Subscribe to our mailing list to receive news and updates on the project!


2017

ICSE 2017 | May 2017

Jaspreet Bhatia presented a talk based on her paper, "Mining Privacy Goals from Privacy Policies Using Hybridized Task Recomposition." The talk was on May 24th 2017, in Buenos Aires.


US Patent and Trademark Office | Apr 2017

Lorrie Cranor spoke about design and evaluation of notices at the USPTO on April 18th.


IAPP Global Privacy Summit | Apr 2017

Lorrie Cranor ran an active learning session on Designing Notice and Consent for the Internet of Things at the IAPP Global Privacy Summit on April 18th.


Legal IT Conference | Mar 2017

N. Cameron Russell presented the Usable Privacy Policy Project at the Young Bar of Montreal's Legal IT Conference on March 23, 2017 in Montreal, Canada.


NDSS 2017 | Feb 2017

Sebastian Zimmeck presents our paper Automated Analysis of Privacy Requirements for Mobile Apps at the Network and Distributed System Security Symposium (NDSS) at the end of February in San Diego.


CyLab Distinguished Seminar | Feb 2017

"What if Computers Understood Privacy Policies? And, What if They Knew What We Care About?" Norman Sadeh is the speaker at CyLab’s Distinguished Seminar on February 20.


World Federation of Advertisers' Digital Governance Exchange | Feb 2017

N. Cameron Russell presented the Usable Privacy Policy Project at the World Federation of Advertisers' Digital Governance Exchange on February 9, 2017 in London, U.K.


FTC PrivacyCon | Jan 2017

Sebastian Zimmeck to present our paper on "Automated Analysis of Privacy Requirements for Mobile Apps" as part of session on mobile privacy at the FTC's PrivacyCon. Co-authors include Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg.


7th Annual Privacy Papers for Policymakers | Jan 2017

Joel Reidenberg, Jaspreet Bhatia, Travis Breaux, and Thomas B. Norton receive an honorable mention for their paper, "Ambiguity in Privacy Policies and the Impact of Regulation" at the 7th Annual Privacy Papers for Policymakers event. Alessandro Acquisti to give meeting keynote.


NSF's Secure and Trustworthy Cyberspace (SaTC) PIs’ Meeting | Jan 2017

Norman Sadeh to present our Frontier project on Usable Privacy Policies and also participate in panel on “Conceiving and Running Center-Scale Frontier Projects” at the NSF's Secure and Trustworthy Cyberspace (SaTC) Principal Investigators’ Meeting. Alessandro Acquisti to give closing keynote on January 11.


2016

Privacy and Language Technologies Symposium | Nov 2016

Usable Privacy Policy Project members Shomir Wilson, Alessandro Oltramari and Fei Liu are organizing an AAAI Fall Symposium titled "Privacy and Language Technologies" in November 2016 in Arlington, Virginia. At the symposium we will present four papers, and the keynote will be held by Norman Sadeh, the lead PI of our project.

Lexical Similarity of Information Type Hypernyms, Meronyms and Synonyms in Privacy Policies
M. Bokaei Hosseini, S. Wadkar, T.D. Breaux, J. Niu

Analyzing Vocabulary Intersections of Expert Annotations and Topic Models for Data Practices in Privacy Policies

F. Liu, S. Wilson, F. Schaub, N. Sadeh

Automatic Extraction of Opt-Out Choices from Privacy Policies
K.M. Sathyendra, F. Schaub, S. Wilson, N. Sadeh

Automated Analysis of Privacy Requirements for Mobile Apps
S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg


CMU Press Release About Mobile App Compliance | Nov 2016

CMU press release on our mobile app compliance tool and our work with the California Office of the Attorney General features Sebastian Zimmeck and Norman Sadeh.


Computational Methods in Law | Nov 2016

Florian Schaub presents our research as an invited speaker at the Symposium Computational Methods in Law: A European Perspective on Nov. 10 in Ulm, Germany. The symposium provides a multi-disciplinary perspective on the application of computational methods in the legal domain and is jointly hosted by the University of Heidelberg and Ulm University.


