Sebastian Zimmeck

Information Privacy & Security

Department of Mathematics and Computer Science, Wesleyan University
Science Tower 655, 265 Church Street, Middletown, CT 06459-0128


2018+ Department of Mathematics and Computer Science, Wesleyan University
Assistant Professor of Computer Science

2016-2018 Institute for Software Research, School of Computer Science, Carnegie Mellon University
Postdoctoral Associate

2012-2016 Department of Computer Science, Columbia University
Research Assistant

2011-2013 Berkeley Center for Law & Technology, University of California
Google Research Fellow

2006–2009 Freshfields Bruckhaus Deringer LLP
Attorney at Law


2012–2016 Graduate School of Arts & Sciences, Columbia University
PhD (Computer Science)
Doctoral thesis advisor: Steven M. Bellovin

2009–2011 Fu Foundation School of Engineering & Applied Science, Columbia University
MS (Computer Science)

2005–2006 Berkeley School of Law, University of California
LLM (Master of Laws)

2003–2008 University of Kiel School of Law, Germany
PhD (Law)
Doctoral thesis advisor: Andreas Hoyer

2003 University of Kiel School of Law, Germany
JD (First State Examination)

* Peer-reviewed, Wesleyan Student, Equal Contributor, Abstract/Poster/Short Paper


Generalizable Active Privacy Choice: Designing a Graphical User Interface for Global Privacy Control *
Sebastian Zimmeck, Eliza Kuller , Chunyue Ma , Bella Tassone and Joe Champeau
24th Privacy Enhancing Technologies Symposium (PETS)
Bristol, UK and Online Event, July 2024

[23 pages]


Usability and Enforceability of Global Privacy Control *
Sebastian Zimmeck, Oliver Wang , Kuba Alicki , Jocelyn Wang and Sophie Eng
23rd Privacy Enhancing Technologies Symposium (PETS)
Lausanne, Switzerland and Online Event, July 2023

[17 pages]


Improving Internet Privacy with Global Privacy Control (GPC)
Sebastian Zimmeck
5th NSF Secure and Trustworthy Cyberspace Principal Investigator Meeting (2022 SaTC PI Meeting)
Arlington, Virginia, USA, June 2022

[1 page]


PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps *
Sebastian Zimmeck, Rafael Goldstein and David Baraka
28th Network & Distributed System Security Symposium (NDSS)
Online Event, February 2021
(Also presented at iOSoho - New York City’s largest iOS Engineer Meetup)

[18 pages]


Standardizing and Implementing Do Not Sell *
Sebastian Zimmeck and Kuba Alicki
19th ACM Workshop on Privacy in the Electronic Society (WPES)
Online Event, November 2020

[6 pages]


Compliance Traceability: Privacy Policies as Software Development Artifacts
Sebastian Zimmeck, Peter Story, Rafael Goldstein , David Baraka , Shaoyan Li, Yuanyuan Feng and Norman Sadeh
Open Day for Privacy, Usability, and Transparency (PUT)
Stockholm, Sweden, July 2019

[2 pages]


MAPS: Scaling Privacy Compliance Analysis to a Million Apps *
Sebastian Zimmeck , Peter Story , Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell and Norman Sadeh
19th Privacy Enhancing Technologies Symposium (PETS)
Stockholm, Sweden, July 2019
(Also presented at NESD 2019)

[21 pages]


Natural Language Processing for Mobile App Privacy Compliance *
Peter Story , Sebastian Zimmeck , Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell and Norman Sadeh
AAAI 2019 Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (PAL)
Palo Alto, CA, USA, March 2019

[9 pages]


Analyzing Privacy Policies at Scale: From Crowdsourcing to Automated Annotations
Shomir Wilson, Florian Schaub, Frederick Liu, Kanthashree Mysore Sathyendra, Daniel Smullen, Sebastian Zimmeck, Rohan Ramanath, Peter Story, Fei Liu, Norman Sadeh and Noah A. Smith
ACM Transactions on the Web (TWEB), August 2018

[27 pages]


Which Apps have Privacy Policies? *
Peter Story, Sebastian Zimmeck and Norman Sadeh
6th Annual Privacy Forum (APF)
Barcelona, Spain, June 2018
(Also presented at PrivacyCon 2018 and published as Tech Report, CMU-ISR-18-100)

[22 pages]


Towards Automatic Classification of Privacy Policy Text
Frederik Liu, Shomir Wilson, Peter Story, Sebastian Zimmeck and Norman Sadeh
Tech Report, CMU-ISR-17-118R, CMU-LTI-17-010
Pittsburgh, PA, USA, June 2018

[11 pages]


Identifying the Provision of Choices in Privacy Policy Text *
Kanthashree Mysore Sathyendra, Shomir Wilson, Florian Schaub, Sebastian Zimmeck and Norman Sadeh
Conference on Empirical Methods in Natural Language Processing (EMNLP)
Copenhagen, Denmark, September 2017

[6 pages]


A Privacy Analysis of Cross-device Tracking *
Sebastian Zimmeck, Jie S. Li, Hyungtae Kim, Steven M. Bellovin and Tony Jebara
26th USENIX Security Symposium (USENIX Security)
Vancouver, BC, CA, August 2017

