Incognito — February 2026: Data Privacy Week

Welcome to the February 2026 issue of Incognito, your monthly dive into privacy and security with DeleteMe.

• Last week was Data Privacy Week. When it comes to privacy, every day is Groundhog Day. The breaches that expose millions, apps caught selling data promised to protect, and Big Tech always promising to do better. In this issue, we’ll show you how to actually protect your data this year.
• Speaking of Groundhog Day: The latest What the Hack episode includes author Virginia Heffernan exploring the 1993 Bill Murray movie as an unintentional allegory of how the internet became a system that knows you better than you know yourself. Listen here.
• Essential reading: California fines a data broker for selling Alzheimer’s patient lists, DOGE shares Social Security data without approval, the FTC bans GM from selling location data, and TikTok updates its location collection policy.​​​​​​​​​​​​​​​​
• Q&A: “Is there a reliable method for checking if a site is safe before I enter any personal information?”

How to escape the privacy-version of “Groundhog Day” 

Data Privacy Week reminds us that we all need to protect our privacy. That said, privacy isn’t something that happens in one week—and that’s where people get stuck. It’s a process. 

A recent large-scale study found that social media users develop “privacy fatigue” and eventually gave up on protecting their data. Why? A mix of cynicism (why bother?), strain (too many pop-ups), and rationalization (“I have nothing to hide!”).

If you’re on the verge of giving up in 2026: Don’t do it.

Privacy is too important to abandon, and we’re here to help. DeleteMe was built to handle the whack-a-mole work of protecting your data—not one-off actions, but ongoing data discovery and removal.

So what can you do if you’ve got some privacy burnout? Be like Phil Connors in Punxsutawney. The answer isn’t doing the same things over and over (we handle that). It’s all about changing your approach.

Find Your MVP

By MVP, we mean “Minimum Viable Privacy.” 

What is the least stressful action you can take that will have the biggest impact on your data privacy?

Opting out of data brokers is a big win, and if you’re a DeleteMe subscriber, you’re already on top of this. But, if you, or someone else you know isn’t, here’s a discount code: 

In 2024, six mega-breaches accounted for 85% of victim notices. The vast majority of data exposures come from a tiny minority of companies. And it’s not just data breaches.The same goes for app tracking: Most apps track you somewhat, but 15% of apps contain more than ten different trackers.

Want one easy solution? Cut off the worst offenders. Think: big platforms, sketchy apps, companies that have been breached, and stop sharing data with them. Worry less about the rest. 

Focus on what you can control

You can’t avoid every data risk. Healthcare providers get breached. Retailers get hacked. But you can reduce your exposure by being selective about the companies and apps you choose to share data with.

Here are the categories with the worst track records:

Dating apps: According to Mozilla’s 2024 “Privacy Not Included” research, 80% may share or sell your personal information for advertising, and 52% don’t meet minimum security standards. 

Fitness and health apps: Most fall outside the scope of HIPAA. In one study, 75% of analyzed fitness apps were found to share user data with third parties. 

Loyalty programs: Theyconcentrate your personal data and are frequent breach targets.

Social media: No such thing as data privacy here. These apps harvest massive amounts of personal data for advertising, algorithmic manipulation, and third-party sharing.

Retail and e-commerce: They experience high breach frequency, though the damage is often more recoverable, and stolen data, such as payment information, is easier to invalidate.

What to do:

Pick one category where you’re most exposed and reduce your footprint. Delete unused dating apps. Opt out of loyalty programs you don’t use. Audit which fitness apps have access to your health data. You don’t have to abandon everything. Just be more selective about who gets what.​​​​​​​​​​​​​​​​

Take One Hour This Month to Put Your Worst Offenders On Trial

I’ve actually done this over the course of an hour or so and found a dodgy heart rate monitor app that was harvesting my contacts for no reason. You can do the same while commuting to work or watching TV.

Start by making a list of your most dangerous exposure sources that you can’t avoid. For me, that is definitely “health” apps – I have way too many.  

Then, read their privacy policies (or get AI to do it for you). At the very least, search for keywords like “data collection” and “sharing.”