HCOMP 2016 | Oct 2016

Shomir Wilson presents our paper Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work? (pdf) as part of the Encore Track at the Fourth AAAI Conference on Human Computation and Crowdsourcing, in Austin, Texas. This track will consist of presentations for three top papers on human computation and crowdsourcing from peer venues. Our paper was a Best Paper Finalist at the 25th International World Wide Web Conference in April.


Collaboration with California AG | Oct 2016

The California Attorney General’s Office has been piloting our Mobile App Privacy Compliance tool for the past several months. See recent press release from the California AG’s Office. This is work funded under our NSF Frontier project on Usable Privacy Policies and our DARPA Brandeis Personalized Privacy Assistant Project.


Privacy+Security Forum | Oct 2016

Joel Reidenberg presents our research at the 2016 Privacy+Security Forum in Washington, D.C., as an invited speaker on a panel on Notice, Choice and Design.


Project in the News | Sep 2016

Our project was recently featured in CIO Magazine. Joel Reidenberg and Florian Schaub's presentations at the FTC Workshop "Putting Disclosures to the Test" were further mentioned in articles from National Law Review, AdExchanger, and Lexology.


FTC Workshop: Putting Disclosures to the Test | Sep 2016

Joel Reidenberg and Florian Schaub present our research at the Federal Trade Commission's public workshop Putting Disclosures to the Test on Sept. 15, 2016. Joel Reidenberg talks about ambiguity in privacy policies. Florian Schaub talks about contextualizing and personalizing privacy notices and controls. Lorrie Cranor co-organizes the workshop in her role as the FTC's Chief Technologist.

More information about the Putting Disclosures to the Test workshop and a live webcast are available on the event page.


RE 2016 | Sep 2016

Jaspreet Bhatia presents the paper "A Theory of Vagueness and Privacy Risk Perception" at the IEEE 24th International Requirements Engineering Conference (RE'16) in Beijing, China.

Jaspreet will also present a paper at the co-located Workshop on Artificial Intelligence for Requirements Engineering (AIRE) titled "Automated Extraction of Information Type Hyponymy from Privacy Policies."


ACL 2016 | Aug 2016

Shomir Wilson presents our paper "The Creation and Analysis of a Website Privacy Policy Corpus" at the Annual Meeting of the Association for Computational Linguistics (ACL) in August in Berlin, Germany. The paper introduces a corpus of 115 privacy policies with annotated data practices. The corpus' annotations can be explored at explore.usableprivacy.org


OPP-115 Corpus Release | Jul 2016

We are pleased to announce that the OPP-115 Corpus of annotated privacy policies is now available for download on our data page. This unique resource consists of 115 privacy policies with a total of 23K annotations for data practices in privacy policy text.

For further details on the corpus, please read our ACL'16 paper introducing the corpus:

S. Wilson, F. Schaub, A. Dara, F. Liu, S. Cherivirala, P.G. Leon, M.S. Andersen, S. Zimmeck, K. Sathyendra, N.C. Russell, T.B. Norton, E. Hovy, J.R. Reidenberg, N. Sadeh, "The Creation and Analysis of a Website Privacy Policy Corpus." ACL '16: Annual Meeting of the Association for Computational Linguistics, Aug 2016 [pdf]


Privacy and Language Technologies Symposium | Jul 2016

Shomir Wilson, Alessandro Oltramari and Fei Liu are organizing a AAAI Fall Symposium titled "Privacy and Language Technologies." It will be held on November 17-19 in Arlington, Virginia. The submission deadline for short and long papers is July 22. See the symposium website for more details.


