Subscribe to our mailing list to receive news and updates on the project!
NSF News From the Field | Mar 2018
NSF's News From the Field recently featured our research on automatically interpreting statements found in privacy policies. The article is based on the new release of our explore.usableprivacy.org website.
FTC PrivacyCon | Feb 2018
Several project members will be presenting at the upcoming Federal Trade Commission's PrivacyCon conference on Feb 28, 2018. Jaspreet Bhatia will present our work on "Empirical Measurement of Perceived Privacy Risk." Norman Sadeh will present our work on "Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications." Peter Story will present a poster, titled "Which Apps have Privacy Policies?"
Computers, Privacy & Data Protection Conference | Jan 2018
Keynote at 'GDPR and Privacy Engineering Research' Workshop | Nov 2017
Norman Sadeh to keynote workshop on "Privacy Engineering Research and the GDPR" along with EU Data Protection Supervisor, Leuven, Belgium.
Article in The Conversation | Oct 2017
Privacy + Security Forum | Oct 2017
Joel Reidenberg and Norman Sadeh presented work from the Usable Privacy Project respectively on the panels “The GDPR and Technology” and “From Big Data to Machine Learning to AI” at the Privacy + Security Forum in Washington, DC.
Privacy Bridges at 39th ICDPPC | Sep 2017
The Privacy Bridges Implementation Project report “A Roadmap to Enhancing User Control via Privacy Dashboards” presented at the 39th International Conference of Data Protection and Privacy Commissioners highlighted our work on vagueness and mobile app compliance.
Law + Design = Summit | Sep 2017
Florian Schaub talked about our research on designing effective privacy notices at the Law + Design = Summit at the Stanford d.school.
CDT on Connected Cars | Aug 2017
The Center for Democracy and Technology (CDT) relies on results from our Mobile App Privacy Compliance tool in a study conducted to provide follow-up comments to the FTC/NHTSA workshop on Connected Cars.
SOUPS 2017 | Jul 2017
PLSC 2017 | Jun 2017
Our work on "Mobile App Privacy Compliance: Automated Technology to Help Regulators, App Stores and Developers" will be presented at the Privacy Law Scholar Conference (PLSC) by Sebastian Zimmeck. The co-authors are Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg.
ConPro ’17 | May 2017
Invited presentation by Norman Sadeh on our research at FTC Technology and Consumer Protection Workshop (ConPro ’17) in San Jose (co-located with 38th IEEE Symposium on Security & Privacy Conference).
ICSE 2017 | May 2017
Jaspreet Bhatia presented a talk based on her paper, "Mining Privacy Goals from Privacy Policies Using Hybridized Task Recomposition." The talk was on May 24th 2017, in Buenos Aires.
US Patent and Trademark Office | Apr 2017
Lorrie Cranor spoke about design and evaluation of notices at the USPTO on April 18th.
IAPP Global Privacy Summit | Apr 2017
Lorrie Cranor ran an active learning session on Designing Notice and Consent for the Internet of Things at the IAPP Global Privacy Summit on April 18th.
Legal IT Conference | Mar 2017
NDSS 2017 | Feb 2017
Sebastian Zimmeck presents our paper Automated Analysis of Privacy Requirements for Mobile Apps at the Network and Distributed System Security Symposium (NDSS) at the end of February in San Diego.
CyLab Distinguished Seminar | Feb 2017
"What if Computers Understood Privacy Policies? And, What if They Knew What We Care About?" Norman Sadeh is the speaker at CyLab’s Distinguished Seminar on February 20.
World Federation of Advertisers' Digital Governance Exchange | Feb 2017
FTC PrivacyCon | Jan 2017
Sebastian Zimmeck to present our paper on "Automated Analysis of Privacy Requirements for Mobile Apps" as part of session on mobile privacy at the FTC's PrivacyCon. Co-authors include Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg.
7th Annual Privacy Papers for Policymakers | Jan 2017
Joel Reidenberg, Jaspreet Bhatia, Travis Breaux, and Thomas B. Norton receive an honorable mention for their paper, "Ambiguity in Privacy Policies and the Impact of Regulation" at the 7th Annual Privacy Papers for Policymakers event. Alessandro Acquisti to give meeting keynote.
