A recent report by Digital Lab highlights their security and data integrity practices, and also examines their ownership structures, clearly demonstrating that many VPN "brands" are owned by the same companies, many of whose owners or executives have known prior legal or moral problems.
Some VPN services are honest in their marketing, though. Still, many (including some of the more popular) employ dark patterns, e.g., making it unnecessarily hard to cancel subscriptions, or auto-renewing subscriptions, etc.
Read for yourself: "Security and Privacy of VPNs Running on Windows 10", by Digital Lab at Consumer Reports, which is an illuminating expose of 16 commercial VPN services.
Via kryptera.se, Swedish, who also graciously hosts the report (PDF, English).
Take care to define what you are trying to achieve before deciding to subscribe to a VPN. Do you primarily want to hide your web traffic from your ISP? A VPN can do that, but you are simply substituting your ISP for the ISP of the VPN provider.
But if all you want is to change the apparent geographic location of your traffic, then a VPN works fine. But you could just as easily make do with a proxy server.
PS. Do you have an extra computer or a Raspberry Pi lying around? Well, then you could build your own virtual private network. This is particularly useful when travelling abroad or anytime you have to use someone else's network.