This article from the Washington Post discusses the California Consumer
Privacy Act, which can actually benefit people outside of California. It
allows you to determine what types of information companies have
collected about you and even allows you to request that this data be
deleted. I have already submitted several requests and the data that
I've received from Facebook is absolutely fascinating. This article
contains a lot of great information with lots of interesting links,
including direct links to the forms from these companies.
Don’t sell my data! We finally have a law for that
You’re going to have to jump through some hoops, but you can ask
companies to access, delete and stop selling your data using the new
California Consumer Privacy Act - even if you don’t live in California.
Matt Chinworth for The Washington Post
ByGeoffrey A. Fowler
<https://www.washingtonpost.com/people/geoffrey-a-fowler/>
FEBRUARY 6, 2020
With apologies to the Beastie Boys: You gotta fight for your right to
privacy.
America’s first broad data privacy law, theCalifornia Consumer Privacy
Act
<https://www.washingtonpost.com/technology/2018/06/28/california-lawmakers-just-adopted-tough-new-privacy-rules-targeting-facebook-google-other-tech-giants/>,
went into effect Jan. 1. These days, a wild range of companies gather
and sell your data, from Ford and Chipotle to Uber and Walmart. Now the
CCPA gives you the power to say cut it out.
And while the law technically covers only California residents,
Americans living anywhere can use the CCPA to reset their relationships
with more than a dozen major businesses (and counting).
Just know that some companies are going to make you jump through hoops.
To help, I’m breakingthe CCPA
<https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1202>down
into bites — and collecting below a growing list of links you can use to
take action.
I’ve been learning how to use the law by filing requests to more than
100 companies. To be covered by the CCPA, companies have to make more
than $25 million per year or collect data on more than 50,000 people.
They’re not incentivized to make it easy: Amazon hid critical links in
legal gobbledygook. Marketing data company LiveRamp asked me to submit a
selfie holding my own ID, kidnap-victim style. Walmart asked for my
astrological sign to confirm my identity. (Really.) And one business
left me a voice mail, but the message included no return number … or
even the name of the company. (Please call back!)
Requesting your data through CCPA? Get ready for the hoops.
Yet I’ve also been pleasantly surprised: Some of the biggest businesses,
including Netflix, Microsoft, Starbucks and UPS, areextending CCPA
rights to all Americans
<https://blogs.microsoft.com/on-the-issues/2019/11/11/microsoft-california-privacy-rights/>rather
than just Californians. That makes some sense: It’s additional work for
companies to try to confirm where people live. And frankly, it’s not a
good look for them to claim they care about customer privacy and then
discriminate against Americans who don’t live in California. Many of
these companies tell me they’ll participate when Congress passes
afederal data privacy law
<https://www.washingtonpost.com/politics/2018/09/26/tech-executives-voice-support-national-privacy-law/>,
which they know isn’t likelyanytime soon
<https://www.washingtonpost.com/technology/2019/11/26/top-senate-democrats-unveil-new-online-privacy-bill-promising-tough-penalties-data-abuse/>.
Privacy advocates have mixed feelings about the CCPA. It’s true that it
creates too much work for many people — and everyone deserves privacy,
even if they’re not willing to jump through hoops.
/[Facebook will now show you exactly how it stalks you — even when
you’re not using Facebook
<https://www.washingtonpost.com/technology/2020/01/28/off-facebook-activity-page/>]/
But I’m in the camp that thinks the CCPA is an important step forward. I
spent the past yearfollowing the secret life of the
data<https://www.washingtonpost.com/technology/2019/12/31/how-we-survive-surveillance-apocalypse/>on
my phone
<https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking/?tid=lk_inline_manual_4>,car
<https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/?tid=lk_inline_manual_4>andcredit
cards
<https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/?tid=lk_inline_manual_4>,
often confronting a stone wall from companies. Now we all have the legal
authority to demand answers about what’s happening with our data. For
example, the CCPA has already revealed that Amazon keeps a record
ofeverything you do on a Kindle
<https://www.theguardian.com/technology/2020/feb/03/amazon-kindle-data-reading-tracking-privacy>,
from when you start and stop reading to when you highlight a word.
(Amazon CEO Jeff Bezos owns The Washington Post, but I review all tech
with the same critical eye.)
The CCPA is far from a perfect privacy law, but it’s the one America has
in 2020. Iwant to
hear<https://hosted-washpost.submissionplatform.com/sub/hosted/5c7808290310870034cc0d8f>what
you discover using it. I’m hopeful it will fuel an overdue public
conversation about what kind of surveillance is okay — and what crosses
the line.
What does the CCPA do?
On its own, the CCPA won’t do much for your privacy. But if you take
some action, it gives you three useful rights:
1) You can ask companies to show you exactly what data they’ve collected
about you.
2) You can instruct companies not to “sell” your data. The word “sell”
is in quotes because the law defines that pretty broadly as an exchange
of value. (There’s a lot of debate about that, though — see below.)
3) You can ask companies to delete your data, unless doing so would
create a security threat or interfere with someone else’s free speech.
Even better, the law says companies are not allowed to treat you
differently or charge you money just for exercising your data rights.
There’s also a special restriction for children: If you’re under 16, a
company needs you to explicitly opt in before they can sell your
information.
Is it like the European law?
The CCPA is a bit like a European law you may have heard about, called
the General Data Protection Regulation. What’s different is that the
CCPA doesn’t require companies to minimize the data they collect in the
first place.