NSF's Secure and Trustworthy Cyberspace (SaTC) PIs’ Meeting | Jan 2017
Norman Sadeh to present our Frontier project on Usable Privacy Policies and also participate in panel on “Conceiving and Running Center-Scale Frontier Projects” at the NSF's Secure and Trustworthy Cyberspace (SaTC) Principal Investigators’ Meeting. Alessandro Acquisti to give closing keynote on January 11.
Privacy and Language Technologies Symposium | Nov 2016
Lexical Similarity of Information Type Hypernyms, Meronyms and Synonyms in Privacy Policies
M. Bokaei Hosseini, S. Wadkar, T.D. Breaux, J. Niu
Analyzing Vocabulary Intersections of Expert Annotations and Topic Models for Data Practices in Privacy Policies
F. Liu, S. Wilson, F. Schaub, N. Sadeh
Automatic Extraction of Opt-Out Choices from Privacy Policies
K.M. Sathyendra, F. Schaub, S. Wilson, N. Sadeh
Automated Analysis of Privacy Requirements for Mobile Apps
S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg
CMU Press Release About Mobile App Compliance | Nov 2016
CMU press release on our mobile app compliance tool and our work with the California Office of the Attorney General features Sebastian Zimmeck and Norman Sadeh.
Computational Methods in Law | Nov 2016
Florian Schaub presents our research as an invited speaker at the Symposium Computational Methods in Law: A European Perspective on Nov. 10 in Ulm, Germany. The symposium provides a multi-disciplinary perspective on the application of computational methods in the legal domain and is jointly hosted by the University of Heidelberg and Ulm University.
HCOMP 2016 | Oct 2016
Shomir Wilson presents our paper Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work? (pdf) as part of the Encore Track at the Fourth AAAI Conference on Human Computation and Crowdsourcing, in Austin, Texas. This track will consist of presentations for three top papers on human computation and crowdsourcing from peer venues. Our paper was a Best Paper Finalist at the 25th International World Wide Web Conference in April.
Collaboration with California AG | Oct 2016
The California Attorney General’s Office has been piloting our Mobile App Privacy Compliance tool for the past several months. See recent press release from the California AG’s Office. This is work funded under our NSF Frontier project on Usable Privacy Policies and our DARPA Brandeis Personalized Privacy Assistant Project.
Privacy+Security Forum | Oct 2016
Project in the News | Sep 2016
Our project was recently featured in CIO Magazine. Joel Reidenberg and Florian Schaub's presentations at the FTC Workshop "Putting Disclosures to the Test" were further mentioned in articles from National Law Review, AdExchanger, and Lexology.
FTC Workshop: Putting Disclosures to the Test | Sep 2016
Joel Reidenberg and Florian Schaub present our research at the Federal Trade Commission's public workshop Putting Disclosures to the Test on Sept. 15, 2016. Joel Reidenberg talks about ambiguity in privacy policies. Florian Schaub talks about contextualizing and personalizing privacy notices and controls. Lorrie Cranor co-organizes the workshop in her role as the FTC's Chief Technologist.
More information about the Putting Disclosures to the Test workshop and a live webcast are available on the event page.
RE 2016 | Sep 2016
Jaspreet Bhatia presents the paper "A Theory of Vagueness and Privacy Risk Perception" at the IEEE 24th International Requirements Engineering Conference (RE'16) in Beijing, China.
Jaspreet will also present a paper at the co-located Workshop on Artificial Intelligence for Requirements Engineering (AIRE) titled "Automated Extraction of Information Type Hyponymy from Privacy Policies."
ACL 2016 | Aug 2016
OPP-115 Corpus Release | Jul 2016
For further details on the corpus, please read our ACL'16 paper introducing the corpus:
Privacy and Language Technologies Symposium | Jul 2016
Shomir Wilson, Alessandro Oltramari and Fei Liu are organizing a AAAI Fall Symposium titled "Privacy and Language Technologies." It will be held on November 17-19 in Arlington, Virginia. The submission deadline for short and long papers is July 22. See the symposium website for more details.
