Every connection to a website generates technical data that passes through several intermediaries before reaching your screen. These intermediaries, from the Internet service provider to the browser installed on your device, keep more or less detailed records of your journey. The European regulatory framework, particularly the GDPR, governs the collection and use of this data, but the technical reality leaves gray areas that most users are unaware of.
Browsing Data and Layers of Technical Interception
When you enter an address in your browser, the request first goes through a DNS resolver, often that of your Internet service provider (ISP). This resolver translates the domain name into an IP address and keeps a log of these translations. Even if the visited site uses the HTTPS protocol, the ISP sees the domain names you are consulting, not the content of the pages.
See also : Everything You Need to Know About Obtaining a VSL Transport Voucher and Who Can Benefit
The browser itself locally stores history, cookies, and form data. Google Chrome, for example, synchronizes this information with your Google account if the feature is enabled. Firefox offers similar synchronization via a Mozilla account. This data remains accessible to anyone who has physical or remote access to your session.
To understand precisely who can see your online activity, it is necessary to distinguish three levels: the network (ISP, Wi-Fi administrator), the software (browser, search engine), and the device (anyone with direct access).
You may also like : How to Optimize Your Gardening with Cost-Effective and Eco-Friendly Mulching Techniques
Workplace Surveillance: What European Law Allows and Limits
The European Data Protection Board (EDPB) finalized on May 18, 2024, a revision of its Guidelines 3/2019 on the processing of personal data in the workplace. This text specifies that systematic and large-scale surveillance of employees’ online activity is, in principle, disproportionate under the GDPR.
Employers deploying DNS filtering tools, proxies, or data loss prevention (DLP) solutions must inform employees clearly, completely, and understandably. This obligation also applies when surveillance involves third-party services such as Google Workspace or Microsoft 365.
Recent French Jurisprudence
The Court of Cassation recalled, in rulings from September 2022 and March 2023, that the employer can only consult files or browsing histories identified as personal on a professional device by strictly respecting the right to privacy. In practice, a folder named “personal” on a desktop computer benefits from legal protection, even if the device belongs to the company.
Private browsing mode does not protect against the employer’s network surveillance. This mode prevents the browser from locally storing history and cookies, but DNS requests and network traffic remain visible to the company’s network administrator.
Incognito Mode and VPN: Two Tools with Very Different Scopes
The confusion between private browsing and online anonymity remains common. Incognito mode only acts at the browser level:
- It prevents local storage of history, cookies, and form data upon closing the tab
- It does not mask your IP address from visited sites, the ISP, or the network administrator
- It does not encrypt traffic between your device and the destination server beyond standard HTTPS
A VPN (virtual private network) operates at a different level. It creates an encrypted tunnel between your device and an intermediary server, which masks your real IP address from the sites you visit and prevents the ISP from seeing the domain names consulted. The ISP only sees that you are connected to a VPN server, without being able to identify the visited sites.
On the other hand, the VPN provider itself can potentially observe your traffic. Choosing a service that applies a strict no-log policy becomes a crucial criterion. The available data does not allow for independent verification of all no-log policies announced by providers.
Browser Privacy Settings: Settings That Truly Change the Game
Beyond the VPN, several settings directly accessible in your browser reduce your data exposure. Not all are equal.
- Enabling automatic cookie deletion upon closing the browser limits advertising tracking between sessions but does not affect fingerprinting (the digital fingerprint of your device)
- Configuring an encrypted DNS resolver (DNS over HTTPS) prevents your ISP from reading your DNS requests in clear text, provided that the browser and the chosen resolver support it
- Disabling history synchronization with an online account (Google, Microsoft, Mozilla) removes a remote copy of your activity, but you also lose continuity between devices
- Using tracker-blocking extensions reduces the number of third parties collecting data during your browsing, although it does not guarantee total protection
No single setting is sufficient to make your browsing invisible. The combination of encrypted DNS, a reliable VPN, and a properly configured browser covers most leakage vectors, without achieving complete anonymity.
Deleting Google History
Google allows you to configure automatic deletion of search history and web activity after three, eighteen, or thirty-six months. This setting can be found in the Google account settings under “Data and Privacy.” User-side deletion does not necessarily erase all traces on the server side, as Google retains certain aggregated data for service improvement purposes.
The CNIL also recommends regularly checking the permissions granted to applications and browser extensions, which constitute an often-underestimated collection channel. Each installed extension can potentially access your entire browsing history if its permissions allow it.
Online privacy protection relies on a layering of technical measures and tool choices, not on a single solution. Understanding at what level each intermediary intervenes remains a prerequisite for deciding which settings to activate and which services to adopt.