Privacy advocates also think the CCPA is sorely missing the ability for
consumers to file lawsuits against companies that violate their rights.
Only the California attorney general can do that now.
California Attorney General Xavier Becerra's office alone has the power
to enforce the CCPA. (Rich Pedroncelli/AP)
How much work is this?
You have to go to each and every company to exercise your CCPA rights.
Yes, that could become a never-ending project. But the good news is that
many companies have web forms you can fill out like busywork. I
submitted about a hundred in less time than it took me to binge the most
recent season of “The Crown.”
So far there’s no tool to help you do this all at once or service that
will manage your data for you, though I’ve heard from several start-ups
working on that.
Keep in mind that some online services, including Facebook, say a
“delete” request involves totally shutting your account, rather than
just pressing a reset button on all the unwelcome surveillance of your life.
What hoops might companies make me jump through?
Before you dive into making requests, get organized. You’ll need to have
access to your usernames, passwords and loyalty card numbers. (If you
don’t alreadyhave a password manager
<https://www.washingtonpost.com/technology/2018/07/12/your-password-has-likely-been-stolen-heres-what-do-about-it/>to
keep all your important information organized, this is an excellent time
to get one.)
Companies can ask you to prove your identity, and if there are errors or
missing information they can reject your request. Scan or photograph
your driver’s license; many sites required me to upload it, or a version
that was redacted. Data firm Wiland even asked me for a notarized
letter. (I reminded it that CCPA requests aren’t supposed to cost
consumers anything, and the company suggested I seek out a free notary
at a government office or credit union.)
Some companies will try to shift work onto you. Airbnb and PayPal, among
others, make you email them requests, rather than using web forms.
Instead of a simple “do not sell” switch, companies including Mastercard
make you manage a series of privacy “preferences” (as if anyone’s
preference would be to have their data sold). To opt out,Best Buy
<https://www.bestbuy.com/site/california-privacy-rights/do-not-sell/pcmcat1576178819013.c?id=pcmcat1576178819013>says
you have to change your web browser to block all cookies (breaking some
sites) and dig into your phone settings toturn off some advertising
tracking <https://www.networkadvertising.org/mobile-choice>.
Don’t let any of this stop you from demanding your rights. The most
common annoyance is firms hiding their CCPA instructions behind many
links and impenetrable privacy policies.
Is there any information that isn’t covered?
Companies don’t have to share information that’s already public, that
they’ve collected in a job interview or that they’ve aggregated in ways
that don’t identify you.
Some companies havecome up short in what they actually disclose
<https://www.washingtonpost.com/technology/2020/01/21/ccpa-transparency/>.
For example, in CCPA requests it returned to me, Amazon has yet to share
what data it collects in its camera-equipped Amazon Go convenience stores.
And businesses already covered by a few existing privacy laws are exempt
— even if those laws don’t require transparency like the CCPA. That
means banks and doctor’s offices generally don’t have to abide.
What counts as data ‘sale’?
This is one of the most-debated questions in tech right now.
The CCPA says selling data is a transfer of information for commercial
purposes. That’s obvious where one company pays another for, say, your
burrito purchase history. But many businesses, particularly ones
involved in online advertising, pass along information in other ways,
such as tracker cookies and pixels hidden on websites and apps.
Some of the biggest firms, including Facebook, Amazon and Google,
contend the “do not sell” request part of the CCPA doesn’t apply to them
because they don’t sell our data. They just make billions off our data
by using it to target ads and train artificial intelligence software.
/[Have you tried to get your data via the CCPA? We want to hear from
you.
<https://hosted-washpost.submissionplatform.com/sub/hosted/5c7808290310870034cc0d8f>]/
Others are claiming an out because the law is too vague. For example,
Spotify’s privacy policy says it shares your personal information with
advertisers — but the music service doesn’t think that should count as a
sale. “It is currently unclear whether the use of certain types of
advertising partners would be considered a sale under CCPA,” the company
says.
The authors of the CCPA say they intended the term “sale” to reflect the
wider data economy. CaliforniaAttorney General Xavier Becerra
<https://oag.ca.gov/privacy/ccpa>hasn’t yet published guidelines for how
his office will interpret the law, and we might not get firm answers
until his office begins enforcing it. That’s set to begin July 1.
Once I have my data, what do I do with it?
First, keep it secure by storing it only on a computer you control with
a password.
Most of the data requests I’ve received so far have come in formats I
can easily read, such as text files or PDFs. But not all: Twitter sent
me files in a .js format that requires a data science degree to
understand. (The company says it is working to improve that.)
I’m still waiting to hear back on most of my requests; the law gives
companies up to 90 days to deliver. But already I learned that WiFi
router maker Eero, owned by Amazon, keeps a detailed log of every device
that’s ever connected to my network. (It’s like a creepy visitor guest
book.) Fandango not only tallied all the movies I’ve watched but also
concluded I have an affinity for the Muppets. (True.)
When you examine your data, keep an eye out for information you didn’t
know the company had — or don’t think it should. If you don’t like what
you see, submit a CCPA delete request. Or stop doing business with the
company, and be sure to tell it why.
If you think a company is violating your privacy — or violating the CCPA
— you can complain to the California attorney general (click here
<https://oag.ca.gov/contact/consumer-complaint-against-business-or-company>for
a direct link).