SOUPS '16 | Jun 2016
Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online
A. Rao, F. Schaub, N. Sadeh, A. Acquisti, R. Kang
How Short is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices
J. Gluck, F. Schaub, A. Friedman, H. Habib, N. Sadeh, L. F. Cranor, Y. Agarwal
Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions
B. Liu, M. S. Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh, Y. Agarwal, A. Acquisti
Rating Indicator Criteria for Privacy Policies
J.R. Reidenberg, N.C. Russell, T.B. Norton
Visualization and Interactive Exploration of Data Practices in Privacy Policies
S.K. Cherivirala, F. Schaub, M.S. Andersen, S. Wilson, N. Sadeh, J.R. Reidenberg
Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work?
S. Wilson, F. Schaub, R. Ramanath, N. Sadeh, F. Liu, N.A. Smith, F. Liu
Project newsletter | Jun 2016
With the project now in its third year, we published a newsletter which is intended to highlight some of our progress and activities over the past year. Our goal is to grow our project into a broader community of organizations and individuals interested in collaborating in this area.
Expert address at Hong Kong University | Jun 2016
Norman Sadeh delivers expert address on “Privacy in the Age of IoT: New Technologies for Users and Regulators” at Hong Kong University.
Privacy Risk Summit 2016 | Jun 2016
Florian Schaub speaks on "Designing Notice and Consent for the Internet of Things" at the Privacy Risk Summit 2016 in San Francisco.
Privacy Indicator Workshops at SOUPS | Jun 2016
Florian Schaub is co-organizing two workshops at the 2016 Symposium on Usable Privacy and Security (SOUPS) on June 22, 2016, in Denver, CO.
Workshop on Privacy Indicators
This workshop focuses on the current state of privacy indicators, such as privacy policies, privacy seals, icons, notices, tones, strobe lights, scents, vibrations, or other perceptual means.
This workshop provides an opportunity for those engaged in researching privacy policies, notices, indicators, and other related topics to think creatively about the next evolution of notice and consent.
The deadline for submitting contributions to both workshops is May 16, 2016.
TOSEM article | May 2016
The article Mining Privacy Goals from Privacy Policies Using Hybridized Task Recomposition by Jaspreet Bhatia, Travis Breaux and Florian Schaub has been published in the ACM Transactions on Software Engineering and Methodology (TOSEM).
TA-COS '16 | May 2016
Shomir Wilson presents our paper "Demystifying Privacy Policies Using Language Technologies: Progress and Challenges" at the LREC Workshop on Text Analytics for Cybersecurity and Online Safety (TA-COS 2016).
Kiplinger interview | May 2016
ICSE '16 | May 2016
WWW '16 | Apr 2016
Shomir Wilson presents our paper "Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work?" at the 25th International World Wide Web Conference in Montréal, Canada. The paper has been selected as one of five nominees for WWW's Best Paper Award.
Data exploration site in the news | Mar 2016
Presentation at FPF Education Working Group | Mar 2016
Joel Reidenberg presented the Usable Privacy Project and the explore.usableprivacy.org website to the Future of Privacy Forum’s industry working group on education. The group focuses on privacy issues in the education sector.
USEC '16 | Feb 2016
Pranshu Kalvani, a graduate of CMU's MSIT Privacy Engineering program, presents our paper "Watching Them Watching Me: Browser Extensions’ Impact on User Privacy Awareness and Concern" at the NDSS Workshop on Usable Security (USEC) in San Diego, CA.
explore.usableprivacy.org | Feb 2016
We launched a dedicated website to enable the exploration of some of the project’s data and analysis results. The website explore.usableprivacy.org allows to see different types of data practices highlighted in privacy policies of different websites.
CMU Privacy Day 2016 | Jan 2016
On Jan. 28, CMU celebrates the International Data Privacy Day with an exciting schedule of privacy-related events. Norman Sadeh and Lorrie Cranor host Ed Felten, Deputy US Chief Technology Officer who will give the event's keynote address.
Join us at CMU on January 28, 2016! Find more information and the schedule of events at the Privacy Day website.
FTC PrivacyCon | Jan 2016
More information about PrivacyCon and a live webcast are available on the event page.
