leave behind online.
Example
Your friend posts a photo on Instagram showing the view from her house and captions it: “Family holiday for 2 weeks!”
At first, the post feels exciting and harmless. But it also reveals that nobody is home and gives clues about the location. Someone who recognises the area could identify the house or use the information in harmful ways. Even when an account is private, screenshots and resharing mean that posts can travel further than expected.
Why it matters
- Small details in posts can reveal more personal information than we realise.
- Sharing location clues or travel plans publicly can increase safety risks.
- Thinking before posting helps protect both you and the people around you.
- Being mindful online supports safer digital habits and shows care for your friends’ wellbeing.
Self-care Practice 2: Spot and Protect Your Personal Information Online
Protecting your personal information online is an important digital safety habit. Instead of focusing on reputation or how others see you, this activity helps you recognise how scams, phishing attempts, or fake accounts try to collect personal details such as your name, location, passwords, or photo.
- Online scams often look convincing. Messages may pretend to be from a game, influencer, delivery company, or even a friend asking you to click a link or “verify” your account.
- Phishing attempts try to rush you into sharing information by creating urgency, offering rewards, or warning that your account will be blocked.
- Learning to pause and question unexpected requests helps you protect yourself and avoid losing control of your personal data.
Example
Scenario 1
You get a DM from your friend’s account saying: “Hey, I got logged out of my account and Instagram needs me to verify something. Can you help? I’ll send you a code and can you tell me what it is?”
It feels slightly rushed. The message doesn’t sound exactly like them, but the account looks real. A code then arrives to your phone asking you to confirm login.
Scenario 2
You see a comment under a gaming video: “Free rare skin drop! Log in before midnight!”
The link looks real, but the website name is slightly misspelled.
Scenario 3
You get a text: “Your parcel couldn’t be delivered. Update your details here.”
You are expecting a delivery, so it seems believable.
Protect your personal information!
- Scams often create urgency, excitement, or pressure so you act quickly.
- Small details (misspelled links, unusual tone, rushed requests) are warning signs.
- Verification codes, passwords, and personal details should never be shared.
- When unsure, pause and check through the official app or contact the person another way.
Approach and Tool 1: Adjusting App Permissions to Minimise Data Collection
- Most mobile applications request access to more data than they actually need to function. When installing an app, you may automatically grant permissions to your contacts, microphone, camera, photos, location, or files without fully considering why that access is required. Over time, this can lead to extensive background data collection, often for advertising, profiling, or analytics purposes rather than for essential functionality.
- Adjusting app permissions is a simple but powerful digital safety practice. It allows you to actively control what information each app can access and when. Instead of giving permanent permission, you can often choose options such as “Allow only while using the app” or “Don’t allow.” This reduces unnecessary tracking and limits how much of your personal life becomes part of data databases.
Example
On your smartphone, open your settings → “Privacy & Security” → “App Permissions.”
What to do:
- Review which apps can access your camera, location, contacts, and files.
- Disable unnecessary permissions, especially for apps that don’t need them.
- Revisit permissions after each update apps sometimes reset access automatically.
Approach and Tool 2: Disabling Geolocation and Metadata Sharing
- Many people are unaware that when they take a photo, upload a post, or share a document, they may also be sharing hidden information called metadata. Metadata is background data automatically attached to digital files. It can include details such as the exact GPS location where a photo was taken, the date and time, the device model, and sometimes even technical identifiers.
- While this information may seem harmless, it can unintentionally reveal sensitive details. For example, a photo shared online might not visibly show your location, but the embedded GPS data could reveal your home address, workplace, or current travel destination. Similarly, sharing a document may expose the author’s name, organization, or editing history through file properties.
- Disabling geolocation and managing metadata is a practical way to strengthen your digital privacy. By turning off location tagging in your camera settings and social media apps, you prevent your device from automatically embedding precise GPS coordinates in your photos. Before sharing documents, you can also remove file properties or export them in formats that strip identifying information.
Example
Before uploading a photo to social media, you open the image details and remove GPS data. You also turn off the “Add
location” setting in your camera app.