SOUPS '16 | Jun 2016

The Usable Privacy Policy Project has a considerable presence at the Symposium on Usable Privacy and Security (SOUPS) this year. Multiple project members are presenting full papers, workshop papers and posters in Denver at the end of June:

Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online
A. Rao, F. Schaub, N. Sadeh, A. Acquisti, R. Kang
Full paper

How Short is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices

J. Gluck, F. Schaub, A. Friedman, H. Habib, N. Sadeh, L. F. Cranor, Y. Agarwal
Full paper

Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions
B. Liu, M. S. Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh, Y. Agarwal, A. Acquisti
Full paper

Rating Indicator Criteria for Privacy Policies
J.R. Reidenberg, N.C. Russell, T.B. Norton
Workshop paper

Visualization and Interactive Exploration of Data Practices in Privacy Policies
S.K. Cherivirala, F. Schaub, M.S. Andersen, S. Wilson, N. Sadeh, J.R. Reidenberg
Poster

Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work?
S. Wilson, F. Schaub, R. Ramanath, N. Sadeh, F. Liu, N.A. Smith, F. Liu
Poster


Project newsletter | Jun 2016

With the project now in its third year, we published a newsletter which is intended to highlight some of our progress and activities over the past year. Our goal is to grow our project into a broader community of organizations and individuals interested in collaborating in this area.
uppp-newsletter-june2016.pdf


Expert address at Hong Kong University | Jun 2016

Norman Sadeh delivers expert address on “Privacy in the Age of IoT: New Technologies for Users and Regulators” at Hong Kong University.


Privacy Risk Summit 2016 | Jun 2016

Florian Schaub speaks on "Designing Notice and Consent for the Internet of Things" at the Privacy Risk Summit 2016 in San Francisco.


Privacy Indicator Workshops at SOUPS | Jun 2016

Florian Schaub is co-organizing two workshops at the 2016 Symposium on Usable Privacy and Security (SOUPS) on June 22, 2016, in Denver, CO.

Workshop on Privacy Indicators
This workshop focuses on the current state of privacy indicators, such as privacy policies, privacy seals, icons, notices, tones, strobe lights, scents, vibrations, or other perceptual means.

Will Drones Deliver My Privacy Policy? Workshop on the Future of Privacy Indicators
This workshop provides an opportunity for those engaged in researching privacy policies, notices, indicators, and other related topics to think creatively about the next evolution of notice and consent.

The deadline for submitting contributions to both workshops is May 16, 2016.


TOSEM article | May 2016

The article Mining Privacy Goals from Privacy Policies Using Hybridized Task Recomposition by Jaspreet Bhatia, Travis Breaux and Florian Schaub has been published in the ACM Transactions on Software Engineering and Methodology (TOSEM).


TA-COS '16 | May 2016

Shomir Wilson presents our paper "Demystifying Privacy Policies Using Language Technologies: Progress and Challenges" at the LREC Workshop on Text Analytics for Cybersecurity and Online Safety (TA-COS 2016).


Kiplinger interview | May 2016

Kiplinger recently conducted an interview with Norman Sadeh on the Usable Privacy Policy Project and the recently launched Privacy Policy Exploration Website. The interview is available online on the Kiplinger website.


ICSE '16 | May 2016

The paper "Toward a Framework for Detecting Privacy Policy Violation in Android Application Code," co-authored by Jaspreet Bhatia and Travis Breaux, has been accepted at ICSE '16, the ACM/IEEE 38th International Software Engineering Conference.


WWW '16 | Apr 2016

Shomir Wilson presents our paper "Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work?" at the 25th International World Wide Web Conference in Montréal, Canada. The paper has been selected as one of five nominees for WWW's Best Paper Award.


Data exploration site in the news | Mar 2016

Our recently launched privacy policy data exploration site explore.usableprivacy.org received considerable media attention, including articles on lifehacker.com, the Consumerist, and SC Magazine. See the CMU press release.


Presentation at FPF Education Working Group | Mar 2016

Joel Reidenberg presented the Usable Privacy Project and the explore.usableprivacy.org website to the Future of Privacy Forum’s industry working group on education. The group focuses on privacy issues in the education sector.


USEC '16 | Feb 2016

Pranshu Kalvani, a graduate of CMU's MSIT Privacy Engineering program, presents our paper "Watching Them Watching Me: Browser Extensions’ Impact on User Privacy Awareness and Concern" at the NDSS Workshop on Usable Security (USEC) in San Diego, CA.


explore.usableprivacy.org | Feb 2016

We launched a dedicated website to enable the exploration of some of the project’s data and analysis results. The website explore.usableprivacy.org allows to see different types of data practices highlighted in privacy policies of different websites.