Privacy Papers for Policymakers | Jan 2016
The paper "A Design Space for Effective Privacy Notices" (pdf) by Florian Schaub, Rebecca Balebako, Adam Durity and Lorrie Cranor has been selected by the Future of Privacy Forum as one of five Privacy Papers for Policymakers 2015. Joel Reidenberg's paper "The Transparent Citizen" received an honorable mention. The authors will present their work at an FPF event on January 13 in Washington, D.C. Lorrie Cranor will further give the opening remarks at the event in her new role as the FTC's Chief Technologist.
FTC Chief Technologist | Dec 2015
Lorrie Cranor has been appointed by the Federal Trade Commission as the agency's new Chief Technologist starting in January 2016. FTC Press Release
European PLSC '15 | Oct 2015
Privacy + Security Forum | Oct 2015
Lorrie Cranor, Alessandro Acquisti, Joel Reidenberg and Florian Schaub will speak at the first Privacy + Security Forum in Washington, D.C. The event is organized by Professors Daniel Solove and Paul Schwartz.
Univ. of Chicago Coase-Sandor Conference | Oct 2015
SPSM'15 Workshop | Oct 2015
Rebecca Balebako presents our paper "The Impact of Timing on the Salience of Smartphone App Privacy Notices" at SPSM '15, the 5th Annual Workshop on Security and Privacy in Smartphones and Mobile Devices, which is associated with the ACM Conference on Computer and Communications Security (CCS).
TPRC '15 | Sep 2015
CCC Privacy by Design Workshop on Privacy Engineering | Aug 2015
Travis Breaux organizes the Privacy Engineering workshop of the CCC Privacy by Design workshop series in Pittsburgh on Aug. 31 & Sept. 1.
Lorrie Cranor participates in a Privacy Standards panel, speaking about the original design of P3P, its implementation in IE5, and adoption by websites.
RE '15 | Aug 2015
Travis Breaux presents the paper "Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications." at the IEEE 23rd International Requirements Engineering Conference (RE'15) in Ottawa, Canada.
RELAW '15 | Aug 2015
Jaspreet Bhatia presents the paper the paper "Towards an Information Type Lexicon for Privacy Policies” at the 8th IEEE International Workshop on Requirements Engineering and Law (RELAW) in Ottawa, Canada.
CLIP-NY AG Briefing | Jul 2015
SOUPS '15 | Jul 2015
Florian Schaub presents our paper titled "A Design Space for Effective Privacy Notices" at SOUPS '15 the Eleventh Symposium on Usable Privacy and Security in Ottawa, Canada.
PPS workshop @ SOUPS | Jul 2015
Alessandro Acquisti and Norman Sadeh co-organize the Second Annual Privacy Personas and Segmentation Workshop (PPS) at SOUPS.
Pedro Leon presents our paper on users' willingness to share information for online-behavioral advertising. A longer version of the paper is available as a technical report.
FPF/CMU Research Showcase | Jul 2015
Ono Academic College | Jul 2015
PLSC '15 | Jun 2015
Visiting researcher | Jun 2015
Sebastian Zimmeck (Columbia University) joins the project as a visiting researcher over the summer.
Experts Address at University of Hong Kong | May 2015
Norman Sadeh gives a presentation titled Scaling Privacy in the Age of the Internet of Things: Could Artificial Intelligence Hold the Solution? as part of the Experts Address Series in the University of Hong Kong's Electronic Commerce and Internet Computing Master program.
CLIP Privacy Symposium | May 2015
The Fordham University Center on Law and Information Policy (CLIP) organizes the Ninth Law and Information Society Symposium titled Solving Privacy Around the World. Project members participate in the panel titled "Consent Models and Technological Complexity."
NAACL '15 | May 2015
Fei Liu presents our paper titled "Toward Abstractive Summarization Using Semantic Representations" at the 2015 Conference of the North American Chapter of the Association for Computational Linguistics – Human Language Technologies (NAACL '15) in Denver, CO.
2015 Consumer Assembly | Mar 2015
Pedro Leon is a speaker on the panel “Consumer Information Disclosures: When Are They Useful?” at the 2015 Consumer Assembly organized by the Consumer Federation of America.
