What If You're Never Forgotten? The Digital Profile You Never Agreed To
Every day, you leave traces of yourself behind. In search engines. In apps. In online shops. You don’t give it a second thought — but artificial intelligence does. It connects the dots, draws inferences, builds. Piece by piece, a profile emerges that may know you better than you know yourself. And unlike you, it never forgets.
Text by Martti Asikainen, 5.6.2026 | Photo by Adobe Stock Photos
You’re sprawled on the sofa, clicking “Accept All” without a second glance. You scroll through your social media feeds, buy a couple of things online, and spend a few minutes Googling your next holiday. An ordinary afternoon — or so it seems.
But without realising it, you’ve left behind hundreds, sometimes thousands, of data points that together paint an ever more detailed picture of who you are (Mayer-Schönberger & Cukier, 2013). This is your digital self — and it doesn’t fade or disappear.
In the past, managing your digital footprint was at least theoretically possible. Cookies expired, services forgot, and the web remained relatively fragmented. Artificial intelligence has fundamentally changed the rules of the game. It doesn’t merely collect data — it joins it up, analyses it, and predicts behaviour in ways that make concealing your digital identity all but impossible (Kitchin, 2021).
With AI in the picture, the question is no longer whether you leave a digital trail, but whether you understand what is being built from it — and whether you retain any meaningful say over your own digital narrative. Or, indeed, how that narrative is increasingly being written for you, rather than by you.
Your Data Speaks on Your Behalf
Your digital footprint has two components: active and passive. Your active footprint is what you deliberately share — social media posts, comments, profiles across various platforms. Your passive footprint, by contrast, forms quietly in the background. It consists of your IP addresses, location data, browsing behaviour, click patterns and viewing times, and the way you interact with interfaces (Solove, 2021).
The rapid advancement of AI has been particularly consequential for passive data. Digital systems increasingly gather information about user behaviour automatically, with no active contribution from the users themselves (Andrejevic, 2020). Sophisticated machine learning algorithms don’t require a complete dataset to draw accurate conclusions, they fill in the gaps by calculating probabilities, reasoning by inference, and extrapolating.
Research shows that even a surprisingly limited dataset can be used to infer a person’s political views, state of health, financial situation, and even future behaviour (Kosinski et al., 2013; Youyou et al., 2015; Matz et al., 2017; Zuboff, 2019).
In practical terms, this means that even if you’ve never mentioned your political opinions, sexual preferences, or financial circumstances online, the simple fact of which content you click on, how long you spend with it, when you’re active, and which sites you visit can reveal a great deal of sensitive information about you. The algorithms no longer need to ask.
AI Doesn’t Forget, It Cross-References
For a long time, our digital identities were fragmented. Profiles were siloed within individual services, data was stored in isolation, and it would naturally fall out of use as platforms updated or cookies expired. That fragmentation offered people a degree of protection — imperfect, but real. Today’s AI-driven ecosystem works in precisely the opposite way. Modern machine learning methods are remarkably good at combining data from disparate sources and cross-referencing it (Andrejevic, 2020).
At the same time, data brokers harvest personal information from hundreds of different sources — browsing behaviour, purchases, location data, social networks, and public records — assembling commercial profiles that are then sold on (FTC, 2014; Christl, 2017). This often happens entirely within the law, hidden in the small print of terms and conditions that almost nobody reads when signing up for a service.
Your location data from a mobile app, for instance, can be combined with your online purchasing behaviour, supplemented with information drawn from public records, to produce a comprehensive profile that describes you in ways you might never have anticipated (see Montjoye et al., 2013). And that profile doesn’t stay with one company — it circulates, gets updated, and is continuously refined across services.
Even if you delete an old account or try to anonymise your data, advanced AI could, in theory, still identify you from your behavioural patterns. Your writing style, the rhythm of your clicks, the way you interact online — these are your digital fingerprints, and they’re extraordinarily difficult to change (Narayanan & Shmatikov, 2008; Eckersley, 2010; Olejnik et al., 2012). They are the deeply ingrained habits of how we move through the digital world.
Tilting at Windmills
Privacy advocates have been recommending the same measures for decades: use a VPN, clear your cookies, browse in incognito mode, don’t share personal details, and — where possible — step back from social media altogether. These aren’t useless suggestions, but they were designed for a world before AI-driven mass analysis.
The EU’s General Data Protection Regulation (GDPR, EU 2016/679) and other privacy legislation have introduced the right to erasure and a range of transparency requirements (see Voigt & Von dem Bussche, 2017). Yet these provisions are limited in practice, because removing inferred data is exceedingly difficult — sometimes impossible.
You can request that your data be deleted, but if it has already been shared, or if your profile has been constructed partly from inferred rather than directly collected data, your rights are considerably weakened. Researchers have also pointed out that the GDPR contains no unambiguous right to a detailed explanation of the grounds on which algorithmic decisions are made — which can make it very difficult to challenge inferred profiles or contest automated decisions (Wachter et al., 2017).
AI also makes it possible to recover data in ways that were previously unthinkable. Anonymised datasets that were once considered safe to release can be de-anonymised by cross-referencing them against other available data (see Sweeney, 2002; Rocher et al., 2019). As AI capabilities continue to advance rapidly, concealment has become considerably harder — and in some cases, effectively impossible.