CMU Privacy Day 2016 | Jan 2016

On Jan. 28, CMU celebrates the International Data Privacy Day with an exciting schedule of privacy-related events. Norman Sadeh and Lorrie Cranor host Ed Felten, Deputy US Chief Technology Officer who will give the event's keynote address.

Join us at CMU on January 28, 2016! Find more information and the schedule of events at the Privacy Day website.


FTC PrivacyCon | Jan 2016

Multiple project members are presenting papers at the Federal Trade Commission's PrivacyCon on Jan. 14, 2016. Florian Schaub presents the Usable Privacy Policy Project. Ashwini Rao presents our research on mismatched privacy expectations online. Norman Sadeh presents our research on personalized privacy assistants. Alessandro Acquisti presents research on targeted advertising. Lorrie Cranor speaks in her new role as the FTC's Chief Technologist.

More information about PrivacyCon and a live webcast are available on the event page.


Privacy Papers for Policymakers | Jan 2016

The paper "A Design Space for Effective Privacy Notices" (pdf) by Florian Schaub, Rebecca Balebako, Adam Durity and Lorrie Cranor has been selected by the Future of Privacy Forum as one of five Privacy Papers for Policymakers 2015. Joel Reidenberg's paper "The Transparent Citizen" received an honorable mention. The authors will present their work at an FPF event on January 13 in Washington, D.C. Lorrie Cranor will further give the opening remarks at the event in her new role as the FTC's Chief Technologist.


2015

FTC Chief Technologist | Dec 2015

Lorrie Cranor has been appointed by the Federal Trade Commission as the agency's new Chief Technologist starting in January 2016. FTC Press Release


European PLSC '15 | Oct 2015

Tom Norton's paper "Crowdsourcing Privacy Policy Interpretation" will be workshopped at the inaugural European PLSC held in Amsterdam in October 2015.


Privacy + Security Forum | Oct 2015

Lorrie Cranor, Alessandro Acquisti, Joel Reidenberg and Florian Schaub will speak at the first Privacy + Security Forum in Washington, D.C. The event is organized by Professors Daniel Solove and Paul Schwartz.


Univ. of Chicago Coase-Sandor Conference | Oct 2015

Joel Reidenberg and Jaspreet Bhatia presented “Automated Comparison of Privacy Policy Ambiguity and the Impact of Regulation” co-authored with Travis Breaux and Tom Norton to the University of Chicago Coase-Sandor Conference on Contracting over Privacy.


SPSM'15 Workshop | Oct 2015

Rebecca Balebako presents our paper "The Impact of Timing on the Salience of Smartphone App Privacy Notices" at SPSM '15, the 5th Annual Workshop on Security and Privacy in Smartphones and Mobile Devices, which is associated with the ACM Conference on Computer and Communications Security (CCS).


TPRC '15 | Sep 2015

At TPRC43, Tom Norton presents the paper "Crowdsourcing Privacy Policy Interpretation" and Amanda Grannis presents the paper "Elements of Effective Notice in the Online Age."


CCC Privacy by Design Workshop on Privacy Engineering | Aug 2015

Travis Breaux organizes the Privacy Engineering workshop of the CCC Privacy by Design workshop series in Pittsburgh on Aug. 31 & Sept. 1.
Lorrie Cranor participates in a Privacy Standards panel, speaking about the original design of P3P, its implementation in IE5, and adoption by websites.


RE '15 | Aug 2015

Travis Breaux presents the paper "Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications." at the IEEE 23rd International Requirements Engineering Conference (RE'15) in Ottawa, Canada.


RELAW '15 | Aug 2015

Jaspreet Bhatia presents the paper the paper "Towards an Information Type Lexicon for Privacy Policies” at the 8th IEEE International Workshop on Requirements Engineering and Law (RELAW) in Ottawa, Canada.


