Sebastian Zimmeck

Information Privacy & Security

Department of Mathematics and Computer Science, Wesleyan University
Science Tower 655, 265 Church Street, Middletown, CT 06459-0128


https://privacytechlab.org
https://www.wesleyan.edu/academics/faculty/szimmeck/profile.html

Work

2018+ Department of Mathematics and Computer Science, Wesleyan University
Assistant Professor of Computer Science

2016-2018 Institute for Software Research, School of Computer Science, Carnegie Mellon University
Postdoctoral Associate

2012-2016 Department of Computer Science, Columbia University
Research Assistant

2011-2013 Berkeley Center for Law & Technology, University of California
Google Research Fellow

2006–2009 Freshfields Bruckhaus Deringer LLP
Attorney at Law

Education

2012–2016 Graduate School of Arts & Sciences, Columbia University
PhD (Computer Science)
Doctoral thesis advisor: Steven M. Bellovin

2009–2011 Fu Foundation School of Engineering & Applied Science, Columbia University
MS (Computer Science)

2005–2006 Berkeley School of Law, University of California
LLM (Master of Laws)

2003–2008 University of Kiel School of Law, Germany
PhD (Law)
Doctoral thesis advisor: Andreas Hoyer

2003 University of Kiel School of Law, Germany
JD (First State Examination)

Under Review

UR02

Analyzing the Goals of US Election Ads on Social Networks
Markus Neumann, Sebastian Zimmeck, Jielu Yao, Erika Franklin Fowler, Michael Franz and Travis Nelson Ridout
Under Review at 19th International AAAI Conference on Web and Social Media (ICWSM)

UR01

From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android
Sebastian Zimmeck, Nishant Aggarwal, Zachary Liu and Konrad Kollnig
Under Review at 25th Privacy Enhancing Technologies Symposium (PETS)

Papers

https://scholar.google.com/citations?user=2YlFc5wAAAAJ&hl=en
All Peer-reviewed, Wesleyan Student, Equal Contributor, Abstract/Poster/Short Paper

P23

Website Data Transparency in the Browser
Sebastian Zimmeck, Daniel Goldelman , Owen Kaplan , Logan Brown , Justin Casler , Judeley Jean-Charles , Joe Champeau ◊ and Hamza Harkous
24th Privacy Enhancing Technologies Symposium (PETS)
Bristol, UK and Online Event, July 2024

[24 pages]

P22

Generalizable Active Privacy Choice: Designing a Graphical User Interface for Global Privacy Control
Sebastian Zimmeck, Eliza Kuller , Chunyue Ma , Bella Tassone and Joe Champeau
24th Privacy Enhancing Technologies Symposium (PETS)
Bristol, UK and Online Event, July 2024

[23 pages]

P21

Usability and Enforceability of Global Privacy Control
Sebastian Zimmeck, Oliver Wang , Kuba Alicki , Jocelyn Wang and Sophie Eng
23rd Privacy Enhancing Technologies Symposium (PETS)
Lausanne, Switzerland and Online Event, July 2023

[17 pages]

P20

PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps
Sebastian Zimmeck, Rafael Goldstein and David Baraka
28th Network & Distributed System Security Symposium (NDSS)
Online Event, February 2021

[18 pages]

P19

Standardizing and Implementing Do Not Sell
Sebastian Zimmeck and Kuba Alicki
19th ACM Workshop on Privacy in the Electronic Society (WPES)
Online Event, November 2020

[6 pages]

P18

MAPS: Scaling Privacy Compliance Analysis to a Million Apps
Sebastian Zimmeck , Peter Story , Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell and Norman Sadeh
19th Privacy Enhancing Technologies Symposium (PETS)
Stockholm, Sweden, July 2019

[21 pages]

P17

Natural Language Processing for Mobile App Privacy Compliance
Peter Story , Sebastian Zimmeck , Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell and Norman Sadeh
AAAI 2019 Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (PAL)
Palo Alto, CA, March 2019

[9 pages]

