Privy: From Fine Print to Fair Practice in Privacy Rights Exercise
For end-users struggling to exercise privacy rights under CCPA/GDPR, Privy integrates policy understanding with actionable guidance, addressing a practical usability gap.
Privy is an LLM-powered browser assistant that helps users exercise privacy rights on websites by analyzing privacy policies and providing step-by-step guidance. It achieves high precision (0.979) in extracting rights and completes 96.3% of privacy tasks in an average of 3.2 steps.
Privacy regulations such as the CCPA and GDPR grant individuals rights over their personal data, yet it remains challenging for most users to exercise them in practice due to vague policy interpretation and unapproachable settings on web interfaces. We introduce Privy, an LLM-powered browser assistant that guides users through exercising their privacy rights on websites. Privy automatically analyzes a website's privacy policy and surfaces the specific rights available as action labels in a side panel. When a user selects a right, Privy provides step-by-step guidance and navigation, presenting direct links, generating email templates, or guiding form completion. Users can also request on-demand policy evidence and rights education to enhance their literacy. A technical evaluation across 14 websites shows that Privy extracts rights with high precision (0.979) and completes 96.3\% of privacy tasks in an average of 3.2 steps. A user study (N=15) also demonstrates the overall high-level of perceived helpfulness among users. Our findings suggest that comprehension and usability are not two separate challenges but a single interaction problem, and that effective privacy support requires integration of policy understanding and privacy actions. We offer design suggestions for future privacy assistants.