Personal data collection typically starts on user devices, with the data then shared with service providers and trackers, obtained by malicious actors, and/or used for surveillance. The services enabled by this data come at the expense of privacy, security, transparency, and fairness, for individuals and society as a whole. Increased public awareness has led to landmark legislation on data protection, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Policymakers need to be further informed by technology, however, to formulate relevant and enforceable policies, and end-users still need tools to protect themselves. This project seeks to protect personal information, by improving the transparency and control of data flow on the Internet, using a multidisciplinary approach that combines methodologies from computer science (theory, network measurement, security) with policy and economics, and crosses multiple application domains (web, mobile, and Internet-of-Things).
Conceptual frameworks are developed for personal information flow on the Internet, as well as systems for monitoring and mediation. Existing systems are improved for measuring the tracking and discrimination of personal information, and for explicitly controlling privacy-utility tradeoffs. To provide long-term privacy-by-design alternatives, the project pursues verifiable IoT architectures seeking to decentralize the advertising ecosystem and eliminate intermediaries. The project likewise leverages technology to inform policy specification and to provide tools to audit and enforce policies. The broader impacts of the project include: (1) informing policymakers, nonprofit advocates, and industry players through interactions with relevant stakeholders; (2) training next-generation graduate and undergraduate students jointly in technology and policy; and (3) broadening participation of women, underrepresented minorities, and community college students.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