P16

Analyzing Privacy Policies at Scale: From Crowdsourcing to Automated Annotations
Shomir Wilson, Florian Schaub, Frederick Liu, Kanthashree Mysore Sathyendra, Daniel Smullen, Sebastian Zimmeck, Rohan Ramanath, Peter Story, Fei Liu, Norman Sadeh and Noah A. Smith
ACM Transactions on the Web (TWEB), August 2018

[27 pages]

P15

Which Apps have Privacy Policies?
Peter Story, Sebastian Zimmeck and Norman Sadeh
6th Annual Privacy Forum (APF)
Barcelona, Spain, June 2018
Also Published at:
Tech Report, CMU-ISR-18-100
Pittsburgh, PA, June 2018

[22 pages]

P14

Identifying the Provision of Choices in Privacy Policy Text
Kanthashree Mysore Sathyendra, Shomir Wilson, Florian Schaub, Sebastian Zimmeck and Norman Sadeh
Conference on Empirical Methods in Natural Language Processing (EMNLP)
Copenhagen, Denmark, September 2017

[6 pages]

P13

A Privacy Analysis of Cross-device Tracking
Sebastian Zimmeck, Jie S. Li, Hyungtae Kim, Steven M. Bellovin and Tony Jebara
26th USENIX Security Symposium (USENIX Security)
Vancouver, Canada, August 2017

[19 pages]

P12

Mobile App Privacy Compliance: Automated Technology to Help Regulators, App Stores and Developers
Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin and Joel Reidenberg
13th Symposium on Usable Privacy and Security (SOUPS)
Santa Clara, CA, July 2017

[4 pages]

P11

Automated Analysis of Privacy Requirements for Mobile Apps
Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin and Joel Reidenberg
24th Network & Distributed System Security Symposium (NDSS)
San Diego, CA, February 2017
Also Published at:
AAAI 2016 Fall Symposium on Privacy and Language Technologies (PLT)
Arlington, VA, November 2016

[15 pages]

P10

The Creation and Analysis of a Website Privacy Policy Corpus
Shomir Wilson, Florian Schaub, Aswarth Abhilash Dara, Frederick Liu, Sushain Cherivirala, Pedro Giovanni Leon, Mads Schaarup Andersen, Sebastian Zimmeck, Kanthashree Mysore Sathyendra, N. Cameron Russell, Thomas B. Norton, Eduard Hovy, Joel Reidenberg and Norman Sadeh
54th Annual Meeting of the Association for Computational Linguistics (ACL)
Berlin, Germany, August 2016

[11 pages]

P09

Demystifying Privacy Policies with Language Technologies: Progress and Challenges
Shomir Wilson, Florian Schaub, Aswarth Dara, Sushain K. Cherivirala, Sebastian Zimmeck, Mads Schaarup Andersen, Pedro Giovanni Leon, Eduard Hovy and Norman Sadeh
LREC 1st Workshop on Text Analytics for Cybersecurity and Online Safety 2016 (TA-COS)
Portorož, Slovenia, May 2016

[6 pages]

P08

“I don’t have a photograph, but you can have my footprints.” – Revealing the Demographics of Location Data
Chris Riederer, Sebastian Zimmeck, Coralie Phanord, Augustin Chaintreau and Steven M. Bellovin
3rd ACM Conference on Online Social Networks (COSN)
Palo Alto, CA, November 2015
Also Published at:
9th International AAAI Conference on Web and Social Media (ICWSM)
Palo Alto, CA, July 2015

[11 pages]

P07

Privee: An Architecture for Automatically Analyzing Web Privacy Policies
Sebastian Zimmeck and Steven M. Bellovin
23rd USENIX Security Symposium (USENIX Security)
San Diego, CA, August 2014

[17 pages]

P06

When Enough is Enough: Location Tracking, Mosaic Theory, and Machine Learning
Steven M. Bellovin, Renée M. Hutchins, Tony Jebara and Sebastian Zimmeck
8 N.Y.U. J.L. Liberty, 556 (2014)

[74 pages]

P05

The Information Privacy Law of Web Applications and Cloud Computing
Sebastian Zimmeck
29 Santa Clara Computer & High Tech. L.J. 451 (2013)

[38 pages]

P04

A Game-theoretic Model for Reasonable Royalty Calculation
Sebastian Zimmeck
22 Alb. L.J. Sci. & Tech. 357 (2012)

