Privacy and Data Collection

The rights to privacy and data protection are about the flow of personal information. Our approach to privacy research spans commercial, governmental, and organizational surveillance. Beyond research about law and policy, we engage with topics from security and privacy engineering, as well as foundational theory. Our work covers both United States and European legal systems, often drawing comparisons between them and other jurisdictions.

Surveillance

Commercial

What are private companies doing with the data trails individuals leave behind their activities online? When is behavioral advertising a beneficial form of personalization and when is it privacy-invasive or discriminatory? How should law and policy be designed to serve society's needs and values?

Government

What information are police and national security officials legally permitted to collect and about whom? What information should they be able to collect as a matter of ethics and policy? How can and should government surveillance be regulated in a democratic society?

Social and Organizational

Surveillance has become an everyday phenomenon — within workplaces, schools, families, and friendships. How do interpersonal and organizational monitoring change social relationships and power dynamics? How do they interact with social values like risk, discretion, and trust?

Security, Privacy, and Engineering

How are privacy and security matters addressed using technology? What do computer scientists, practitioners, and policy makers see as the role that technology can play in addressing matters of privacy and security? How do these interact with policy concepts like "regulation by design"? What are ways to organize the delegation of security and privacy matters to engineers in an accountable and responsible manner?

Theory

Privacy laws are underpinned by several, often conflicting, theories. Is privacy an end in itself, or only a means towards safeguarding other values? What functions does privacy serve for the individual and societally? How should conceptual issues be settled when advancing new laws?

 

Selected Research

• Victoria Adelmant, Angelina Fisher, and Margaret Meiman. Digitalization as Development: Rethinking the IFC’s Riskv. Assessment and Remedy Frameworks in the Context of Digital Technologies, International Organizations Clinic (2025) (link).
• Keren Fuentes, Mimee Xu, and Irene Chen, "Privacy-Preserving Dataset Combination," arXiv:2502.05765 (2025) (link).
• Keren Fuentes, Mimee Xu, and Irene Y. Chen. Dataset-to-Dataset Evaluation Before (and Without) Sharing Data, 8 Proc. AAAI/ACM Conf. on AI, Ethics, and Society 963 (2025) (link).
• Peter Hall, Olivia Mundahl, and Sunoo Park, The Pitfalls of “Security by Obscurity” and What They Mean for "Transparent AI.," 39 Proc. AAAI Conference on A.I., 28042, (2025) (link).
• Douglas W. Jones, Sunoo Park, Ronald L. Rivest, and Adam Sealfon, Scan, Shuffle, Rescan: Machine-assisted Election Audits with Untrusted Scanners, , Int'l Conf. on Fin. Cryptography and Data Security (FC 2024) 350 (2025) (link).
• Jacob Leiken and Sunoo Park, "On the Credibility of Deniable Communication in Court," arXiv:2510.16873 (2025) (link).
• Florencia Marotta-Wurgler and David Stein, Building a Long Text Privacy Policy Corpus with Multi-class Labels, 63 Proc. ACL 8156 (2025) (link).
• Kirsten Martin, Helen Nissenbaum, and Vitaly Shmatikov, No Cookies for You!: Evaluating the Promises of Big Tech's "Privacy-Enhancing Techniques," 9 Geo. L. Tech. Rev. 1 (2025) (link).
• Sebastian Benthall and Rachel Cummings, Integrating Differential Privacy and Contextual Integrity, CSLAW '24, 9 (2024) (link).
• Ignacio Cofone, and Warut Khern-am-nuai, The Overstated Cost of AI Fairness in Criminal Justice, 100 Ind. L.J. 1431 (2024) (link).
• Omar Vásquez Duque, Beyond the Banner: Exploring User Knowledge of Cookies and Attitudes Toward Targeted Advertising, L. & Econ. Center at George Mason University Scalia Law School Research Paper Series Forthcoming (2024) (link).
• Jack Cable, Andrés Fábrega, Sunoo Park, and Michael A. Specter, A Systematization of Voter Registration Security, 1 J. Cybersecurity 9 (2023) (link).
• Ignacio Cofone, Certifying Privacy Class Actions, 37 Harv. J.L. & Tech. 1149 (2023) (link).
• Sunoo Park, The Right to Vote Securely, 94 U. Colo. L. Rev. 1101 (2023) (link).
• Sunoo Park and Nicholas Spooner, The Superlinearity Problem in Post-quantum Blockchains, Int'l Conf. on Fin. Cryptography and Data Security (FC 2023) 200 (2023) (link).
• Jean-Baptiste Poline, Samir Das, Tristan Glatard, Cécile Madjar, Erin W. Dickie, Xavier Lecours, Thomas Beaudry et al. Data and Tools Integration in the Canadian Open Neuroscience Platform, 10 Sci. Data 189 (2023) (link).
• Jason Schultz, The Anti‑Ownership Ebook Economy, NYU Engelberg Center for Technology, Media, and Communications (2023) (link).
• Michael J. S. Beauvais, Sara M. Grimes, Darshana Jayemanne, and Seth Giddings, Children’s Privacy and Video Games: Comments on Commercial Surveillance ANPR, R111004 (2022) (link).
• Helen Nissenbaum, "Stewardship of Privacy or Private Capture of a Public Value?–A Note," SSRN:4154535 (2022) (link).
• Mimee Xu, Awni Hannun, and Laurens Van Der Maaten. Data Appraisal Without Data Sharing, 151 PMLR 11422 (2022) (link).
• Mimee Xu, Jiankai Sun, Xin Yang, Yuanshun Yao, and Chong Wang, Netflix and Forget: Fast Severance From Memorizing Training Data in Recommendations, NeurIPS ML Safety Workshop, (2022) (link).
• Sebastian Benthall and Katherine J. Strandburg, Agent-based Modeling as a Legal Theory Tool, 9 Front. Phys. 666386 (2021) (link).
• Sebastian Benthall, Michael Carl Tschantz, Erez Hatna, Joshua M. Epstein, and Katherine J. Strandburg, At the Boundary of Law and Software: Toward Regulatory Design with Agent-Based Modeling, In AMPM@ JURIX. (2021) (link).
• Sebastian Benthall and Salome Vilijoen, Data Market Discipline: From Financial Regulation to Data Governance, 8:2 J. Int'l & Comp. L. 459 (2021) (link).
• Aloni Cohen and Sunoo Park. Compelled Decryption and the Fifth Amendment: Exploring the Technical Boundaries, 32 Harv. J.L. & Tech. 169 (2018) (link).