How to Manage Your Google Privacy Settings

A privacy policy is meant to be a contract between you and a company—big tech companies in particular—that ensures these companies are keeping your data safe. One company that has an enormous amount of your data—from email and photos to videos and documents—is Google.

The Google Privacy Policy has been "updated" 37 times since its inception in 1999; it typically happens three or four times a year. To its credit, Google makes all the updates and changes pretty obvious and provides an archive of all previous policies.

It can and will change to suit Google, or to suit new laws and regulations Google has to follow. For example, in 2018, the General Data Protection Regulation (GDPR) completely changed how big companies handle customer data. Even though it's an EU regulation, the GDPR touched any company with personally identifiable info (PII) on customers there. That's definitely Google.

GDPR doesn't necessarily help those of us in the United States, but there are ways to take control of what Google has on you. That means mastering your Google My Account dashboard.

Controlling Your Google Privacy

My Account is meant to be a one-stop spot to take control of your privacy and security when it comes to this monolithic company. Rather than visiting settings for every individual Google service—Gmail, Google Drive, Android phones, the Chrome browser(s), YouTube, and a hundred others—you change global settings here. Mostly.

If you want the scary version of what Google collects on you, read this old Guardian article, which spells out that Google knows where you've been, what you've searched, all your apps and extensions, your YouTube history, and more. None of which should really come as a surprise. Google says it collects things you do, things you create, and things that make you "you"—namely, your personal info like name, email, birthday, gender, phone number, and location.

On My Account, do two things right away: a Security Checkup and a Privacy Checkup.

Security Checkup

If you have multiple Google accounts—like say, one for work and one you use personally—choose the one you want to check from the menu at the upper right of the desktop screen. (Using a different avatar photo for each account will help you better distinguish between them.)

On the My Account page, the URL will be a little different for each Google account you have. It'll end with /u/0 for the default account, /u/1 for the second, and so forth. Do a security check for each account.

Find the Security Checkup at security.google.com/settings/security/secureaccount (or click Take action in the Critical Security issues found box). It will take you through a number of cards to check items like:

• Your devices (what's signed in to the account)

• Known compromised passwords you've saved

• Third-party access

• Recent security activity

• 2-Step Verification (whether it's on or not)

• Gmail settings

Any items marked with a yellow or red warning (an exclamation point in a circle) should get a once-over. For example, if you see devices you no longer use listed under Your Devices, nix them. Third-party access will list apps and services that have access to your Google data—some of which could be problematic. Delete those, too.

The Your saved passwords section offers a check on the passwords stored in your browser, which is probably Google's Chrome, and this is invaluable because Google can tell you what passwords have been leaked or hacked in a data breach—and if you're still using them. Click Go to Password Checkup and run it. It'll show you not only compromised passwords but also reused passwords (that's a big no-no) and accounts using weak passwords. Take an evening to change them all (and start using a password manager while you're at it).

If you haven't already activated 2-step verification, read this and skip down to the section specific to Google. New accounts should soon be getting 2-step verification automatically. With two-factor authentication (2FA) on, you can't sign into your Google account with a password alone; you'll need a secondary method of authentication. It adds an extra step, but if someone guesses or steals your password, it's not enough to sign into your account.

To authenticate, you will receive a code sent via voice or text message or displayed inside an authenticator app. Or select the Google "prompt" feature, which displays a notification on your phone asking if you're trying to sign into your Google account. To find the prompt, open the Google or Gmail app on your phone, and tap yes.

The security checkup is also a good place to set up extra security options, like entering backup phone numbers. Here, you can grab backup key codes for those times when you can't use your phone, or set up a hardware security key. Scroll to Your Devices and revoke them all if you want to force a full 2FA login on all future devices.

If you've created any App passwords—unique passwords for specific services that don't use traditional Gmail logins, like game consoles—revoke them as needed. This is also where you generate new app passwords, but with most modern hardware, they're a thing of the past.

Make sure you have filled in the Account recovery options with a recovery email and phone number preferably not related to Google.

Third-party access is a review of the apps, websites, and devices connected via your Google account credentials or with access to your account. It could be something as obscure as a Google Chrome extension that works with Gmail, or some Google Docs add-on that you don't remember installing. Remove any you're not using or don't recognize. If you get rid of something you need, you can always give it permission again later.

Corporate users may also see the Advanced Protection Program option, which protects against targeted phishing attacks and much more.

When you're done in the Security Checkup, go back to My Account and under Personal Info > Password, Google will tell you how long it's been since you last changed your Google account password. If it's been over a year, consider yourself thoroughly disgraced in the eyes of the tech gods. Change it right now.

Privacy Checkup

Back at the My Account page, under Privacy suggestions available, click Review Suggestions to start a multi-step Privacy Checkup that lets you review how Google uses your data. There are suggestions at the top of the page, but scroll down to hit all the key privacy settings available.

Set up an auto-delete on use of your Location History. Keeping a Location History—which is spanned across all the devices that use your Google account—can be handy, like for re-finding places you've been and want to go to again using something like Google Maps. But it's also one of many data points on you that Google can use for targeted ads. You can set up auto-delete with a click, or skip it.

In fact, you can set Google to not even track Web & App Activity, or easily delete it after few months. That goes for all the info Google collects any time you use any Google service or product. Ads in various spots will not be very targeted and seem random after that, but that's how advertising worked for hundreds of years before the internet and Madison Avenue thrived.

If you automatically delete your YouTube history, the videos you like and save, the channels to which you subscribe, and what shows up on your YouTube activity feed are affected. It can also limit what happens on connected accounts (like Twitter), and manage the privacy of videos you upload (public, private, or unlisted).

