The phrase "digital footprint" gets used in school internet safety curricula in ways that are technically accurate and practically incomplete at the same time. Students are taught that what they put online stays online, that employers and colleges will look them up, that they should be careful. All of this is true. It is also abstract enough to have limited effect on behavior, and it skips over some of the more specific mechanics of what actually persists and how.
What actually sticks
The most persistent thing most students create is not the thing they are warned about. It is not the inflammatory tweet or the embarrassing photo. It is the account. An account created at thirteen on a platform that has since changed ownership, merged with another service, or been acquired will have its data retained under whatever terms existed at creation plus whatever amendments the new owner applied. Terms of service changes are not retroactive permission to delete what was already collected, and data collected legitimately under old terms is generally retained.
Beyond accounts, several categories of persistence work differently from each other.
Search history persists at the search engine level, associated with an account or, for non-logged-in searches, with an IP address. It is not publicly visible, but it is retained by the service, available to the company for advertising purposes, and available to law enforcement with appropriate legal process.
Social media posts may be deleted from public view while remaining in the platform's database. Platform databases are also scraped by third-party archival services, sentiment analysis tools, and data brokers, which means a deleted public post may have been archived before deletion.
Images distributed to other people are no longer under the original sender's control. This is the mechanism that makes sexting among teenagers so consequential: once an image has been sent, its persistence is no longer a function of what the original sender does.
What colleges and employers actually see
The practical reality of college admissions is more boring than the panic around it suggests. Admissions officers at selective institutions read applications; they do not routinely Google applicants. There are exceptions, like a student who does something widely reported enough to appear in news coverage, or who draws attention in some context that makes their name searchable in a specific way, but the scenario of an admissions officer scrolling through your child's seven-year-old Instagram is less common than the cautionary framing implies.
Employers searching candidates varies more by industry and role. Background checks are standard in many fields, and social media checks are more common in some sectors than others. The practical advice (a professional digital presence is better than a compromising one) is correct, but it is advice about curation and judgment rather than evidence that every post from ninth grade will be reviewed.
What is harder to control
The category of digital persistence that is least visible and hardest to control is data held by data brokers, companies that aggregate publicly available information, infer additional information from behavior patterns, and sell profiles. Data broker profiles can include location history, political affiliation inferences, purchase patterns, court records, and more, much of it assembled without any direct interaction with the person in question. Most people do not know these profiles exist until they try to opt out of them, which is possible in principle and tedious in practice. This is the category of digital persistence that actually affects things like insurance rates, credit decisions, and background check outcomes, rather than the embarrassing photo from the eighth-grade talent show.