How to use it:
- In your camera settings, turn off location tagging.
- Use tools like ExifCleaner or built-in “Remove metadata” features before sharing photos.
- Avoid posting images that reveal identifiable landmarks or routine locations (e.g., home, school).
- If sharing group photos, ask for consent before posting.
Activity Time
4-Day Digital Wellbeing Challenge
Goal: Strengthen your online privacy and data protection skills by completing one small, practical action each day.
Each task helps you safeguard your personal information, manage your digital footprint, and understand how to control your data.
Day 1: Check Your Privacy Settings
Visit one social media or app account you use often. Review who can see your posts, personal info, and profile details. Turn off location sharing, tagging, and “activity status” if they are on.
Reflection:
Did you find anything you had forgotten was public?
How did adjusting settings make you feel about your privacy control?
Day 2: Audit Your Digital Footprint
Search your full name on Google and social media. Note what personal information appears (photos, posts, old accounts). Decide which information you might want to delete or make private.
Reflection:
Were you surprised by what you found?
What steps can you take to clean up or protect your digital presence?
Day 3: Manage App Permissions and Metadata
Open your phone’s “Privacy” settings. Check what permissions apps have (camera, microphone, contacts, location). Turn off unnecessary permissions for apps that don’t need them.
Optional: Remove metadata (like GPS tags) from a photo before sharing it.
Reflection:
Which apps had more access than you expected?
How does limiting permissions protect your data?
Day 4: Strengthen Account Security
Pick two important accounts (e.g. email, banking, or social media). Update passwords to strong, unique ones or use a password manager. Enable two-factor authentication (2FA) if available.
Reflection:
How did changing your passwords make you feel more secure or more aware?
What can you do to maintain your account safety long-term?
Reflection Questions
Thinking about what I post and when I post helps me understand how my choices shape my digital identity. Reflecting on moments when I shared without thinking can help me recognise patterns and make more mindful decisions online.
Reviewing who can see my posts, how I manage passwords, and how I decide if an app is trustworthy helps me strengthen my boundaries. Small changes in privacy settings can make a big difference in how safe I feel.
Consider messages that create urgency, ask for login details, or promise rewards. Reflecting on warning signs helps me pause, verify, and avoid sharing sensitive information.
Think about practical actions such as checking privacy settings, enabling two-factor authentication, avoiding suspicious links, and reporting fake or harmful accounts when necessary.
Case Study: Here’s a helpful video
Case Study: #DataDetox (Europe)
#DataDetox is a campaign and online toolkit created by European digital rights groups, including Tactical Tech and Mozilla Foundation. https://datadetoxkit.org/en/families/datadetox-x-youth/
It helps people take control of their personal data, privacy, and digital footprint. Through guides and challenges, users learn what data they share online and how to protect it effectively.
Who is it for?
- Young people aged 13–25
- Youth workers, peer educators, and trainers promoting digital literacy
- Anyone interested in building safer online habits
Key Strategies
Interactive Toolkit:
- Offers step-by-step guides to check and clean up privacy settings on social media and apps.
- Includes quizzes and challenges to raise awareness about data sharing habits.
Youth Engagement:
- Campaign materials were tested with youth focus groups across several countries to ensure relevance and clarity.
- Emphasis on simple language and practical advice.
Recommended Practice
How to Safeguard Your Personal Information Online
Protecting your personal information online is not about fear, it is about awareness, control, and consistent digital habits. Every click, post, and message contributes to your digital footprint. The goal is not to stop sharing, but to share intentionally and responsibly.
Digital safety begins with understanding that the internet has a long memory. Information can be copied, screenshot, archived, or reshared without your consent. Even deleted content may still exist on servers, backups, or someone else’s device. Developing small, mindful habits significantly reduces long-term risks.
Pause Before You Click or Share
Before opening a link or replying to a message, ask yourself: “Do I know this person or organisation, and does this request make sense?”
Scam messages may promise rewards, claim your account is at risk, or ask for private information. Taking a moment to verify usernames, check official websites, or ignore suspicious messages can prevent your information from being misused. If something feels unusual, block or report the account and talk to someone you trust for support.
