How to Use Google Privacy Settings

These controls and techniques will help you limit the personal data Google collects for advertising and other purposes

Person using a laptop. Photo: iStock

Google is a company that runs on consumer data. It uses details about your activity to target ads, build new services, develop algorithms, and perform other business functions. Completely avoiding the company’s data collection machinery is extremely difficult, but it’s not hard to place some limits on how Google gathers and uses your data.

The first step is to take advantage of Google’s own privacy settings, and you can fine-tune them with a bit more precision thanks to some recent updates. There are also several outside tools you can use to take more control.

Most of the instructions below are for a computer browser, but the steps are similar if you’re working on your phone. And one of these settings is specific to Android, Google’s smartphone platform.

Turn Off the Master Privacy Control

If you’ve been feeling guilty about neglecting your diary, you can rest easy: If a setting called Web & App Activity is turned on, Google keeps one for you.

You can see this data for yourself, with granular details about your activity on Google products such as Search, Chrome, Android, and Google Assistant. This includes your whereabouts, websites you’ve gone to, the apps you’ve used on your phone, and your search history, along with exact time stamps for all this behavior.

The Web & App Activity control is the company’s most powerful privacy setting, and it does a lot more than you might think. Leave it on, and the company considers that consent to harness everything from your YouTube history to credit card purchases in the physical world for advertising and other data-driven business efforts.

More on Digital Privacy

But if you switch it off, Google warns that its services may be less “personalized,” and certain features will be disabled in Maps and Google Assistant.

“That makes for a terrible user experience,” says Justin Brookman, director of privacy and technology policy for Consumer Reports. “It’s bad practice for them to lump all these settings together and disincentivize protecting your privacy.”

But Brookman thinks the privacy boost is still worth the trade-off, and you can always switch the setting back on if you need to.

Google has introduced a few new controls for Web & App activity. You can tell it to exclude browsing data and other information from Google Chrome, and exclude any voice data the company collects if you use Google Assistant.

To turn it off: From any Google website, click the icon in the top right (you’ll need to sign in first) > Manage your Google Account > Manage your data & personalization > If Web & App Activity is on, click on it > On the next screen, click "Turn off." If you’d rather leave the global Web & App activity setting on, you can also adjust the settings for Chrome and voice data.

Turn Off Location History—for Real This Time

Google has a setting called Location History. The description once read: “With Location History off, the places you go are no longer stored. When you turn off Location History for your Google Account, it’s off for all devices associated with that Google Account.”

But in August 2018, Google users learned that the company continued to collect location data regardless of how they adjusted that setting. Internal email uncovered in a subsequent court case revealed that even Google’s own employees worried this was inappropriate.

The company then changed the language describing Location History, and told users they really could stop location tracking—but they had to turn off Web & App Activity as well.

Yes, that’s the same master privacy control described above. Here are the directions to switch off both settings.

To turn it off: Go to “Manage your data & personalization” > If Location History is on, click on it > On the next screen, click the toggle, and hit Pause. Then do the same for Web & App Activity (described above).

Set It and Forget It—or Delete Data Now

As described above, toggling the Web & App Activity setting makes for a significant privacy boost, but it will disable some functions on certain Google products.

If you want to leave the setting on, Google has a newer feature that will automatically delete some of the data the company collects after three or 18 months, depending on which option you pick. You can also opt to just erase the data manually.

Google has already extracted most if not all of the advertising value from the data by that point, so this isn’t an ironclad way to protect your privacy from the tech giant. But it’s better not to have personal information—like everything you’ve ever Googled—sitting on a corporate server.

After an update, this auto-delete feature is turned on by default when you create a new Google account.

Existing users need to turn it on manually.

To delete your Web & App Activity automatically: Go to “Manage your data & personalization” > Web & App Activity > Auto-delete.

To delete your Location History automatically: Go to “Manage your data & personalization” > Location History > Auto-delete.

To delete your Web & App Activity manually: Go to “Web & App Activity” > Manage Activity > Click the icon with three dots in the search bar > Delete activity by > Choose a time period to delete, or select All time.

To delete your Location History manually: Go to “Location History” > Manage Activity > Click the trash icon to delete all your location history, or use the tool in the top left to pick a specific time frame to delete.

Limit Data Sharing With Sites and Services

There are a number of reasons you might want to give third-party apps and services access to your data from your Google account. You may want to share your contacts with Twitter or LinkedIn, or give an app like Evernote access to files in Google Drive. You can also use Google Sign-in to log in to some apps and services instead of creating new accounts.

These arrangements are convenient, but they’re also a privacy trade-off. For example, the company knows every time you use Google Sign-in to open another service, and it harnesses that data for advertising. It’s a good idea to periodically review which apps are connected to your Google account and remove permissions for services you no longer use.

To turn off data sharing: Go to “Manage your Google Account” > Security > Manage third-party access > Click on the row with the app’s name and select Remove Access. Then do the same with apps under Signing in with Google.

Make Ads a Little Less Targeted

Google uses the information it collects about you for targeted advertising. If you find irrelevant ads particularly annoying, you may prefer it that way. But for people who want to keep their internet habits to themselves, Google allows them to decouple their personal preferences from the ads they see online. This setting doesn’t disable the Google advertising data machine entirely, but it’s worth adjusting for a small privacy boost.

To turn it off: Go to “Manage your data & personalization” > Go to ad settings > If Ad personalization is on, click the toggle > Turn off.

