SoK: Technical Implementation and Human Impact of Internet Privacy Regulations

Eleanor Birrell,Jay Rodolitz,Angel Ding,Jenna Lee,Emily McReynolds,Jevan Hutson,Ada Lerner
DOI: https://doi.org/10.48550/arXiv.2312.15383
2023-12-24
Abstract:Growing recognition of the potential for exploitation of personal data and of the shortcomings of prior privacy regimes has led to the passage of a multitude of new online privacy regulations. Some of these laws -- notably the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) -- have been the focus of large bodies of research by the computer science community, while others have received less attention. In this work, we analyze a set of Internet privacy and data protection regulations drawn from around the world -- both those that have frequently been studied by computer scientists and those that have not -- and develop a taxonomy of rights granted and obligations imposed by these laws. We then leverage this taxonomy to systematize 270 technical research papers published in computer science venues that investigate the impact of these laws and explore how technical solutions can complement legal protections. Finally, we analyze the results in this space through an interdisciplinary lens and make recommendations for future work at the intersection of computer science and legal privacy.
Computers and Society
What problem does this paper attempt to address?
The main problems that this paper attempts to solve are: 1. **Understanding the impact of existing privacy regulations**: With the increasing risk of potential use of personal data and the inadequacies of previous privacy systems, a large number of new online privacy regulations have been passed worldwide. Among these regulations, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in California, have become the focus of computer science research. However, many other regulations have received less attention. Therefore, this paper aims to comprehensively analyze Internet privacy and data protection regulations from all over the world, including not only those often studied by computer scientists but also those less - noticed ones. 2. **Constructing a classification system of rights and obligations**: Through in - depth reading of these regulations, the authors have constructed a classification system that summarizes the rights granted and the obligations imposed by these laws. This system helps to systematically understand the commonalities and differences between different regulations. 3. **Systematizing relevant research literature**: Based on the constructed classification system, the author has carried out a systematized analysis of 270 technical research papers in the field of computer science. These papers explore the impact of these regulations and how technical solutions can supplement legal protection measures. 4. **Inter - disciplinary analysis and future research suggestions**: Finally, the author analyzes these research results from an inter - disciplinary perspective and proposes future research directions in the cross - field of computer science and legal privacy. In particular, the author discusses the limitations of the current privacy self - management paradigm and proposes the need to explore alternative paradigms to achieve more effective and fair privacy regulations. In summary, the goal of this paper is to provide scientific basis and guidance for future privacy regulation formulation through comprehensive analysis of existing privacy regulations and technical research.