[53 pages]

P03

Use of Functional Claim Elements for Patenting Computer Programs
Sebastian Zimmeck
12 J. High Tech. L. 168 (2011)

[63 pages]

P02

Patent Eligibility of Programming Languages and Tools
Sebastian Zimmeck
13 Tul. J. Tech. & Intell. Prop. 133 (2010)

[30 pages]

P01

Grundlagen der Nutzungsrechtsübertragung an Urheberrechtlich Geschützten Computerprogrammen durch den Lizenznehmer
Sebastian Zimmeck
1 ZGE 324 (2009)

[33 pages]

Web Posts

WP22

Coalition Letter in Support of CA A.B. 3048
With Consumer Reports, Accountable Tech, Brave Software et al.
Committee on Privacy and Consumer Protection, California Assembly
March 26, 2024

WP21

Global Privacy Control (GPC) Explainer
With Aram Zucker-Scharff and Justin Brookman
W3C Privacy Community Group
January 25, 2024

WP20

Global Privacy Control application for inclusion in Colorado’s UOOM registry
With Consumer Reports, DuckDuckGo, Robin Berjon et al.
Office of the Colorado Attorney General
November 6, 2023

WP19

Op-ed: We need a federal privacy law. Here’s why.
Hartford Courant
May 21, 2023

WP18

Global Privacy Control (GPC) Draft W3C Specification
With Peter Snyder, Justin Brookman and Aram Zucker-Scharff
W3C Privacy Community Group
April 20, 2023

WP17

Pre-Rulemaking Considerations for the Colorado Privacy Act, Part 2
Office of the Colorado Attorney General
January 7, 2023

WP16

How to Implement Global Privacy Control (GPC) for Publishers
With Aram Zucker-Scharff
Global Privacy Control
September 14, 2022

WP15

Comment on the Proposed Regulations under the California Consumer Privacy Act of 2020
California Privacy Protection Agency
August 21, 2022

WP14

Pre-Rulemaking Considerations for the Colorado Privacy Act
Office of the Colorado Attorney General
July 4, 2022

WP13

Improving Internet Privacy with Global Privacy Control (GPC)
5th NSF Secure and Trustworthy Cyberspace Principal Investigator Meeting (2022 SaTC PI Meeting), Arlington, VA
June 1-2, 2022

WP12

The Data Rights Protocol: Threading Privacy Rights into the Internet
MIT Computational Law Report
January 18, 2022

WP11

Data Rights Protocol and Global Privacy Control
Consumer Reports Digital Lab Blog
January 13, 2022

WP10

Comment on the Proposed Rulemaking under the California Consumer Privacy Act of 2020 (Proceeding No. 01-21)
California Privacy Protection Agency
November 8, 2021

WP09

Opting Out May Not Prevent Websites From Collecting Your Data
Medium
July 17, 2021

WP08

Protect Your Online Privacy with Global Privacy Control (GPC)
Medium
October 24, 2020

WP07

The Privacy of COVID-19 Apps - Reopening Alphaville
The Startup (Medium)
May 18, 2020

WP06

The CCPA is here! Now what?
Dev.to and The Startup (Medium)
January 8, 2020

WP05

Compliance Traceability: Privacy Policies as Software Development Artifacts
With Peter Story, Rafael Goldstein, David Baraka et al.
Open Day for Privacy, Usability, and Transparency (PUT), Stockholm, Sweden
July 15, 2019

WP04

How Mobile App Permissions (Don’t) Protect Privacy
The Startup (Medium)
June 6, 2019

WP03

Social Debt: Why Software Developers Should Think Beyond Tech
Medium
January 20, 2019

WP02

Towards Automatic Classification of Privacy Policy Text
With Frederik Liu, Shomir Wilson, Peter Story, et al.
Tech Report, CMU-ISR-17-118R, CMU-LTI-17-010, Pittsburgh, PA
June 2018

WP01

The Galaxy Nexus: Still Around After All These Years
Medium
May 27, 2018

Doctoral Theses

DT02

Using Machine Learning to Improve Internet Privacy
Sebastian Zimmeck
Columbia University Academic Commons
New York, NY, March 2017

