This work addresses the challenges users face when exercising privacy rights granted under regulations such as GDPR and CCPA, often hindered by ambiguous privacy policies and unfriendly interfaces. The authors propose Privy, a large language model–powered browser assistant that semantically parses privacy policies to automatically identify actionable user rights and provides one-click guidance in a sidebar—including direct link navigation, email template generation, and form assistance—while also supporting justifications from policy text and user education on rights. Privy represents the first end-to-end system that tightly integrates policy comprehension with interactive support for privacy rights exercise. Experimental results show a rights extraction precision of 0.979, with 96.3% of tasks across 14 websites completed in an average of only 3.2 steps; a user study (N=15) further confirms its high perceived helpfulness.

Privacy regulations such as the CCPA and GDPR grant individuals rights over their personal data, yet it remains challenging for most users to exercise them in practice due to vague policy interpretation and unapproachable settings on web interfaces. We introduce Privy, an LLM-powered browser assistant that guides users through exercising their privacy rights on websites. Privy automatically analyzes a website's privacy policy and surfaces the specific rights available as action labels in a side panel. When a user selects a right, Privy provides step-by-step guidance and navigation, presenting direct links, generating email templates, or guiding form completion. Users can also request on-demand policy evidence and rights education to enhance their literacy. A technical evaluation across 14 websites shows that Privy extracts rights with high precision (0.979) and completes 96.3\% of privacy tasks in an average of 3.2 steps. A user study (N=15) also demonstrates the overall high-level of perceived helpfulness among users. Our findings suggest that comprehension and usability are not two separate challenges but a single interaction problem, and that effective privacy support requires integration of policy understanding and privacy actions. We offer design suggestions for future privacy assistants.