From Considered Presence to Invisibility
Complete digital invisibility is an unrealistic goal. Banking, healthcare, public transport, supermarkets, work, education — all of these demand some form of digital presence. The question, then, is not whether to be online, but how to take back some control over your digital narrative. Three approaches are worth considering. None of them guarantees complete protection, but each gives you a better footing.
Firstly, you have to understand what you’re sharing. Every app you grant access to your location, contacts, or microphone should be treated as a potential risk. It is very likely building a profile of you. Review your app permissions and think twice before tapping “Accept All” by default. This won’t prevent all data collection, but it does limit its scope.
Secondly, you have to compartmentalise your digital identity. Don’t use the same email address for everything. Create separate profiles for different contexts. AI may eventually connect the dots between them, but you make it harder, and you keep your activities with any single company to a narrower slice of your life.
And thirdly, you of course have to question and audit. Exercise your right of access to your own data. Ask companies what they hold on you. This won’t undo what’s already been shared, but it will give you a clearer sense of just how far-reaching the issue is.
Power and Responsibility in the Digital Age
Your digital footprint is not merely a personal matter — it is a social and political one. When AI builds profiles that influence what content you see, how much credit you’re offered, or which job you’re considered for, your privacy is no longer simply your own business. It is also a question of power (Barocas & Selbst, 2016; Andrejevic, 2020).
As individuals, we no longer have any realistic prospect of concealing our footprints entirely. But collectively, we have the ability to demand transparency, regulation, and ethical standards governing how our data is used. In the age of AI, defending digital self-determination doesn’t mean retreating from the internet — it means actively engaging in the conversation about what kind of digital future we want to build.
So the next time you click “Accept Cookies” or “Continue with Google,” remember: you are not merely a user. You are a data point, a profile, a prediction. The question is whether you accept that role passively — or whether you demand transparency and control over how your digital self is used. Digital footprints no longer fade away. But we can still decide who reads them, and to what end.
The EU’s AI Act (EU 2024/1689) forms part of this broader effort to redefine accountability, transparency, and risk management in the use of artificial intelligence.
Author
References
Andrejevic, M. (2020). Automated Media. Routledge.
Barocas, S. & Selbst, A. (2016). Big data’s disparate impact. California Law Review, 104(3), 671–732.
Christl, W. (2017). Corporate surveillance in everyday life: How companies collect, combine, analyse, trade, and use personal data on billions. Cracked Labs, Vienna.
Eckersley, P. (2010). How unique is your web browser? In M. J. Atallah & N. J. Hopper (Eds.), Privacy enhancing technologies (PETS 2010). Lecture Notes in Computer Science, vol. 6205.
European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union. EUR-Lex.
European Union. (2024). Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union. EUR-Lex.
Federal Trade Commission. (2014). Data brokers: A call for transparency and accountability. FTC.
Kitchin, R. (2021). Data lives: How data are made and shape our world. Bristol University Press.
Kosinski, M., Stillwell, D. & Graepel, T. (2013). Private traits and attributes are predictable from digital records of human behaviour. Proceedings of the National Academy of Sciences, 110(15), 5802–5805.
Matz, S. C., Kosinski, M., Nave, G. & Stillwell, D. J. (2017). Psychological targeting as an effective approach to digital mass persuasion. Proceedings of the National Academy of Sciences, 114(48), 12714–12719.
Mayer-Schönberger, V. & Cukier, K. (2013). Big data: A revolution that will transform how we live, work, and think. Eamon Dolan/Houghton Mifflin Harcourt.
Montjoye, Y.-A., Hidalgo, C., Verleysen, M. & Blondel, V. D. (2013). Unique in the crowd: The privacy bounds of human mobility. Scientific Reports, 3, 1376.
Narayanan, A. & Shmatikov, V. (2008). Robust de-anonymisation of large sparse datasets. 2008 IEEE Symposium on Security and Privacy, 111–125.
O’Neil, C. (2016). Weapons of math destruction: How big data increases inequality and threatens democracy. Crown.
Olejnik, L., Castelluccia, C. & Janc, A. (2012). Why Johnny can’t browse in peace: On the uniqueness of web browsing history patterns. Proceedings of the 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2012), Vigo, Spain.
Rocher, L., Hendrickx, J. M. & de Montjoye, Y.-A. (2019). Estimating the success of re-identifications in incomplete datasets using generative models. Nature Communications, 10, 3069.
Solove, D. J. (2021). The digital person: Technology and privacy in the information age (updated ed.). NYU Press.
Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5), 557–570.
Voigt, P. & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide. Springer.
Wachter, S., Mittelstadt, B. & Floridi, L. (2017). Why a right to explanation of automated decision-making does not exist in the GDPR. International Data Privacy Law, 7(2), 76–99.
Youyou, W., Kosinski, M. & Stillwell, D. (2015). Computer-based personality judgements are more accurate than those made by humans. Proceedings of the National Academy of Sciences, 112(4), 1036–1040.
Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. PublicAffairs.