[183 pages]

DT01

Die Reichweite des Lebensrechts im technologischen Zeitalter
Sebastian Zimmeck
Nomos, Kieler Rechtswissenschaftliche Abhandlungen (NF) 57
Baden-Baden, 2009

[244 pages]

Talks

T48 From Sci-Fi to Reality: Demystifying AI

T47 Privacy Enhancing Technologies and Design Analysis

T46 Colorado Attorney General GPC Fireside Chat

T45 Global Privacy Control: Current Challenges and Future Plans

T44 AI 101: The Myths, the Legends, and the Everyday

T43 Leveraging Global Privacy Control to Honor Do Not Sell and Share Requests

T42 Usability and Enforceability of Global Privacy Control

T41 Birds of a Feather Session: Privacy Preference Signals

T40 Global Privacy Control: Opting out from Web Tracking with One Click

T39 TikTok goes to Washington

T38 Privacy through Cryptography: Some Good News

T37 Privacy Preference Signals and Global Privacy Control

T36 How we work @ privacytechlab.org

T35 Privacy Pioneer: Automating the Creation of Privacy Labels for Websites

T34 Global Privacy Control: CCPA Enforcement of GPC Opt-Out Signals

T33 Improving Internet Privacy with Global Privacy Control (GPC)

T32 Comments on Global Privacy Control (GPC)

T31 Emerging State Privacy Laws: Are They Working for Consumers and Businesses?

T30 Cryptography for Cryptocurrencies: The Technologies Behind the Blockchain

T29 Data Rights Summit

T28 Deep Fakes in the Age of Misinformation

T27 ADPC & GPC - User Privacy Signals, Consent Management, and Data-Driven Everything

T26 Global Opt Out, Right to Cure, Extending Rights to Data that has been Collected or Inferred

T25 A Primer on Global Privacy Control (GPC)

T24 Privacy Law & Innovation Collide: Global Privacy Consent

T23 Standardizing and Implementing Do Not Sell

T22 “Getting Hacked is Contagious” - National Cybersecurity Awareness Month

T21 Data Privacy & Contact Tracing

T20 Feature Discussion Series on Privacy for iOS with iOS YouTuber Brian Advent

T19 PrivacyFlash Pro: Generating Privacy Policies from App Code

T18 Developing Privacy Policies for iOS Apps

T17 Cryptography Essentials

T16 What Are You Consenting To? A Panel on Data Privacy and Consent

T15 Mobile App Tracking: Technologies and Privacy Challenges

T14 Transparency & Notice: Third Parties and Cross-Device Ad Targeting in the Context of the CCPA

T13 On Big Data

T12 MAPS: Scaling Privacy Compliance Analysis to a Million Apps

T11 Compliance Traceability: Privacy Policies as Software Development Artifacts (Lightning Talk)

T10 Alternative Data

T09 Social Debt: Why Software Developers Need to Go Beyond Tech

T08 A Random Walk Down Silicon Alley

T07 A Privacy Analysis of Cross-device Tracking

T06 Mobile App Privacy Compliance: Automated Technology to Help Regulators, App Stores and Developers

T05 Automated Privacy Requirement Analysis for Mobile Apps

T04 Privacy Implications of Machine Learning

T03 Privee: An Architecture for Automatically Analyzing Web Privacy Policies

T02 Leveraging Technology to Improve Notice and Choice

T01 When Enough is Enough: Location Tracking, the Fourth Amendment, and Machine Learning