CLIP-NY AG Briefing | Jul 2015

On July 22, Joel Reidenberg, Cameron Russell, Thomas Norton, Antoine Bon, Timothy Carter and Stephanie Tallering present the Usable Privacy Policy Project and related privacy research to the legal staff and chief of the Internet Bureau in the NY Attorney General’s Office.


SOUPS '15 | Jul 2015

Florian Schaub presents our paper titled "A Design Space for Effective Privacy Notices" at SOUPS '15 the Eleventh Symposium on Usable Privacy and Security in Ottawa, Canada.


PPS workshop @ SOUPS | Jul 2015

Alessandro Acquisti and Norman Sadeh co-organize the Second Annual Privacy Personas and Segmentation Workshop (PPS) at SOUPS.
Pedro Leon presents our paper on users' willingness to share information for online-behavioral advertising. A longer version of the paper is available as a technical report.


FPF/CMU Research Showcase | Jul 2015

On July 9, Norman Sadeh, Lorrie Cranor and Travis Breaux present the Usable Privacy Policy Project and related privacy research at the Carnegie Mellon Privacy Research Showcase hosted by the Future of Privacy Forum.


Ono Academic College | Jul 2015

Joel Reidenberg presents the Usable Privacy Policy Project and our paper, "Automated Measurement of Privacy Policy Ambiguity” at the Faculty Workshop of the Ono Academic College in Kiryat Ono, Israel.


PLSC '15 | Jun 2015

Joel R. Reidenberg, Jaspreet Bhatia and Travis D. Breaux present the paper "Automated Measurement of Privacy Policy Ambiguity” at the 8th Privacy Law Scholars Conference in Berkeley, California.


Visiting researcher | Jun 2015

Sebastian Zimmeck (Columbia University) joins the project as a visiting researcher over the summer.


Experts Address at University of Hong Kong | May 2015

Norman Sadeh gives a presentation titled Scaling Privacy in the Age of the Internet of Things: Could Artificial Intelligence Hold the Solution? as part of the Experts Address Series in the University of Hong Kong's Electronic Commerce and Internet Computing Master program.


CLIP Privacy Symposium | May 2015

The Fordham University Center on Law and Information Policy (CLIP) organizes the Ninth Law and Information Society Symposium titled Solving Privacy Around the World. Project members participate in the panel titled "Consent Models and Technological Complexity."


NAACL '15 | May 2015

Fei Liu presents our paper titled "Toward Abstractive Summarization Using Semantic Representations" at the 2015 Conference of the North American Chapter of the Association for Computational Linguistics – Human Language Technologies (NAACL '15) in Denver, CO.


2015 Consumer Assembly | Mar 2015

Pedro Leon is a speaker on the panel “Consumer Information Disclosures: When Are They Useful?” at the 2015 Consumer Assembly organized by the Consumer Federation of America.


White House Cybersecurity Summit | Feb 2015

Lorrie Cranor participated in the White House Cybersecurity Summit on February 13, 2015. See press coverage by Peninsula Press and San Jose Mercury News.


CMU Privacy Day 2015 | Jan 2015

Lorrie Cranor, Norman Sadeh and Florian Schaub organize the CMU Privacy Day 2015 to celebrate the international data privacy day on January 28. FTC Commissioner Julie Brill is the keynote speaker.


CPDP '15 | Jan 2015

Joel Reidenberg organizes a panel on "Can automated processing make privacy notice/choice more effective for users and DPAs?" at the 8th International Conference on Computers, Privacy & Data Protection (CPDP) in Brussels. Panelists are project members Joel Reidenberg, N. Cameron Russell, and Florian Schaub, as well as Aaron Burstein (FTC), Alexander Dix (data protection commissioner of Berlin), and Gwendal Le Grand (CNIL).

A video recording of the panel is available online.


2014

PASSAT '14 | Dec 2014

Ashwini Rao presents our paper on contents and concerns of online behavioral profiles at the International Conference on Privacy, Security, Risk and Trust (PASSAT) in Cambridge, MA.


