NSF Award
2217678
Software systems are deeply integrated in society. Alongside their many benefits, however, the use of personal data by these systems carries risks to the people and organizations that use them. Legal and technical data protection measures developed over the last few decades to curb these risks have evolved in diverging ways. This makes it hard to reason about whether the collection, analysis, and sharing of personal data in such systems complies with legal privacy standards. It also makes regulators’ jobs harder when technical measures are not well-understood outside of the communities that develop them. To bridge this gap, the project will develop ways to integrate technical and legal approaches to privacy in the design of such sociotechnical software systems. Through bringing together this expertise, the project team will develop accountability frameworks based on legally- and mathematically-sound principles, increasing our ability to develop systems that provide both legal compliance and meaningful protection of people’s data. <br/><br/>The project will develop new methods for translating and co-developing technical and legal concepts that map well onto each other. One main approach will be to establish technical interpretations of legal concepts that can be incorporated in the design, analysis, and verification of accountable systems. Another is to develop paradigms for translating concepts from the technical study of privacy in ways that promote their understanding and adoption in legal analysis and policymaking. The third is methods for the development of new “hybrid” concepts that are simultaneously definable and evaluable by legal and technical experts. The project team will use this work to develop a practical legal-technological toolkit for designing robust accountable formal software systems and regulations, and although the initial work will be instantiated primarily around privacy regulations, the toolkit of methods will be designed to support similar alignment and translation in other domains where regulation meets software.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