White House Cybersecurity Summit | Feb 2015
CMU Privacy Day 2015 | Jan 2015
CPDP '15 | Jan 2015
Joel Reidenberg organizes a panel on "Can automated processing make privacy notice/choice more effective for users and DPAs?" at the 8th International Conference on Computers, Privacy & Data Protection (CPDP) in Brussels. Panelists are project members Joel Reidenberg, N. Cameron Russell, and Florian Schaub, as well as Aaron Burstein (FTC), Alexander Dix (data protection commissioner of Berlin), and Gwendal Le Grand (CNIL).
A video recording of the panel is available online.
PASSAT '14 | Dec 2014
Ashwini Rao presents our paper on contents and concerns of online behavioral profiles at the International Conference on Privacy, Security, Risk and Trust (PASSAT) in Cambridge, MA.
T-Labs Privacy workshop | Nov 2014
HCOMP '14 | Nov 2014
Florian Schaub and Rohan Ramanath present two posters on crowdsourcing annotations of privacy policies (poster 1, poster 2) at the Conference on Human Computation & Crowdsourcing (HCOMP) in Pittsburgh, PA.
CyLab Partners Conference | Oct 2014
Multiple project members give presentations and present projected-related posters at the CMU CyLab Partners Conference.
TPRC '14 | Sep 2014
Joel Reidenberg, N. Cameron Russell, and Pedro Leon present three project papers at the 42nd Research Conference on Communication, Information and Internet Policy (TPRC) in Arlington, VA.
Article in Privacy Engineering Journal | Sep 2014
The article Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements authored by Travis D. Breaux, Hanan Hibshi and Ashwini Rao appears in the Requirements Engineering Journal (vol. 19. no. 3, pp. 281–307).
RE '14 | Sep 2014
Travis Breaux presents our paper titled Scaling requirements extraction to the crowd at the 22nd IEEE International Requirements Engineering Conference (RE) in Karlskrona, Sweden.
COLING '14 | Aug 2014
Fei Liu presents our paper on automatic alignment of privacy statements at the 25th International Conference on Computational Linguistics (COLING) in Dublin, Ireland.
SOUPS '14 | Jul 2014
Alessandro Acquisti and Norman Sadeh co-organize the Workshop on Privacy Personas and Segmentation at the Symposium on Usable Privacy and Security (SOUPS 2014) at Facebook headquarters in Menlo Park, CA.
Project members also present a full paper on modeling users' mobile privacy preferences and two posters at SOUPS.
Workshop on the Future of Privacy Notice and Choice | Jun 2014
Lorrie Faith Cranor and Norman Sadeh organize the Workshop on the Future of Privacy Notice and Choice held on June 27 at Carnegie Mellon University. The workshop will include invited speakers; panels focussing on users, technology, and public policy; and a research poster session. Participation is free of charge, but registration is required.
ACL '14 | Jun 2014
Rohan Ramanath presents our paper on unsupervised alignment of privacy policies at the Annual Meeting of the Association for Computational Linguistics (ACL) in Baltimore, MD.
PLSC '14 | Jun 2014
Pedro Leon presents our work on understanding users' attitudes towards Online Behavioral Advertising (OBA) at the Privacy Law Scholars Conference (PLSC) in Washington, DC.
Bank Privacy | Jun 2014
Pedro Leon, Lorrie Cranor and Blase Ur launch the Bank Privacy website. It hosts information about the data practices of more than 6,000 U.S. financial institutions, which were obtained by automatically retrieving and analyzing the institutions' standardized privacy notices. Consumers can learn how their financial institutions handle their personal information and compare data practices of different institutions. A paper detailing the work is currently under review.
Technology Review op-ed | Apr 2014
Lorrie Cranor’s op-ed It is difficult to protect your privacy even if you know how was featured in the April 23, 2014 issue of MIT Technology Review.
WWW '14 | Apr 2014
Our paper on creating privacy preference profiles for smartphone users is presented at the 23rd International World Wide Web Conference (WWW) in Seoul, Korea. The paper is titled Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
Tech report published | Dec 2013
Project proposal accepted by NSF | Aug 2013
NSF announces the selection of our project as one of three Frontier research projects under the Secure and Trustworthy Computing program: NSF invests $20 million in large projects to keep our nation's cyberspace secure and trustworthy.