Also, tell me about what you discover,using this form
<https://hosted-washpost.submissionplatform.com/sub/hosted/5c7808290310870034cc0d8f>or
sending me anemail <mailto:geoffrey.fowler@xxxxxxxxxxxx?subject=CCPA>.
Your experience could help inform my future columns and investigations
by The Post. But please don’t just send me your data download from a
company. I don’t want to invade your privacy!
Okay, let’s do it! Where do I click?
The list below includes many of the companies where I’ve submitted CCPA
requests, with the best links I could find to exercise the rights to opt
out of sale, access and delete data. I’ve separated out the companies
that have indicated they’ll offer CCPA rights to all Americans. As I
find more, or discover that companies change their forms or policies,
I’ll update the list.
There are more resources available: Acrowdsourced list stored on GitHub
<https://caprivacy.github.io/caprivacy/full/>, an online resource for
coders, has an even longer list of links to company-specific CCPA
information pages. Common Sense Media is also building out the
websiteDonotsell.org <http://donotsell.org/>as a resource for CCPA
requests, as isCAPrivacy.org <https://www.caprivacy.org/>, run by one of
the authors of the law. The Electronic Frontier Foundation offers
asimple guide on its website
<https://www.eff.org/deeplinks/2020/01/ten-questions-and-answers-about-california-consumer-privacy-act>,
and the Electronic Privacy Information Center has ahandy draft form
letter <https://epic.org/ccpa/>to use in cases where companies don’t
offer web forms.
If you’re looking for a company not included in any of these resources,
I recommend finding the privacy policy on its website and searching for
the word California — that’s typically the best place to start.
/Updated Feb. 6, 2020. (Thanks to all the readers adding to this list.)/
These companies accept CCPA requests from all Americans
* *Amazon:*CCPA
Info<https://www.amazon.com/gp/help/customer/display.html?nodeId=GC5HB5DVMU5Y8CJ2>|Access
<https://www.amazon.com/gp/privacycentral/dsar/preview.html>|Delete
<https://www.amazon.com/gp/help/customer/contact-us>
* *Apple:*CCPA Info
<https://www.apple.com/legal/privacy/california/>|Access
<https://privacy.apple.com/>|Delete <https://privacy.apple.com/>
* *DoorDash:*CCPA Info
<https://help.doordash.com/consumers/s/privacy-policy-us?language=en_US>|Access
<https://www.doordash.com/consumer/privacy/archive_request>|Delete
<https://www.doordash.com/consumer/privacy/delete_account>
* *Facebook:*CCPA Info
<https://www.facebook.com/help/contact/784491318687824>|Access
<https://www.facebook.com/settings?tab=your_facebook_information>|Delete
<https://www.facebook.com/deactivate_delete_account/>
* *Google:*CCPA Info
<https://policies.google.com/privacy?fg=1#enforcement>|Access
<https://takeout.google.com/?pli=1>|Delete <https://takeout.google.com/>
* *Lutron:*CCPA Info
<http://www.lutron.com/en-US/Pages/PrivacyNotice.aspx#start/home?Key=LutronPrivacyPolicy&p=0>|Access
<http://www.lutron.com/en-US/Pages/dataprivacyrequest.aspx>|Delete
<http://www.lutron.com/en-US/Pages/dataprivacyrequest.aspx>
* *Microsoft:*CCPA Info
<https://privacy.microsoft.com/en-US/ccpa>|Access
<https://account.microsoft.com/account/privacy?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy&destrt=privacy-dashboard>|Delete
<https://account.microsoft.com/account/privacy?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy&destrt=privacy-dashboard>
* *Netflix:*CCPA Info
<https://help.netflix.com/legal/privacy#ccpa>|Access
<mailto:privacy@xxxxxxxxxxx>|Delete <mailto:privacy@xxxxxxxxxxx>
* *PayPal:*CCPA Info
<https://www.paypal.com/us/webapps/mpp/ua/privacy-full>|Access
<https://www.paypal.com/us/smarthelp/contact-us?email=privacy>|Delete
<https://www.paypal.com/us/smarthelp/contact-us?email=privacy>
* *Ring:*Access <https://ring.com/account/datarequests>|Delete
<https://ring.com/account/datarequests>
* *Roku:*CCPA Info
<https://docs.roku.com/published/userprivacypolicy/en/us>|Don’t Sell
<https://privacy.roku.com/ccpa>|Access<https://privacy.roku.com/contact>|Delete
<https://privacy.roku.com/contact>
* *Starbucks:*CCPA Info
<https://www.starbucks.com/about-us/company-information/online-policies/privacy-policy/california>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/f9975fc5-c93f-4ff8-8169-846d8f6cd4d2/dd7e8c8f-839f-4be3-9ebc-060786941e92.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/f9975fc5-c93f-4ff8-8169-846d8f6cd4d2/dd7e8c8f-839f-4be3-9ebc-060786941e92.html>