The Google Photos privacy option that comes next is limited to turning off the ability for better face-matching and another important option: removing geo-location on items shared by a link. That means if you share a photo of yourself, a stalker type can't look at the metadata on the image and pinpoint your location. Note that it only applies to content shared via a link. (Here's how to turn off all Google Location History.)

The Help People Connect with you option is about hiding your registered phone numbers on Google, so they can't be used by others to find you for things like a video chat. If you have a Google Voice account, it will also appear here. Uncheck all the boxes to make them private.

If you go back to My Account and click Data & Personalization, you'll find other settings to tweak that are also important to privacy, even if they aren't part of the privacy checkup. For example, Ad Settings let you fully check if Google's commercials are personalized for you (which means more tracking of your data) or not.

Be sure to check the Inactive Account Manager. It helps you plan ahead for the day your account becomes inactive (hey, anything can happen to any of us, any time). Google will help you determine when that inactivity kicks in—after 3, 6, 9, or 12 months of you not using Google tools—and you can set up the account to be shared with someone you trust.

Personalization Matters

Back at the My Account section, hit Data & Personalization. This is the nitty-gritty of preventing your personal data and Google usage from being used. Google says this data is only used to help your future activities, but it is essentially how Google learns about you and that future help is for how you use its products, like Google Maps or Google Assistant. This is how those tools seem to know what you want before you even ask. (You'll see a lot of overlap here from what you found in the privacy and security checkups above.)

A checkmark appears next to all the items where data is being collected, but you can toggle them off. Each section includes a link that reads "Manage Activity" with different options for each. Under Location History > Manage Activity, for example, you'll see what's called the Google Maps Timeline: a map displaying locations where you were logged into Google. Mine showed trips to Florida from years past, my time in the Mediterranean on a cruise, and of course all stops around my home state. There's even route info if you used Google Maps to get somewhere. Limit it all if you don't think it's helping you.

Recommended by Our Editors

5 Ways Apple Plans to Supercharge Privacy on Your iPhone and Mac

How to Get Google to Quit Tracking Your Location

How to Prevent Web Tracking on Your Favorite Browser With Incognito Mode

Consider limiting your location services so Google (and Apple, Microsoft, Facebook, etc.) stop tracking your physical presence via your phones.

Remember, Google makes the majority of its billions by showing you ads in search results, on its other products, and across the internet. You're not going to turn advertising off here—for that, you need an ad-blocker program—all you can do is limit how much you are targeted.

You can click the Go to Ad Settings link to see the list of topics you (supposedly) like. Click the icon next to any topics that you don't feel actual affection for. Or hit the toggle up top to turn off all personalization, though Google will pop up a warning about why it will make ads you see "less useful." You can set your gender (which you can customize!) and age. Visit AdChoices and you'll get options to opt out of personalized Google Ads on non-Google sites.

My Activity

If you're interested in seeing all your activity in one place, not just separated by service, check out myactivity.google.com, which shows you everything you've done that's remotely Google-related. The amount of data is pretty staggering.

Want to delete a day's or date range's worth of data? Erase all your data by Google product (so you lose YouTube activity, for example, but nothing else)? Do it. You can even pick a keyword to search and delete the related activity. Click the Delete activity by link in the left navigation.

Takeout Your Data

Wondering exactly what Google has on you? Download all the data and check it out via Google Takeout. To be clear, this doesn't remove any data from Google servers. It just shows you what Google has stored. Even if you delete your account, it's unlikely all this data gets deleted entirely. Maybe some day there will be GDPR-like laws in the US that force Google to allow that.

For now, go to takeout.google.com. You'll see the giant list of products Alphabet (Google's parent company) offers, and of which you are probably a customer.

Untoggle any that you don't care about, and click Next step at the bottom of the page. You'll be offered an archive file in ZIP or TGZ format; you can set a max size for the archive, up to 50GB. If you have more than that stored with Google, you'll have to download multiple files. You have the option to get a link emailed to you, or to have the files sent directly to Google Drive, Dropbox, Box, or Microsoft OneDrive. Be patient: it could take hours or possibly days to receive.

Most of what I got was an archive of Gmail messages, which is not something you can use instantly. That's because the email archive comes in one big MBOX format file. The easiest way to access all those old messages is to get a free desktop email client with native MBOX support, like Mozilla Thunderbird, available for Windows, Mac, or Linux in almost any language.

Google Drive documents were, however, instantly usable—they all come converted into their Microsoft Office format equivalents. (Doing a Takeout of this data is a must if you're leaving a company that uses Google Workspace (formerly called G Suite.)

Now imagine you've uploaded or created years' worth of YouTube videos, Hangouts chats, documents in Drive, images on Google Photos, and more. It gets big, fast. All of that data is on servers to help Google make a perfect profile of you.

Other Tips for Privacy

Remember, almost every browser has a privacy mode—Google Chrome calls it Incognito—where you can surf without cookies or anything else tracking you. Even the mobile browsers on smartphones support it.

You can always just delete your entire Google account and walk away. But that's a bit drastic, especially since there are literally hundreds of sites and services that use your Google credentials for logins.

Whatever your feelings about privacy, it behooves you to take a glance through the settings above. You're bound to find something Google's doing that doesn't sit right. Be thankful it gives us as much control over privacy as it does (or maybe thank the regulators who force Google's hand). It's still not enough for the truly security/privacy obsessed, but it helps with a balance of feeling good while getting the most out of the otherwise excellent services the company offers.

How a VPN Works