Turn Off Personalized Search Results

Google personalizes its search tool to try to make it more useful to you. That’s convenient, but other people using your computer may get a window into your internet life if you let them tool around on Google.com. For example, Google auto-predicts your typing based on things you’ve searched for, shows details about travel when you type in “my flights” or “directions home,” and makes recommendations for things like what to read and where to eat.

You can turn all of that off if you don’t want this information to show up. (These features will also be disabled if you turn off the Web & App activity setting.)

To turn it off: Go to “Manage your data & personalization” > Personal results in search > Switch the toggle off.

Safeguard Your Account From Hackers

One of the simplest ways to create roadblocks for hackers is to turn on two-factor authentication, also called multifactor authentication. Once you do that, you use a verification code sent by text or provided by an app (which may be more secure) to confirm your identity anytime you try to log in to your account from an unverified location, device, or browser. You also need the account password.

Once you turn on two-factor authentication, you can also add other safeguards, such as single-use codes you can print out and use if you don’t have access to your phone, and a physical security key that you can plug into your laptop’s USB port to confirm your identity. (You need to buy one of the U2F, or universal second factor, devices separately.)

To turn it on: Go to “Manage your Google Account” > Security > 2-Step Verification > Get Started.

Tweak This Android Phone Privacy Setting

If you’ve got an Android phone, there’s a quick and easy setting you can adjust that will make your experience with your apps somewhat more private. The Ads Personalization (sometimes called “Interest-Based Ads” depending on what kind of phone you have) lets you instruct your apps not to use a certain piece of data to track you and target you with marketing.

That piece of data is your Android Advertising ID (AAID), a special number tied to your Google account that the company provides so apps can track you. In June, Google announced that the setting would get stronger by the end of the year, when apps that request your AAID will start getting a string of zeros instead of the real ID.

That will make it harder for app developers to track you for advertising. But there are still ways for those companies to get around that limitation. In contrast, a similar iPhone setting prohibits all forms of tracking, in addition to the use of Apple’s advertising ID. Nevertheless, switching on the Android setting should provide a privacy boost. (When you’re thinking about downloading new Android apps, you can check out privacy “nutrition labels” that are currently being rolled out.)

To turn it on: Go to Settings > Privacy > Ads > Opt Out of Ads Personalization. (These instructions are for a Google Pixel phone; they may vary depending on which device you have.)

Give Chrome a Privacy Tuneup

It’s no secret: Google Chrome collects data about you. When you log in to Chrome and sync with your Google Account, your browsing data is stored on Google’s servers and linked with your account. That includes the websites you go to, your bookmarks, and your saved passwords.

You can be logged in to Chrome without syncing your data across devices. But in the latest versions of Chrome, Google logs you in to the browser by default when you sign in to Gmail or another Google service on a computer.

But you can opt out of automatic sign-ins. Or, as described below, you can try a different browser altogether, and there are good reasons to consider it.

To turn off Chrome’s automatic sign-in: On a computer, click the icon with three dots in the top right corner > Settings > Sync and Google Services > Switch off the “Allow Chrome sign-in” toggle. (This will let you sign in to an app such as Gmail without signing into the browser.)

If you’ve already logged in to Chrome, logging out is simple.

To sign out of Chrome: In Chrome, click the icon with your profile picture or the first letter of your username in the top right corner > Sign out. (The instructions are slightly different if you’ve already turned on Chrome’s data syncing. In the same menu, click “Syncing to” and then hit “Turn off” on the next page to be signed out automatically.)

Or you can stay logged in while disabling some or all of Chrome’s data-syncing functions.

To turn off Chrome’s sync settings: After signing in to Chrome, click the icon with three dots in the top right corner > Settings > Sync and Google Services > Manage sync > Switch off the “Sync everything” toggle > Switch off the toggles for some or all of the categories.

Or Just Say Goodbye to Chrome

Google Chrome collects a lot of data about its users. That includes location information, search history, and details about your browsing. All of that information is linked to your identity and harnessed for third-party advertising.

The search giant says that Chrome is going to change, and some new improvements will make for a more private experience. The biggest update would be blocking third-party cookies, little bits of code that let any company follow you around the web. Lots of other browsers already do that, and the reason Google hasn’t made the change yet is because it’s trying to figure out a new way to track Chrome users first.

But web browsers are pretty similar these days. You probably won’t notice major differences if you switch; you might even prefer a different browser. More private alternatives include Safari, Firefox, and DuckDuckGo’s Privacy Browser mobile app. All three promise to collect far less personal information, and they already block third-party cookies.

There’s a caveat, though. Chrome has a reputation for being the best option to protect your security (i.e., defending against hackers) even if it infringes on your privacy along the way. You probably don’t need to worry about that unless you’re a high-value target, like a person who handles highly sensitive information or, say, the CEO of a big company. But security may be a bigger concern for you than privacy; you’ll need to weigh the trade-off for yourself.

How Targeted Ads Work

Do you often see online ads that relate to your likes and hobbies? On the “Consumer 101” TV show, Consumer Reports expert Thomas Germain explains to host Jack Rico what targeted ads are and how they work.


Headshot of CR editor Thomas Germain

Thomas Germain

I want to live in a world where consumers take advantage of technology, not the other way around. Access to reliable information is the way to make that happen, and that's why I spend my time chasing it down. When I'm off the clock, you can find me working my way through an ever-growing list of podcasts. Got a tip? Drop me an email ( thomas.germain@consumer.org) or follow me on Twitter ( @ThomasGermain) for my contact info on Signal.