* *Strava:*CCPA Info
<https://www.strava.com/legal/legal_bases#ca_rights>|Access
<https://www.strava.com/login>|Delete <https://www.strava.com/login>
* *Toyota:*CCPA Info
<https://www.toyota.com/support/california-privacy>|Don’t Sell
<https://privacy.toyota.com/privacy-hub/donotsell.html>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/273bec6c-3638-419e-9e65-7be67b30dbc2/7f4c654f-6efc-4c4d-aac7-50159ea560f4.html?form_type=guest>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/273bec6c-3638-419e-9e65-7be67b30dbc2/7f4c654f-6efc-4c4d-aac7-50159ea560f4.html?form_type=guest>
* *Twitter:*CCPA Info <https://privacy.twitter.com/en/ccpa>|Don’t Sell
<https://twitter.com/settings/account/personalization>|Access
<https://twitter.com/settings/your_twitter_data>|Delete
<https://twitter.com/settings/deactivate>
* *Uber:*CCPA Info<https://privacy.uber.com/privacy/california>|Don’t
Sell
<https://privacy.uber.com/privacy/california>|Access<https://help.uber.com/riders/article/download-your-data?nodeId=2c86900d-8408-4bac-b92a-956d793acd11>|Delete
<https://help.uber.com/riders/article/delete-my-uber-account?nodeId=71c58af5-23fd-428a-b1d1-fc3c7dd70b4a>
* *UPS:*CCPA Info
<https://www.ups.com/us/en/help-center/legal-terms-conditions/california-privacy.page>|Don’t
Sell <https://www.ups.com/ppwa/doWork?loc=en_US>|Access
<https://www.ups.com/upsemail/input?privacy=true&loc=en_US>|Delete
<https://www.ups.com/upsemail/input?privacy=true&loc=en_US>
* *Wiland:*CCPA Info <https://wiland.com/privacy-choices/>|Don’t Sell
<https://privacyportal-cdn.onetrust.com/dsarwebform/7567ece3-2d27-4ee0-a506-1153cb7a62b7/a5485eb1-f1ee-4a9f-9ed4-2b8ee48b550f.html>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/7567ece3-2d27-4ee0-a506-1153cb7a62b7/a1e6c0c7-b7ff-45f9-9c62-7f1eb47a6e77.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/7567ece3-2d27-4ee0-a506-1153cb7a62b7/a5485eb1-f1ee-4a9f-9ed4-2b8ee48b550f.html>
* *Zillow:*CCPA Info
<https://www.zillowgroup.com/terms-of-use-privacy-policy/zg-privacy-policy/#Legal-disclosures>|Access
<https://privacy.zillowgroup.com/export>|Delete
<https://privacy.zillowgroup.com/delete>
These companies accept CCPA requests from California residents:
* *Acxiom*:CCPA Info <https://www.acxiom.com/caconsumer/>|Don’t Sell
<https://isapps.acxiom.com/optout/optout.aspx>|Access
<https://www.acxiom.com/caconsumer/>|Delete
<https://www.acxiom.com/caconsumer/>
* *Airbnb*:CCPA Info
<https://www.airbnb.com/terms/privacy_policy>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/7a066a1e-5ec0-4f03-ba72-9ee06ba6e1d3/2d92e0a3-b352-421c-9481-1ea9f187fc27.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/7a066a1e-5ec0-4f03-ba72-9ee06ba6e1d3/2d92e0a3-b352-421c-9481-1ea9f187fc27.html>
* *Alaska Airlines*:CCPA Info
<https://www.alaskaair.com/content/legal/privacy-policy#rights-choices>|Don’t
Sell
<https://privacyportal-cdn.onetrust.com/dsarwebform/7a066a1e-5ec0-4f03-ba72-9ee06ba6e1d3/2d92e0a3-b352-421c-9481-1ea9f187fc27.html>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/7a066a1e-5ec0-4f03-ba72-9ee06ba6e1d3/2d92e0a3-b352-421c-9481-1ea9f187fc27.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/7a066a1e-5ec0-4f03-ba72-9ee06ba6e1d3/2d92e0a3-b352-421c-9481-1ea9f187fc27.html>
* *Albertsons/Safeway*:CCPA Info
<https://www.albertsonscompanies.com/about-us/our-policies/privacy-policy.html#9.1>|Don’t
Sell
<https://privacyportal-cdn.onetrust.com/dsarwebform/ea30fd57-7c9b-4aa0-b3c2-5ff790e3550f/9f10c78c-dad2-48a7-914b-79040240d917.html?state=CA>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/ea30fd57-7c9b-4aa0-b3c2-5ff790e3550f/9f10c78c-dad2-48a7-914b-79040240d917.html?state=CA>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/ea30fd57-7c9b-4aa0-b3c2-5ff790e3550f/9f10c78c-dad2-48a7-914b-79040240d917.html?state=CA>
* *Altria*:CCPA Info
<https://www.altria.com/Pages/CA-Privacy-Policy.aspx>|Don’t Sell
<https://www.altria.com/Pages/CA-Privacy-Policy.aspx#donotsell>|Access
<https://www.altria.com/Pages/CA-Privacy-Policy.aspx#donotsell>|Delete
<https://www.altria.com/Pages/CA-Privacy-Policy.aspx#donotsell>
* *AT&T*:CCPA Info
<https://about.att.com/csr/home/privacy/StateLawApproach/ccpa.html>|Don’t
