PR2: Policy-Relevant Privacy Research Workshop 2025

2025 Policy-Relevant Privacy Research (PR2) Workshop

Co-located with the 25th Privacy Enhancing Technologies Symposium
Monday, July 14, 2025
Washington, DC

Thanks to everyone for making our inaugural event a great success! If you want to provide input and/or get involved next year, please fill out the post-event form and/or contact us at properdata - at - uci dot edu!

Overview

Regulators and lawmakers can only do so much to hold tech companies accountable. Enforcement agencies and the people they protect need help. One problem is that the inner workings of large organizations and complex algorithmically-driven systems remain obscure and opaque while their privacy representations are voluminous and vague. As described in a recent journal article, we argue that bringing together technologists and policy experts can help improve accountability, where academic researchers can play a larger role in privacy enforcement and policymaking. Examples of relevant opportunities include automatically surfacing a company's privacy representations and statements, measuring the actual behavior of their systems with respect to algorithms, user interfaces, and data processing, and identifying risks and harms for newly deployed technologies. To make progress toward closing the gap between academic research and policy, we need to focus on building an interdisciplinary community that incorporates myriad stakeholders in each domain, instead of one-off and unilateral efforts by each domain. This workshop is an initial effort trying to build this community to address this gap.

In this workshop, we will bring together a multi-disciplinary group of researchers trained in computer science, engineering, and law to explore how researchers can support the movement for tech accountability. We expect the discussions at the workshop to improve knowledge transfer and collaboration both from academic researchers to policy experts (e.g., via explorations of recent papers relevant to privacy research in an interactive environment) and from policy experts to academic researchers (e.g., by covering how to most effectively go public with findings, how to work with regulators, how to contribute to Unfair, Deceptive, or Abusive Acts or Practice (“UDAAP”) complaints and lawsuits, and how to take advantage of data subject rights). Through a combinations of keynote presentations, panels, and multiple interactive breakout sessions, we intend to build a community around this opportunity for interdisciplinary collaboration—one that we hope will have impact not only through more policy-relevant research being published in the PETS community, but also through more effective outcomes such as enforcement actions and law/rulemaking.

Organizers

Schedule

The workshop is organized as an in-person, one-day event focusing on discussing opportunities for collaborations between policymakers and academic researchers in the PETS community. In this initial workshop, we will focus on privacy work that is relevant to policy, e.g., work that focuses on identifying privacy risks and harms related to laws that include (but are not limited to): UDAAP, GPDR, CP(P|R)A, COPPA/HIPPA/VPPA/BIPA, FISA, FISAA, RIPA, and other legislation and rules relevant to privacy.

We will produce a workshop report that outlines initial steps to realize such a community for policy-inspired privacy research. It will include highlights of presentations, panel discus- sions, and readouts of each breakout session. It will also outline recommended next steps for continuing to grow, coordinate, and integrate this emerging interdisciplinary community.

The tentative schedule is below, and is of course subject to change.

Time	Activity
9-9:15	Overview and Logistics
9:15-10:15	Keynote Jonathan Mayer (Princeton) Policy Impact with Computer Science: Why It's Needed, How to Achieve It, and Why We Don't Abstract: As technology transforms society, there is an urgent need for computer science researchers to inform and participate in policy making. I'll explain the distinctive contributions that computer scientists can make in public policy and law, drawing on past instances of success. I'll next offer a collection of strategy recommendations for maximizing policy impact with computer science research, again drawing on real examples. In closing, I'll explain why computer science as a discipline is structurally failing to address the societal impacts of technology and suggest steps we can take to do better. Bio: Jonathan Mayer is an Associate Professor of Computer Science and Public Affairs at Princeton University. He previously served as the Chief Science and Technology Advisor and Chief AI Officer at the U.S. Department of Justice, Technology Counsel to U.S. Senator Kamala Harris, Chief Technologist of the Federal Communications Commission Enforcement Bureau, and Technology Advisor at the California Attorney General's Office.
10:15-10:30	Break
10:30-12:00	Intros / Lightning Talks
12:00-1:00	Lunch / discussions
1:00-2:00	Interactive Panel / Fireside chat: Policy/Technology collaboration Seth Frotman (UC Berkeley Center for Consumer Law and Economic Justice) Bio: Seth Frotman was until recently general counsel and senior adviser to the director at the Consumer Financial Protection Bureau (CFPB), overseeing the agency’s wide range of work, including litigation, administrative law, ethics, labor and employment, and congressional oversight. With his guidance, the CFPB successfully defended its constitutionality before the U.S. Supreme Court and launched groundbreaking initiatives on junk fees, medical debt, worker surveillance, and Big Tech in consumer finance. Jules Polonetsky (Future of Privacy Foundation) Bio: Jules Polonetsky is the CEO of the Future of Privacy Forum, a global non-profit organization that is a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Jules has led the development of numerous codes of conduct and best practices, assisted in the drafting of data protection legislation and presented expert testimony with agencies and legislatures around the world. He is an IAPP Westin Emeritus Fellow and the 2023 IAPP Leadership Award winner. Laura Edelson (Northeastern University) Bio: Laura Edelson is an Assistant Professor of Computer Science at Northeastern University. Her research focuses on the understanding the spread of harmful content on large online networks and using user data donation to understand social media algorithmic systems. She also has written about the need for transparency about social media algorithms in opinion writing for Scientific American and the New York Times. She is the co-Director of Cybersecurity for Democracy and the former Chief Technologist of the Antitrust Division and the Civil Rights Division of the Department of Justice.
2:00-2:30	Break
2:30-3:30 3:30-4:30	Breakout discussions Confirmed topics Laws/Enforcement AI Consent/Signals/Dark Patterns PETS (more to come based on interest)
4:30-5:00	Summary from breakouts and wrap up

Attend

We welcome all community members who identify either as technologists working on privacy research or policy-focused individuals. To register for the event, please use the PETS registration page.

Examples of relevant areas include:

Researchers currently doing (or planning to do) policy-relevant privacy research (e.g., many PETS attendees)
Technologists (i.e., those who are generally in CS and engineering fields)
Policy experts (e.g., faculty in relevant disciplines (including but not limited to law and CS), members of relevant think tanks)
Current and former FTC staffers, relevant staff in other US agencies (leveraging proximity to DC)
Relevant industry staff (e.g., privacy technology companies, or members of privacy units within tech companies)

Contact

For any questions about the workshop, contact David Choffnes (choffnes at ccs dot neu dot edu).