Research Team

S24+ 32. Francisca Wijaya ‘27
F23+ 31. Nate Levinson ‘25
F23+ 30. Matt May ‘25
F23+ 29. Zachary Liu ‘26
F23+ 28. Dominik Dadak ‘26
F23+ 27. Aleks Jacewicz ‘25
S23+ 26. Nishant Aggarwal ‘26
S23 25. Candace Walker ‘26
S23+ 24. Harry Yu ‘25
S23 23. Wesley Tan ‘26
F22+ 22. Kate Hausladen BA/MA ‘24
S22-F23 21. Judeley Jean-Charles ‘24
S22+ 20. Joe Champeau ‘24
S22-F23 19. Jocelyn Wang ‘24
S22-F23 18. Justin Casler ‘24
S22+ 17. Sophie Eng ‘25
S21+ 16. Oliver Wang ‘24
S21–S22 15. Chunyue Ma ‘22
S21–F21 14. Stanley Markman ‘23,
S21 13. Kiryl Beliauski, ‘23
S21–S23 12. Logan Brown ‘23
S21+ 11. Daniel Goldelman BA/MA ‘24
S21+ 10. Bella Tassone BA/MA ‘25
S21–S23 09. Eliza Kuller ‘23
F20–S22 08. Owen Kaplan ‘22
F20 07. Abdallah Salia ‘22
F20–S21 06. Daniel Knopf ‘22
S20–S22 05. Kuba Alicki ‘22
S20 04. Phil Kaelbling ‘22
F19 03. Sarah Jin ‘21
S19–S21 02. David Baraka ‘21
F18-S21 01. Rafael Goldstein ‘21

Awards

A13 Google Cloud Research Credits Award - $5,000
Google
2024-2025

A12 Grants in Support of Scholarship (GISOS) - $25,976
Wesleyan University
2023-2024

A11 Collaborative Research: EAGER: Cross-platform Election Advertising Transparency Initiative - $260,201
With Erika Franklin-Fowler
National Science Foundation
2022–2024

A10 Google Research Scholar Award - $60,000
Google
2022–2024

A09 Design, Development, and Testing of a Generalizable Active Privacy Choice Mechanism - $34.856
Alfred P. Sloan Foundation
2021–2023

A08 SaTC: CORE: Small: Improving Internet Privacy with Global Privacy Control - $265,614
National Science Foundation
2020–2024

A07 Anil Fernando Grant - $6,500
Anil Fernando Endowment, Wesleyan University
2019-2023

A06 Allbritton Grant for Support of a Faculty Study Group - $1,000
With Abigail Hornstein and Karl Boulware
Allbritton Center for the Study of Public Life, Wesleyan University
2018

A05 Research Grant - $5,000
Comcast
2015

A04 Community Service Award
Computer Science Department, Columbia University
2014

A03 Graduate Research Assistant Fellowship
Computer Science Department, Columbia University
2012–2016

A02 Research Fellowship
Google and University of California Berkeley, Berkeley Center for Law & Technology
2011-2013

A01 Student Fellowship
University of California Berkeley and German Academic Exchange Service (DAAD)
2005–2006

Thesis Advisor

TA05 Investigating the Current State of CCPA Compliance on the Internet
Kate Hausladen BA/MA ‘24
Spring 2024

TA04 Global Adaptation of Privacy Pioneer: Recommendations for Conducting Cross-Regional Web Privacy Studies
Daniel Goldelman BA/MA ‘24
Spring 2024

TA03 Privacy Choice Mechanisms and the Online Advertising Ecosystem: Can Generalizable Active Privacy Choices and Online Advertising Coexist?
Eliza Kuller ‘23
Spring 2023

TA02 Privacy Pioneer: Creating an Automated Data-Privacy UI for Web Browsers
Owen Kaplan ‘22
Spring 2022

TA01 Don’t Sell Our Data: Exploring CCPA Compliance via Automated Privacy Signal Detection
Kuba Alicki ‘22
Spring 2022

Thesis Reader

TR03 A Comparative Study on Analyses of Browser Fingerprinting
Timothy Stephenson ‘23
Spring 2023

TR02 Fairness & Social Influence Maximization
Schuyler Sloman ‘22
Spring 2022

TR01 All My Friends Are Fake: A Node-By-Node Approach to Social Network Classification
Isaac Jacobs ‘20
Spring 2020

Teaching

TE04 COMP 334: Information Security and Privacy
Spring 2023, Spring 2020, Fall 2018
This course explores principles and practical applications of computer security and privacy. Some of the topics covered include static and dynamic code analysis, secure authentication, privacy enhancing technologies, usable privacy and security, and web tracking. It will also touch upon theoretical areas, such as basic cryptographic concepts as well as differential privacy. The course has the objective to provide students with the conceptual knowledge and technical skills to identify and resolve privacy and security issues in the design, development, and evaluation of information systems.