Sell <https://www.att.com/cmp/ccpa/dnsatt>|Access
<https://www.att.com/mydatarequest/>|Delete
<https://www.att.com/mydatarequest/>
* *Best Buy*:CCPA Info
<https://www.bestbuy.com/site/privacy-policy/california-privacy-rights/pcmcat204400050063.c>|Access
<https://www.bestbuy.com/sentry/confirm/residency?context=ca&type=access>|Delete
<https://www.bestbuy.com/sentry/confirm/residency?context=ca&type=delete>
* *BevMo*:CCPA Info <https://www.bevmo.com/privacy-policy>|Don’t Sell
<https://www.bevmo.com/privacy-policy/ccpa-submission>|Access
<https://www.bevmo.com/privacy-policy/ccpa-submission>|Delete
<https://www.bevmo.com/privacy-policy/ccpa-submission>
* *Chipotle*:CCPA Info
<https://www.chipotle.com/about-us/privacy-policy>|Don’t Sell
<https://www.chipotle.com/donotsell>|Access
<https://www.chipotle.com/datarequest>|Delete
<https://www.chipotle.com/datarequest>
* *Comcast Xfinity*:CCPA Info
<https://www.xfinity.com/privacy/policy#cpp-info>|Don’t Sell
<https://www.xfinity.com/privacy/manage-preference>|Access
<https://www.xfinity.com/privacy/requests/affirmation>|Delete
<https://www.xfinity.com/privacy/requests/affirmation>
* *CVS*:CCPA Info <https://www.cvs.com/help/privacy_policy.jsp>|Access
<https://www.cvs.com/extracare/ccpa>|Delete
<https://www.cvs.com/extracare/ccpa>
* *Disney:*CCPA Info
<https://privacy.thewaltdisneycompany.com/en/dnsmi/>|Don’t Sell
<https://privacyportalde-cdn.onetrust.com/dsarwebform/64f077b5-2f93-429f-a005-c0206ec0738e/310e544c-4c70-4d0f-90d5-d4dc8b3f7cba.html>|Access
<https://privacyportalde-cdn.onetrust.com/dsarwebform/64f077b5-2f93-429f-a005-c0206ec0738e/310e544c-4c70-4d0f-90d5-d4dc8b3f7cba.html>|Delete
<https://privacyportalde-cdn.onetrust.com/dsarwebform/64f077b5-2f93-429f-a005-c0206ec0738e/310e544c-4c70-4d0f-90d5-d4dc8b3f7cba.html>
* *Dominos*:CCPA Info
<https://www.dominos.com/en/?scrollTo=js-ccpa#!/content/privacy/>|Don’t
Sell
<https://www.dominos.com/en/pages/customer/#!/ccpa/?optOut=1>|Access
<https://www.dominos.com/en/pages/customer/#!/ccpa/>|Delete
<https://www.dominos.com/en/pages/customer/#!/ccpa/>
* *eBay*:CCPA Info <https://www.ebay.com/adchoice/ccpa>|Don’t Sell
<https://www.ebay.com/adchoice/ccpa>|Access
<https://www.ebay.com/help/account/changing-account-settings/managing-contact-information?id=4200#data>|Delete
<https://www.ebay.com/help/account/changing-account-settings/closing-account?id=4199>
* *Eero:*Access <mailto:privacy@xxxxxxxx>|Delete <mailto:privacy@xxxxxxxx>
* *Epsilon:*CCPA Info <https://us.epsilon.com/privacy-policy>|Don’t
Sell<https://us.epsilon.com/marketing-data-summary-request>|Access
<https://us.epsilon.com/marketing-data-summary-request>|Delete
<https://us.epsilon.com/marketing-data-summary-request>
* *Equifax:*CCPA Info
<https://www.equifax.com/privacy/privacy-statement/#CaliforniaResidents>|Don’t
Sell <http://myprivacy.equifax.com/>|Access
<https://myprivacy.equifax.com/personal-info>|Delete
<https://myprivacy.equifax.com/personal-info>
* *Equinox*:CCPA Info
<https://www.equinox.com/privacy#_YOUR_CALIFORNIA_PRIVACY>|Don’t
Sell <https://www.equinox.com/dnsrequest>|Access
<https://www.equinox.com/privacyrequest>|Delete
<https://www.equinox.com/privacyrequest>
* *Experian:*CCPA Info
<https://www.experian.com/privacy/california-consumer-privacy-act.html>|Don’t
Sell<https://privacy.a.apps.experian.com/ccpa/>|Access
<https://privacy.a.apps.experian.com/ccpa/>|Delete
<https://privacy.a.apps.experian.com/ccpa/>
* *Face App:*CCPA Info
<https://www.faceapp.com/privacy-en.html>|Access
<https://docs.google.com/forms/d/e/1FAIpQLSfHP_lD5UnmlOUfhPCZ0L9tp2dm_Rb7txMjCjWX_BiEEDwpzA/viewform>|Delete
<https://docs.google.com/forms/d/e/1FAIpQLSfHP_lD5UnmlOUfhPCZ0L9tp2dm_Rb7txMjCjWX_BiEEDwpzA/viewform>
* *Ford:*CCPA Info <https://www.ford.com/help/privacy/>|Don’t Sell
<https://www.ford.com/help/privacy/ccpa/?ccpatype=donotsellmypi>|Access
<https://www.ford.com/help/privacy/ccpa/>|Delete
<https://www.ford.com/help/privacy/ccpa/>
* *General Motors:*CCPA Info
<https://www.gm.com/privacy-statement.html>|Don’t
Sell<https://www.gm.com/consumer-privacy.html>|Access
<https://www.gm.com/consumer-privacy.html>|Delete
<https://www.gm.com/consumer-privacy.html>
* *Honda*:CCPA Info
<https://www.honda.com/privacy-policy#Website10>|Don’t
Sell<https://crrs.secure.force.com/service/CCPA_Request_W2C?Subject=Do%20Not%20Sell>|Access