T-Labs Privacy workshop | Nov 2014

Florian Schaub presents the usable privacy policy project at the Workshop on End-User Privacy at T-Labs / TU Berlin.


HCOMP '14 | Nov 2014

Florian Schaub and Rohan Ramanath present two posters on crowdsourcing annotations of privacy policies (poster 1, poster 2) at the Conference on Human Computation & Crowdsourcing (HCOMP) in Pittsburgh, PA.


CyLab Partners Conference | Oct 2014

Multiple project members give presentations and present projected-related posters at the CMU CyLab Partners Conference.


TPRC '14 | Sep 2014

Joel Reidenberg, N. Cameron Russell, and Pedro Leon present three project papers at the 42nd Research Conference on Communication, Information and Internet Policy (TPRC) in Arlington, VA.


Article in Privacy Engineering Journal | Sep 2014

The article Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements authored by Travis D. Breaux, Hanan Hibshi and Ashwini Rao appears in the Requirements Engineering Journal (vol. 19. no. 3, pp. 281–307).


RE '14 | Sep 2014

Travis Breaux presents our paper titled Scaling requirements extraction to the crowd at the 22nd IEEE International Requirements Engineering Conference (RE) in Karlskrona, Sweden.


COLING '14 | Aug 2014

Fei Liu presents our paper on automatic alignment of privacy statements at the 25th International Conference on Computational Linguistics (COLING) in Dublin, Ireland.


SOUPS '14 | Jul 2014

Alessandro Acquisti and Norman Sadeh co-organize the Workshop on Privacy Personas and Segmentation at the Symposium on Usable Privacy and Security (SOUPS 2014) at Facebook headquarters in Menlo Park, CA.

Project members also present a full paper on modeling users' mobile privacy preferences and two posters at SOUPS.


Workshop on the Future of Privacy Notice and Choice | Jun 2014

Lorrie Faith Cranor and Norman Sadeh organize the Workshop on the Future of Privacy Notice and Choice held on June 27 at Carnegie Mellon University. The workshop will include invited speakers; panels focussing on users, technology, and public policy; and a research poster session. Participation is free of charge, but registration is required.


ACL '14 | Jun 2014

Rohan Ramanath presents our paper on unsupervised alignment of privacy policies at the Annual Meeting of the Association for Computational Linguistics (ACL) in Baltimore, MD.


PLSC '14 | Jun 2014

Pedro Leon presents our work on understanding users' attitudes towards Online Behavioral Advertising (OBA) at the Privacy Law Scholars Conference (PLSC) in Washington, DC.


Bank Privacy | Jun 2014

Pedro Leon, Lorrie Cranor and Blase Ur launch the Bank Privacy website. It hosts information about the data practices of more than 6,000 U.S. financial institutions, which were obtained by automatically retrieving and analyzing the institutions' standardized privacy notices. Consumers can learn how their financial institutions handle their personal information and compare data practices of different institutions. A paper detailing the work is currently under review.


Technology Review op-ed | Apr 2014

Lorrie Cranor’s op-ed It is difficult to protect your privacy even if you know how was featured in the April 23, 2014 issue of MIT Technology Review.


WWW '14 | Apr 2014

Our paper on creating privacy preference profiles for smartphone users is presented at the 23rd International World Wide Web Conference (WWW) in Seoul, Korea. The paper is titled Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?


2013

Tech report published | Dec 2013

Our tech report The Usable Privacy Policy Project: Combining Crowdsourcing, Machine Learning and Natural Language Processing to Semi-Automatically Answer Those Privacy Questions Users Care About is now available. The tech report provides an overview of the project, its objectives, and our approach.


Project proposal accepted by NSF | Aug 2013

NSF announces the selection of our project as one of three Frontier research projects under the Secure and Trustworthy Computing program: NSF invests $20 million in large projects to keep our nation's cyberspace secure and trustworthy.

See also press releases from CMU, Fordham and Stanford.

Additional press coverage: Pittsburgh Post Gazette (Aug 21, 2013) and Pittsburgh Business Times (Aug 21, 2013).