It starts with Damian Finol, a security engineer at Google.
When he was growing up in Venezuela, Finol was extremely interested in computer security and privacy--and for a very compelling personal reason.
"I learned how to encrypt when I was 12 in the 1990s," he told me, "when I had to keep my gay diary safe.
Now, Finol lives in California, where a new privacy law went into effect on January 1. On New Year's Day, in his spare time, he built a simple website that a lot of people will find very interesting.
In short, Californians now have four key rights regarding how big companies use your digital data:
- The right to know what data companies are holding and selling about you
- The right to ask companies to delete personal information about you
- The right to "opt out" of companies' selling your data to third parties
- The right to nondiscrimination--meaning you can't be charged more or less for exercising the other three rights
All of that sounds great (and it might leave people in other states feeling a little envious).
But there's only one problem: While companies legally have to provide these rights to California residents, they also might be prone to hiding the information deep within their companies' websites.
That's where Finol's project came in.
It's a crowdsourced database where you can find direct links to the pages on big-company websites to exercise these privacy rights.
The layout is fairly sparse and basic, but I was surprised at how useful it could be--at least if you're a California resident, since there's no legal requirement that people in other states be given these rights.
As of this writing, there are 123 company pages listed on the site. Here are a few examples, with links, so you can see the sorts of things we're talking about:
When we talked this week, Finol wanted me to be clear that while he works for Google, he built the site, CAPrivacy.me, in his spare time. In other words, it's a private project, not a Google project.
He said the idea for this came to him after talking with a colleague, Chad Loder, about the new law on New Year's Eve, and then reading a Twitter thread by attorney Whitney Merrill, in which she'd started to compile these kinds of pages.
Truly, just going down the list of companies, you start to get a sense for just how many companies are collecting information and potentially selling it. (I mean, Chipotle?)
Perhaps it shouldn't be all that surprising, if you pay attention to some of the reporting on this--like Kashmir Hill's report in November in The New York Times, where she obtained her "secret consumer score" and found it included everything.
Can you imagine how long it would take to look up company after company after company, trying to find the single page on their websites where they let you opt out of all this stuff?
"This is a cool V-1 for now," Finol said, adding: "The right to privacy is very important. I think that privacy is going to become one of the bigger topics in 2020."