TE03 COMP 333: Software Engineering
Fall 2023, Spring 2022, Spring 2021
Software engineering is the application of engineering principles to the software development process. Eliciting requirements from stakeholders, designing the architecture of a program, performing usability studies, and testing a codebase are some of the aspects that elevate program development to software engineering. Focusing on web and mobile apps, students in this course will gain expertise in state-of-the-art frontend, backend, and mobile technologies, as well as related tooling. We will also cover the collaborative organization of software projects, software licensing, software business models, and ethical considerations for professional software engineers.

TE02 COMP 114: How to Talk to Machines
Spring 2024, Fall 2022, Fall 2020, Fall 2019, Spring 2019
How do we tell robots and computers how to do what they do? Getting a handle on this question is the goal of this course. Since telling a device how to do something depends a lot on what that device can do, along the way we will learn a bit about what is “in the box.” We will start with the kind of programming one might use to instruct a robot how to interact with the world around it. That will lead us to the Turing machine, a beautiful mathematical model of a computer. We will adapt that model to something that is closer to how most computer systems today are designed. We will end with an introduction to high-level programming, learning the fundamentals of programming in a language such as Python or Java. The goal of the course is to understand not just programming, but how computers are designed, and how those designs are reflected in the way we program them.

TE01 COMP 4xx/5xx: Advanced Information Security and Privacy Research Seminar
Spring 2024, Fall 2023, Spring 2023, Fall 2022, Spring 2022, Fall 2021, Spring 2021, Fall 2020, Spring 2020, Fall 2019, Spring 2019, Fall 2018
In this research seminar students will work together on a research project that is advancing knowledge in information security and privacy. During their work they will not only gain experience in security and privacy, but in web and mobile app engineering as well. Students will also have the opportunity to co-author a paper to be submitted at a top-tier academic security and privacy venue.

Review Service

2024 Communications of the ACM (CACM)
2022 NSF Review Panel Computer Science and Engineering (October) (CISE)
2022 NSF Review Panel Computer Science and Engineering (April/May) (CISE)
2022 NSF Review Panel and Ad Hoc Review Computer Science and Engineering (CISE)
2021 NSF Review Panel Computer Science and Engineering (CISE)
2019 AAAI 2019 Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (PAL)
2018 International World Wide Web Conference (WWW)
2016 Privacy Enhancing Technologies Symposium (PETS)
2015 ACM Transactions on Information and System Security (TISSEC)
2013 IEEE Security & Privacy (S&P)
2013 20th ACM Conference on Computer and Communications Security (CCS)
2013 1st ACM Conference on Online Social Networks (COSN)

Wesleyan Service

F23-S24 Admissions Liaison for Division III
F23-S24 AI Speaker Series Co-organizer
F23 Generative AI Faculty Ambassador
S23 Shasha Seminar for Human Concerns “A Roadmap for Internet Privacy” Organizer
F22-S23 Mathematics & Computer Science Faculty Search Committee Co-chair
F22+ Mathematics & Computer Science Website Coordinator
S22+ Computer Science Undergraduate Club Code_Wes Liaison
F19-S21 Computer Science Advisory Committee (CADCOM) Co-chair
F18+ Computer Science Lecture Series Organizer
F18-S20 Security Advisory Group Member
F18-S20 Library Committee and Science Library Faculty Committee Chair
F18-S20 Financial Economics Faculty Study Group Co-chair

Associations

2021+ Fellow in Applied Computational Data Analysis
Wesleyan University

2021-2022 Data Rights Protocol Technical Advisors Board Member
Consumer Reports

2020+ Global Privacy Control Group Co-chair and Founder
Global Privacy Control Group

2020+ Privacy Community Group Member
World Wide Web Consortium (W3C)

2019-2021 Governance Research in Artificial Intelligence Leadership (GRAIL) Network Member
Center for Democracy and Technology and R Street Institute

2010+ The State Bar of California Member
Inactive Status


Last updated: --- Privacy Policy --- PGP Public Key --- Theme by Eliseo Papa