Then, ask: “Is it worth it?”

• If an app or service mentions sharing your data with “third parties” for things like “analytics” or “improving our services,” think twice before downloading/using it. This language is everywhere, but it frequently serves as a euphemism for ad targeting and user profiling. If the app truly adds something meaningful to your daily life, the trade-off might be acceptable. But if it’s something you rarely open, you’re probably better off deleting it.
• If an app or program openly sells your data to brokers and shares it with vague “partners” (and doesn’t give you any option to opt out), skip it. 

By the end of this short exercise, you’ll likely have a list of apps to delete and a better sense of which companies deserve your trust. 

We’d Love to Hear from You!

Have a story for our podcast? Any privacy stories you’d like to share, or topics you’d like to see in Incognito? We’d love to hear from you!

Drop a line to Laura Martisiute at laura.martisiute@joindeleteme.com. She’s keen to hear any feedback you have about this newsletter.

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape.

California Fines Data Broker $45,000 for Selling Lists of Alzheimer’s Patients

The CPPA fined data broker Datamasters $45,000 for selling sensitive health information, including lists of people with Alzheimer’s disease and other medical conditions, without being registered as a data broker in the state. The agency also ordered the company to stop selling Californians’ personal data, warning the lists could be misused beyond advertising.

DOGE Members Shared Sensitive Social Security Data Without Approval

The Trump administration acknowledged that DOGE members accessed and internally shared sensitive Social Security data without agency approval. A court filing also revealed a DOGE employee secretly agreed to share such data with a political group seeking to overturn election results, though officials haven’t confirmed the data was actually shared.

FTC Bans General Motors From Selling Driver Location Data for Five Years

The FTC finalized an order banning General Motors and its subsidiary, OnStar, from sharing drivers’ geolocation and driving behavior data with consumer reporting agencies for 5 years. Under the 20-year order, GM must now obtain express consent before collecting data and allow consumers to opt out of data collection and request deletion of their information.

TikTok’s US Venture to Collect Precise User Location Data

TikTok’s new US joint venture has updated its privacy policy to allow the collection of precise location data from its 200 million American users, expanding from the previous “approximate” location policy. The change follows a deal between ByteDance and US investors to run TikTok’s American business.

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: So I know I can opt out of data brokers and people search sites. Is there anything/anyone else I should be opting out of?

A: Really great question. And yes, there is. Quite a few things, actually. 

When it comes to marketing and advertising, you can “opt out” of telemarketing calls by registering with the National Do Not Call Registry (donotcall.gov). Though note that this will only stop legitimate calls. It unfortunately won’t do anything for scam calls. 

You can also opt out of:

• Direct mail marketing through DMAchoice.org.
• Pre-screened credit and insurance offers through OptOutPrescreen.com.
• Interest-based online advertising through the Digital Advertising Alliance (optout.aboutads.info) and Network Advertising Initiative (optout.networkadvertising.org).
• Websites selling your data via the Global Privacy Control (not all websites honor this, though some states legally require businesses to honor this). 

Then, there’s financial data sharing. Banks and financial institutions are required under the Gramm-Leach-Bliley Act to let you opt out of them sharing your data with non-affiliated third parties. Look for annual privacy notices or check your account settings.

Q: Is there a reliable method for checking if a site is safe before I enter any personal information?

A: Yes, one of my go-tos when I’m unsure if a site is legitimate is to do a WHOIS domain lookup. This will tell you when the domain was registered (new domains are more likely to be fake), when registration expires (short registration periods can indicate throwaway scam sites), and registrar information. 

Of course, this method isn’t foolproof. Many legitimate registrants use privacy protection services that hide their details and dedicated scammers can provide fake registration information. 

Still, it’s a good first step. 

There are also free online services that are dedicated to checking if a site is a scam, like https://www.scamadviser.com/. 

And of course, look up the site name with words like “scam,” “reviews,” or “legit” (but don’t trust reviews completely either, as these can be fake, too. What a world we live in!) 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

That’s it for this issue of Incognito. Stay safe, and we’ll see you next month.