<https://crrs.secure.force.com/service/CCPA_Request_W2C>|Delete
<https://crrs.secure.force.com/service/CCPA_Request_W2C>
* *Hulu:*CCPA Info <https://www.hulu.com/ca-privacy-rights>|Don’t Sell
<https://www.hulu.com/account/privacy>|Access
<https://www.hulu.com/account/privacy>|Delete
<https://www.hulu.com/account/privacy>
* *i360:*CCPA Info<https://www.i-360.com/ccpa/>|Don’t Sell
<https://privacyportal-cdn.onetrust.com/dsarwebform/77dff651-9f08-40cd-99fe-a7c487b2504d/7211c3b3-750a-4422-8ccb-3dab5b4ec36c.html>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/77dff651-9f08-40cd-99fe-a7c487b2504d/7211c3b3-750a-4422-8ccb-3dab5b4ec36c.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/77dff651-9f08-40cd-99fe-a7c487b2504d/7211c3b3-750a-4422-8ccb-3dab5b4ec36c.html>
* *JetBlue:*CCPA Info <https://www.jetblue.com/legal/privacy>|Don’t
Sell
<https://submit-irm.trustarc.com/services/validation/6ef2badd-26b8-458f-8dc6-1ea77f125256>|Access
<https://submit-irm.trustarc.com/services/validation/6ef2badd-26b8-458f-8dc6-1ea77f125256>|Delete
<https://submit-irm.trustarc.com/services/validation/6ef2badd-26b8-458f-8dc6-1ea77f125256>
* *Kayak:*CCPA Info <https://www.kayak.com/privacy#ccpa>|Don’t Sell
<https://www.kayak.com/privacy/manage>|Access
<https://www.kayak.com/privacy/manage>|Delete
<https://www.kayak.com/privacy/manage>
* *Live Nation:*CCPA Info <https://www.livenation.com/ccpa>|Don’t Sell
<https://privacyportal-cdn.onetrust.com/dsarwebform/ba6f9c5b-dda5-43bd-bac4-4e06afccd928/b3c0feda-599b-43d9-ae70-2e33b14b3b6b.html>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/ba6f9c5b-dda5-43bd-bac4-4e06afccd928/b3c0feda-599b-43d9-ae70-2e33b14b3b6b.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/ba6f9c5b-dda5-43bd-bac4-4e06afccd928/b3c0feda-599b-43d9-ae70-2e33b14b3b6b.html>
* *LiveRamp:*CCPA Info
<https://liveramp.com/privacy/california-privacy-notice/>|Don’t Sell
<https://your-rights.liveramp.com/>|Access
<https://your-rights.liveramp.com/>|Delete
<https://your-rights.liveramp.com/>
* *Lyft:*CCPA Info <https://www.lyft.com/privacy>|Access
<https://www.lyft.com/privacy/data>|Delete
<https://www.lyft.com/privacy/data>
* *Macy’s:*CCPA Info
<https://www.customerservice-macys.com/app/answers/detail/a_id/6617/~/california-privacy-rights>|Don’t
Sell <https://www.macysprivacyportal.com/consumer/donotsell>|Access
<https://www.macysprivacyportal.com/>|Delete
<https://www.macysprivacyportal.com/>
* *Marriott:*CCPA Info <https://www.marriott.com/about/ccpa.mi>|Don’t
Sell<https://www.marriott.com/about/ccpa/do-not-sell.mi>|Access
<https://privacyportal-cdn.onetrust.com/dsarwebform/0894cd2c-85ba-4d0b-8ec1-e18f3735e0e0/6a56958d-33d0-40a7-82d4-9859be6f1f82.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/0894cd2c-85ba-4d0b-8ec1-e18f3735e0e0/6a56958d-33d0-40a7-82d4-9859be6f1f82.html>
* *Mastercard:*CCPA Info
<https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html#rights>|Access
<https://www.mastercard.us/public/my-data/gdp-public/en/personal-data-request.html?locale=en-us®ion=NAM>|Delete
<https://www.mastercard.us/public/my-data/gdp-public/en/personal-data-request.html?locale=en-us®ion=NAM>
* *Nissan:*CCPA Info <https://www.nissanusa.com/privacy.html>|Don’t
Sell
<https://privacyportal-cdn.onetrust.com/dsarwebform/00db3d80-61f2-406b-9665-493b342a269d/e41f69b2-3b0d-4c58-81e5-bc2c44ce0dd1.html>|Access<https://privacyportal-cdn.onetrust.com/dsarwebform/00db3d80-61f2-406b-9665-493b342a269d/e41f69b2-3b0d-4c58-81e5-bc2c44ce0dd1.html>|Delete
<https://privacyportal-cdn.onetrust.com/dsarwebform/00db3d80-61f2-406b-9665-493b342a269d/e41f69b2-3b0d-4c58-81e5-bc2c44ce0dd1.html>
* *OpenTable:*CCPA Info
<https://www.opentable.com/legal/privacy-policy-additional-disclosures-california>|Don’t
Sell
<https://www.opentable.com/user/legal/personal-data>|Access<https://www.opentable.com/user/legal/forms/request-data-california>|Delete
<https://www.opentable.com/user/legal/forms/request-data-california>
* *Orangetheory Fitness*:CCPA Info
<https://www.orangetheoryfitness.com/pages/privacy-policy#13>|Don’t
Sel <https://orangetheoryfitness.truyo.com/consumer/request_form>l
|Access
<https://orangetheoryfitness.truyo.com/consumer/request_form>|Delete
<https://orangetheoryfitness.truyo.com/consumer/request_form>
* *Pinterest:*CCPA Info