Recommended Practice
Control Your Privacy
- Check privacy settings on social media and apps regularly.
- Make sure only trusted people can view your content.
- Turn off location sharing and geotagging unless necessary.
Protect Your Accounts
- Use strong, unique passwords for each account.
- Consider using a password manager.
- Enable two-factor authentication (2FA) on important accounts.
Know Your Rights
- Under GDPR, you can control who collects and uses your personal data.
- You can request access to or deletion of your data.
Spot Scams and Protect Your Information
- Be cautious of messages that create urgency, offer rewards, or ask for personal details.
- Check usernames, links, and profile activity before trusting a message.
- Never share passwords, verification codes, or private information through direct messages.
Did you know?
Fact #1
Fact #2
Fact #3
Many scam messages are designed to look urgent or exciting, such as “Your account will be deleted!” or “You’ve won a prize!” Taking a moment to pause and check the source can help you avoid sharing personal information by mistake.
Over 50% of young people admit to sharing personal information online without realising the risks.(Source: UK Safer Internet Centre, 2023)
Fake profiles and impersonation accounts are common in scams. If someone you don’t know asks to move the conversation to another app quickly or requests personal details, it can be a warning sign to stop and report.
Fact #4
Fact #5
Fact #6
Using the same password on multiple accounts increases your risk of being hacked.
One leak = multiple vulnerable accounts.
Two-factor authentication can stop 99.9% of automated hacking attempts.
(Source: Microsoft, 2020)
Many websites track you even after you leave them. This is done using cookies and tracking pixels.
Key Takeaways
- Think before you share: Once something is online, it can be copied, saved, or shared even if you delete it.
- Protect your privacy: Use app and platform settings to control who sees your posts and personal information.
- Stay secure: Strong, unique passwords and two-factor authentication help keep your accounts safe from hackers.
- Be mindful of your digital footprint: Everything you post contributes to how you’re seen online now and in the future.
- Respect others’ privacy too: Always ask before sharing photos, posts, or private information about someone else.
- Digital wellbeing matters: Taking breaks, setting boundaries, and knowing when to unplug helps protect your mental health.
Additional Resources
- Common Sense Media. (n.d.). Privacy and internet safety. https://www.commonsensemedia.org/privacy-and-internet-safety
- European Union Agency for Cybersecurity (ENISA). (2022). Cybersecurity threats and trends: Phishing and social engineering. https://www.enisa.europa.eu
- Livingstone, S., & Third, A. (2017). Children and young people’s rights in the digital age: An emerging agenda. New Media & Society, 19(5), 657–670. https://doi.org/10.1177/1461444816686318
- Microsoft. (2020). Passwordless protection and multi-factor authentication security data. https://www.microsoft.com
- Mozilla Foundation. (n.d.). Data Detox Kit: Take control of your digital life. https://datadetoxkit.org
- National Cyber Security Centre. (2023). Cyber Aware: Stay secure online. https://www.ncsc.gov.uk/cyberaware
- OECD. (2021). Educating 21st century children: Emotional well-being in the digital age. https://www.oecd.org
- Royal Society for Public Health. (2017). #StatusOfMind: Social media and young people’s mental health and wellbeing. https://www.rsph.org.uk/uploads/assets/uploaded/62be270a-38f9-4a04-9f79c9fc91e3d6d3.pdf
- Scottish Youth Parliament. (2024). Mind Yer Time. https://mindyertime.scot
- UK Safer Internet Centre. (2023). Advice and resources. https://saferinternet.org.uk/guide-and-resource
- UNICEF. (2020). Policy guidance on AI for children. https://www.unicef.org/globalinsight/reports/policy-guidance-ai-children
- UNICEF Office of Research – Innocenti. (2019). Children in a digital world. https://www.unicef-irc.org
- European Commission. (2022). Better Internet for Kids (BIK+) strategy. https://digital-strategy.ec.europa.eu
Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Education and Culture Executive Agency (EACEA). Neither the European Union nor EACEA can be held responsible for them. Project Number: 2024-2-PT02-KA220-YOU-000287246
Greek 
English 
Portuguese