Protecting Personal Data Flow on the Internet: An NSF SaTC Frontier Project


Mission. We are very excited to launch this NSF SATC Frontier center to address the urgent need for protection of personal data flow on the Internet. We bring together a multidisciplinary team of outstanding researchers that will build fundamentals, create new technologies, and inform policy, so as to improve the transparency and control of personal data, for the coming decade.

Motivation. Personal data collection typically starts on user devices, in a range of application domains (web, mobile, IoT). Data are then shared with service providers as well as with a large number of trackers. Data can also be obtained by malicious actors and/or used for surveillance. Many useful services are enabled by the collection of this data, although increasingly at the expense of privacy, security, transparency, and fairness, for individuals and society as a whole. Increased public awareness has led to recent legislation on data protection, such as GDPR and CCPA, and policy has become a powerful tool to be used in synergy with technology.

Personal data flow over the Internet. Data can be collected by first, third and support parties, can be obtained by various adversaries, and/or can be used for surveillance. This project seeks to provide more transparency and control at various vantage points, by a combined technology-policy approach.

Intellectual Merit. This Frontier project seeks to protect personal data, by improving the transparency and control of personal data flow on the Internet. We take a multidisciplinary approach, combining methodologies from computer science and engineering (theory, network measurement, systems, security) with policy and concepts from economics. An overview of the research agenda is depicted below. We develop conceptual frameworks for personal information flow on the Internet, as well as systems for monitoring and mediation. To improve existing systems, we develop tools for measuring tracking and discrimination, and for explicitly controlling privacy-utility tradeoffs. To provide long term privacy-by-design alternatives, we design verifiable IoT architectures and seek to decentralize the advertising ecosystem and eliminate intermediaries. We use these technical frameworks to inform policy specification and to provide tools for auditing and enforcing these policies.

Broader Impact. The broader impact of the project includes: (i) informing policymakers, nonprofit advocates, and industry players through interactions with relevant stakeholders, (ii) training next-generation graduate and undergraduate students jointly in technology and policy, and (iii) broadening participation of women, underrepresented minorities, and community college students.


This Frontier project is a collaboration across four institutions (UC Irvine, Northeastern, USC, and Univ. of Iowa), 12 senior personnel, and includes international collaborators (IMDEA) and advisors. The lead institution is UC Irvine.