<https://policy.pinterest.com/en/privacy-policy#section-california-residents>|Access<https://help.pinterest.com/en/contact?current_page=about_you_page>|Delete
<https://help.pinterest.com/en/contact?current_page=about_you_page>
* *Quora:*CCPA Info
<https://www.quora.com/about/privacy>|Access<https://help.quora.com/hc/en-us/requests/new>|Delete
<https://help.quora.com/hc/en-us/requests/new>
* *Redfin*:CCPA Info
<https://www.redfin.com/about/privacy-policy>|Access
<mailto:privacy@xxxxxxxxxx>|Delete <mailto:privacy@xxxxxxxxxx>
* *Resy:*CCPA Info
<https://resy.com/privacy?date=2020-02-02&seats=2#california-privacy>
* *Samsung:*CCPA Info <https://www.samsung.com/us/privacy/ccpa/>|Don’t
Sell
<https://www.samsung.com/us/privacy/ccpa/>|Access<https://www.samsung.com/us/privacy/ccpa/>|Delete
<https://www.samsung.com/us/privacy/ccpa/>
* *SiriusXM*:CCPA
Info<https://www.siriusxm.com/wo/pdf/CCPA-Specific-PP-Disclosures-Eng.pdf>|Don’t
Sell <https://www.siriusxm.com/ccparequest_DoNotSellMyInfo>|Access
<https://www.siriusxm.com/ccparequest_ManageInfo>|Delete
<https://www.siriusxm.com/ccparequest_ManageInfo>
* *Southwest Airlines:*CCPA Info
<https://t.iluv.southwest.com/webApp/swaAPP_DataPrivacy_OptOut?clk=4028122&cbid=4028122>|Don’t
Sell<https://www.southwest.com/html/about-southwest/terms-and-conditions/privacy-policy-pol.html?int=#Your_Choices>|Access<https://t.iluv.southwest.com/webApp/swaAPP_DataPrivacy_CustomerContact>|Delete
<https://t.iluv.southwest.com/webApp/swaAPP_DataPrivacy_CustomerContact>
* *Spotify:*CCPA Info
<https://www.spotify.com/us/legal/california-privacy-disclosure/>|Access
<https://support.spotify.com/us/contact-spotify-privacy/>|Delete
<https://support.spotify.com/us/contact-spotify-privacy/>
* *Staples:*CCPA Info
<https://www.staples.com/hc?id=dbb94c10-973c-478b-a078-00e58f66ba32#California%20Consumer%20Privacy%20Act>|Don’t
Sell
<https://submit-irm.trustarc.com/services/validation/2394f394-3df4-4051-bfa1-50c2cfa45f02>|Access
<https://submit-irm.trustarc.com/services/validation/cba2b6f7-919f-46d3-8b93-236ef465d616>|Delete
<https://submit-irm.trustarc.com/services/validation/63f5f086-01c0-41ca-b840-7c7a101bd941>
* *Target:*CCPA Info
<https://www.target.com/c/california-residents-privacy-policy/-/N-m2wjt>|Don’t
Sell <https://www.target.com/do-not-sell-ca>|Access
<https://www.target.com/ccpa-intake-form>|Delete
<https://www.target.com/ccpa-intake-form>
* *Ticketmaster:*CCPA Info
<https://help.ticketmaster.com/s/article/Live-Nation-Entertainment-Privacy-Policy-Your-Privacy-Rights?language=en_US>|Don’t
Sell
<https://app.onetrust.com/app/#/webform/a912475c-660e-40a7-b320-844ea439062a>|Access<https://app.onetrust.com/app/#/webform/a912475c-660e-40a7-b320-844ea439062a>|Delete
<https://app.onetrust.com/app/#/webform/a912475c-660e-40a7-b320-844ea439062a>
* *TransUnion:*CCPA Info
<https://www.transunion.com/consumer-privacy>|Don’t Sell
<https://service.transunion.com/dss/login.page?dest=cpa/tuData>|Access
<https://service.transunion.com/dss/login.page?dest=cpa/tuData>|Delete
<https://service.transunion.com/dss/login.page?dest=cpa/tuData>
* *Truedata:*CCPA Info <https://www.truedata.co/privacy-policy/>|Don’t
Sell
<https://info.truedata.co/are-you-in>|Access<https://info.truedata.co/are-you-in>|Delete
<https://info.truedata.co/are-you-in>
* *Uber:*CCPA Info <https://privacy.uber.com/privacy/california>|Don’t
Sell
<https://privacy.uber.com/privacy/california>|Access<https://help.uber.com/riders/article/download-your-data?nodeId=2c86900d-8408-4bac-b92a-956d793acd11>|Delete
<https://help.uber.com/riders/article/delete-my-uber-account?nodeId=71c58af5-23fd-428a-b1d1-fc3c7dd70b4a>
* *Unilever:*CCPA Info
<https://www.unilevernotices.com/usa/california/english/privacy-notice/notice.html>|Don’t
Sell
<https://privacy.unileversolutions.com/en/rights-request-form.html>|Access
<https://privacy.unileversolutions.com/en/rights-request-form.html>|Delete
<https://privacy.unileversolutions.com/en/rights-request-form.html>
* *Verizon:*CCPA Info
<https://www.verizon.com/about/privacy/full-privacy-policy#acc-item-55>|Access
<https://www.verizon.com/privacy/your-data>|Delete
<http://www.verizon.com/privacy/your-data>
* *Verizon Media:*CCPA Info
<https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/california/index.html>|Don’t
Sell
<http://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/dashboard/index.html>|Access
