Computing Technology and Policy
Empowering policy for a better world through a deep grasp of socio-technical implications.
Technology is invariably guided by policy. Whether it is public policy originating from government bodies or corporate policy, the technology landscape is bound and shaped by policy. And while it is important that current technologies comply with existing laws and policies, we must also strive to shape the future of technology. Both through the public and private sectors, it is imperative that a robust understanding of socio-technical implications lead to actionable policy that guides technology in a direction which betters the world.
Our work here at CMU addresses both the present concerns of existing law and policy as well as the needs of policymakers in shaping tech policies of the future. Our faculty is drawn from across campus, leveraging CMU’s rich traditions in public policy and computer science, to conduct research which affords us greater insight into the key concerns created by shifting laws and regulations in addition to preparing the next generation of thought-leaders and policymakers to take the reins.
While it is important that current technologies comply with existing laws and policies, we must also strive to shape the future of technology policy itself.
Example Research
ATale of Two Regulatory Regimes: Creation and Analysis of a Bilingual Privacy Policy Corpus
This paper introduces the MAPP Corpus, the first bilingual privacy policy corpus designed to analyze how privacy regulations, such as the EU’s GDPR and California’s CCPA/CPRA, influence data practices across different languages and jurisdictions. By examining English and German versions of privacy policies, the research highlights significant disparities in disclosures, offering insights into the regulatory impact on data-sharing practices and consumer protections. The annotated corpus and machine-learning classifiers developed in this study enable large-scale automated analysis of privacy policies, facilitating a better understanding of privacy protections across regions. This work provides a robust resource for further research in privacy policy analysis and computational law.
Legal Accountability as Software Quality: A U.S. Data Processing Perspective
This paper presents the concept of "Legal Accountability" as a core software quality, arguing that compliance with law should be integrated directly into the software development lifecycle, rather than being treated as a separate oversight activity. By emphasizing qualities like traceability, completeness, validity, auditability, and continuity, the authors outline a framework that requires collaboration between legal experts and software engineers to embed legal compliance into software design. This work offers a transformative approach to software accountability, making it a key reference for anyone interested in bridging legal and technical disciplines in data processing, software engineering, and regulatory compliance.
Towards a network theory of regulatory burden
Our system is plagued by regulatory issues—from excessive overlap to fragmented oversight—that stifle efficiency, innovation, and economic growth. Without a coordinated approach to manage these complexities, meaningful progress remains out of reach. This paper introduces a network-based framework that pinpoints the roots of regulatory burden, offering a pathway to reduce redundancy by fostering inter-agency collaboration. Through this novel perspective, the authors provide essential insights for reshaping policy structures to enhance coherence and effectiveness in federal regulation.
Crumbling Cookie Categories: Deconstructing Common Cookie Categories to Create Categories that People Understand
As the complexity of cookie consent interfaces grows, users struggle to understand and manage their data preferences due to unclear cookie category labels. This paper investigates whether common cookie categories—like "performance" or "functional" cookies—effectively convey their purposes to users. Through a four-part study, the authors identify alternative terms that improve user comprehension and sentiment toward cookie consent interfaces. Their findings suggest replacing terms like "performance" with "anonymous analytics" and "functional" with "extra functionality" to better align with user expectations. This research highlights practical steps toward enhancing the usability of consent interfaces, benefiting both users and regulatory compliance efforts.