But often, you are also agreeing for those sites and apps to pass on your data to brokers, marketers, etc. And it's not just Facebook. The terms of service for Google, Amazon and Twitter all contain clauses allowing them to collect your data and pass it on to third parties.
Your phone also provides a huge amount of data. A recent study estimated that 70 percent of smartphone apps pass on your information to third parties.
Of course, you could just opt out of services that suggest your data could be shared with a third party. But it's hard when many of us need to use certain apps to do our jobs or even do something basic like access the internet.
Step 2: Manage who has your data
What is possible, and important, is to know how apps are using your data.
On Facebook, for instance, you can go to Settings > Apps > Logged in. You can delete apps that you don't use, and then Facebook will no longer provide them with information about your activities on the site. But if you want the app developers to delete the data they've already gathered, you'll need to ask each of them individually to do so. If you use your Facebook account on a lot of other websites and want to disconnect, you can do that by going to Settings > Apps > Apps, Website and Plugins, then click Edit and disable it. Some apps use your Facebook login as a way of proving who you are, so be aware that fully disabling this kind of connection, called API sharing, can stop you from using certain dating apps, for instance. Also, you can check out what data Facebook has on you here.
WhatsApp users can just turn their data sharing off. Go into your Account and uncheck the "Share my account info" button. There's currently no way to turn off data sharing on Instagram.
You can see what third-party apps are using your Google data here. If you're logged into Google, go to My Account > Personal info & privacy > Manage your Google activity to see what data are saved to your account, your location history, voice activity and more. If you've used Google to log in to other websites you can manage that here. And you can see what data Google has already collected on you here.
If you're using an iPhone you can go to Settings > Privacy to see what services apps are accessing. If you're using an Android phone, you can manage most preferences using Google's activity manager.
Step 3: Tracking (and blocking) the trackers
But apps are far from the only things tracking you and collecting your data online.
Let's consider that lawsuit again, where plaintiffs sued Facebook for tracking which websites they went to on their browsers. Many websites, including KQED's, track your browsing history by placing cookies on your computer, which store little bits of information about how you use the website. They often store information like your browser type, preferences, location, etc. Often, cookies are an essential part of what makes a website easily usable.
However, there are a lot of ways to track cookies or other tracking scripts. That's one reason the judge ruled in favor of Facebook, saying that the plaintiffs could have taken steps to block their browsing history.
Two popular tools that you can add to your browser to view or disable trackers are PrivacyBadger and UBlock Origin.
PrivacyBadger uses a series of color-coded sliders to let you manage what types of trackers a site can use. It was built by the Electronic Frontier Foundation, a digital civil liberties organization. It works on Chrome, Firefox and Opera.
uBlock Origin comes with a set of script-blocking lists. It works on Chrome, Firefox, Safari and Opera.
AdBlock Plus and NoScript are also popular.
You can also opt out of cookies. People in the U.S. can use this service by the Digital Advertising Alliance. Most browsers also let you disable third-party cookies in the Settings menu.
Academics have also built two apps that you can use on your phone to examine and manage what data are being sent out into the world. ReCon works on iOS and Android. Lumen Privacy Monitor only works on Android.
Some of this could change
In the end the only way to ensure total online privacy is to swear off the internet. But that could change through strict regulation of how companies harvest and handle user data. The European Union is moving in this direction.
In May, the EU's General Data Protection Regulation will go into effect, changing how companies can collect, store and process user data. Because the law applies to any organization that collects or manages the information of European Union citizens, companies like Facebook, Apple, Amazon and Google all need to comply. Some companies are already rolling out new privacy management tools in response to the law, like Apple.
Mark Zuckerberg also faced a lot of questions about possible regulations during his testimony before the congressional committees. Last fall, Sens. Amy Klobuchar, D-Minnesota, Mark Warner, D-Virginia, and John McCain, R-Arizona, introduced the Honest Ads Act, which would regulate online political advertising.
Meanwhile, the Federal Trade Commission is also looking into the Cambridge Analytica scandal and whether Facebook violated a 2011 agreement to give consumers a “clear and prominent notice” before sharing user data. If the FTC finds that Facebook violated that agreement, the company could be fined $40,000 per day per user.