<https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/dashboard/index.html>|Delete
<https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/dashboard/index.html>
* *Visa:*CCPA Info
<https://usa.visa.com/legal/global-privacy-notice/ca-privacy-rights.html>|Access
<mailto:privacy@xxxxxxxx>|Delete <mailto:privacy@xxxxxxxx>
* *Volkswagen:*CCPA Info <https://www.vw.com/privacy/>|Don’t Sell
<https://privacyportal.volkswagengroupofamerica.com/donotsell>|Access
<http://privacy.vwgoa.com/>|Delete <http://privacy.vwgoa.com/>
* *Walmart:*CCPA Info
<https://corporate.walmart.com/privacy-security/california-privacy-rights>|Don’t
Sell
<https://cpa-ui.walmart.com/affirmation?brandCode=WMT&requestType=OPTOUT>|Access
<https://cpa-ui.walmart.com/affirmation?brandCode=WMT&requestType=ACCESS>|Delete
<https://cpa-ui.walmart.com/affirmation?brandCode=WMT&requestType=ACCESS>
* *Washington Post:*CCPA Info
<https://www.washingtonpost.com/my-post/privacy-settings/>|Don’t
Sell
<https://www.washingtonpost.com/my-post/privacy-settings/>|Access
<https://helpcenter.washingtonpost.com/hc/en-us/requests/new?ticket_form_id=360000603931>|Delete
<https://helpcenter.washingtonpost.com/hc/en-us/requests/new?ticket_form_id=360000603931>
* *Whitepages:*CCPA Info
<https://www.whitepages.com/privacy/ccpa>|Don’t Sell
<https://whitepagesprivacy.zendesk.com/hc/en-us/requests/new>|Access
<https://whitepagesprivacy.zendesk.com/hc/en-us/requests/new>|Delete
<https://whitepagesprivacy.zendesk.com/hc/en-us/requests/new>
* *Whole Foods:*CCPA Info
<https://www.wholefoodsmarket.com/privacy-notice#california-privacy-rights>|Access<https://www.wholefoodsmarket.com/customer-service/contact-us>|Delete
<https://www.wholefoodsmarket.com/customer-service/contact-us>
* *Yelp:*CCPA Info
<https://terms.yelp.com/privacy/en_us/20200101_en_us/#California-Residents:-Your-California-Privacy-Rights>|Access
<https://www.yelp-support.com/article/How-can-I-access-my-Yelp-data?l=en_US>|Delete
<https://www.yelp.com/support/contact/account_closure?src_article_id=000005409>
*Read more from our Secret Life of Your Data series:*
Alexa has been eavesdropping on you this whole time
<https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?utm_term=.3bff5e70f6f5&tid=lk_inline_manual_93&tid=lk_inline_manual_77&tid=lk_inline_manual_48&tid=lk_inline_manual_78&tid=lk_inline_manual_75&tid=lk_inline_manual_66>
It’s the middle of the night. Do you know who your iPhone is talking to?
<https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking/?utm_term=.837cae40ecb0&tid=lk_inline_manual_94&tid=lk_inline_manual_78&tid=lk_inline_manual_49&tid=lk_inline_manual_79&tid=lk_inline_manual_76&tid=lk_inline_manual_67>
The spy in your wallet: Credit cards have a privacy problem
<https://www.washingtonpost.com/technology/2019/08/26/spy-your-wallet-credit-cards-have-privacy-problem/?tid=lk_inline_manual_79&tid=lk_inline_manual_50&tid=lk_inline_manual_80&tid=lk_inline_manual_77&tid=lk_inline_manual_68>
Goodbye, Chrome: Google’s Web browser has become spy software
<https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/?utm_term=.709eafc2e9a9&tid=lk_inline_manual_96&tid=lk_inline_manual_80&tid=lk_inline_manual_51&tid=lk_inline_manual_81&tid=lk_inline_manual_78&tid=lk_inline_manual_69>
I found your data. It’s for sale.
<https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/?utm_term=.d2cfebc4cf85&tid=lk_inline_manual_97&tid=lk_inline_manual_81&tid=lk_inline_manual_52&tid=lk_inline_manual_82&tid=lk_inline_manual_79&tid=lk_inline_manual_70>
You watch TV. Your TV watches back.
<https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/?tid=lk_inline_manual_53&tid=lk_inline_manual_83&tid=lk_inline_manual_80&tid=lk_inline_manual_71>
Think you’re anonymous online? A third of popular websites are
‘fingerprinting’ you.
<https://www.washingtonpost.com/technology/2019/10/31/think-youre-anonymous-online-third-popular-websites-are-fingerprinting-you/?tid=lk_inline_manual_81&tid=lk_inline_manual_72>
What does your car know about you? We hacked a Chevy to find out.
<https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/?tid=lk_inline_manual_73>
How we survive the surveillance Apocalypse
<https://www.washingtonpost.com/technology/2019/12/31/how-we-survive-surveillance-apocalypse/>
--
David Goldfield,
Blindness Assistive Technology Specialist
JAWS Certified, 2019
WWW.DavidGoldfield.org