[19 pages]


Using Machine Learning to Improve Internet Privacy
Sebastian Zimmeck
Columbia University Academic Commons
New York, NY, USA, March 2017

[183 pages]


Automated Analysis of Privacy Requirements for Mobile Apps *
Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin and Joel Reidenberg
24th Network & Distributed System Security Symposium (NDSS)
San Diego, CA, USA, February 2017
(Also presented at SOUPS 2017, PrivacyCon 2017, and PLT 2016)

[15 pages]


The Creation and Analysis of a Website Privacy Policy Corpus *
Shomir Wilson, Florian Schaub, Aswarth Abhilash Dara, Frederick Liu, Sushain Cherivirala, Pedro Giovanni Leon, Mads Schaarup Andersen, Sebastian Zimmeck, Kanthashree Mysore Sathyendra, N. Cameron Russell, Thomas B. Norton, Eduard Hovy, Joel Reidenberg and Norman Sadeh
54th Annual Meeting of the Association for Computational Linguistics (ACL)
Berlin, Germany, August 2016

[11 pages]


Demystifying Privacy Policies with Language Technologies: Progress and Challenges *
Shomir Wilson, Florian Schaub, Aswarth Dara, Sushain K. Cherivirala, Sebastian Zimmeck, Mads Schaarup Andersen, Pedro Giovanni Leon, Eduard Hovy and Norman Sadeh
LREC 1st Workshop on Text Analytics for Cybersecurity and Online Safety 2016 (TA-COS)
Portorož, Slovenia, May 2016

[6 pages]


“I don’t have a photograph, but you can have my footprints.” – Revealing the Demographics of Location Data *
Chris Riederer, Sebastian Zimmeck, Coralie Phanord, Augustin Chaintreau and Steven M. Bellovin
3rd ACM Conference on Online Social Networks (COSN)
Palo Alto, CA, USA, November 2015
(Also presented at ICWSM 2015, PLSC 2015, NetMob 2015, and COSN 2014)

[11 pages]


Privee: An Architecture for Automatically Analyzing Web Privacy Policies *
Sebastian Zimmeck and Steven M. Bellovin
23rd USENIX Security Symposium (USENIX Security)
San Diego, CA, USA, August 2014
(Also presented at PLSC 2014 and FoPNaC 2014)

[17 pages]


When Enough is Enough: Location Tracking, Mosaic Theory, and Machine Learning *
Steven M. Bellovin, Renée M. Hutchins, Tony Jebara and Sebastian Zimmeck
8 N.Y.U. J.L. Liberty, 556 (2014)
(Also presented at PLSC 2013)

[74 pages]


The Information Privacy Law of Web Applications and Cloud Computing *
Sebastian Zimmeck
29 Santa Clara Computer & High Tech. L.J. 451 (2013)

[38 pages]


A Game-theoretic Model for Reasonable Royalty Calculation *
Sebastian Zimmeck
22 Alb. L.J. Sci. & Tech. 357 (2012)

[53 pages]


Use of Functional Claim Elements for Patenting Computer Programs *
Sebastian Zimmeck
12 J. High Tech. L. 168 (2011)

[63 pages]


Patent Eligibility of Programming Languages and Tools *
Sebastian Zimmeck
13 Tul. J. Tech. & Intell. Prop. 133 (2010)

[30 pages]


Grundlagen der Nutzungsrechtsübertragung an Urheberrechtlich Geschützten Computerprogrammen durch den Lizenznehmer *
Sebastian Zimmeck
1 ZGE 324 (2009)

[33 pages]

Web Posts


Op-ed: We need a federal privacy law. Here’s why.
Hartford Courant
May 21, 2023


Global Privacy Control (GPC) Draft W3C Specification (with Peter Snyder, Justin Brookman, Aram Zucker-Scharff)
W3C Privacy Community Group
April 20, 2023


Pre-Rulemaking Considerations for the Colorado Privacy Act, Part 2
Office of the Colorado Attorney General
January 7, 2023


How to Implement Global Privacy Control (GPC) for Publishers (with Aram Zucker-Scharff)
Global Privacy Control Official Site
September 14, 2022


Comment on the Proposed Regulations under the California Consumer Privacy Act of 2020
California Privacy Protection Agency
August 21, 2022


Pre-Rulemaking Considerations for the Colorado Privacy Act
Office of the Colorado Attorney General
July 4, 2022


The Data Rights Protocol: Threading Privacy Rights into the Internet
MIT Computational Law Report
January 18, 2022


Data Rights Protocol and Global Privacy Control
Consumer Reports Digital Lab Blog
January 13, 2022


Comment on the Proposed Rulemaking under the California Consumer Privacy Act of 2020 (Proceeding No. 01-21)
California Privacy Protection Agency
November 8, 2021


Opting Out May Not Prevent Websites From Collecting Your Data
July 17, 2021


Protect Your Online Privacy with Global Privacy Control (GPC)
October 24, 2020


The Privacy of COVID-19 Apps – Reopening Alphaville
The Startup (Medium)
May 18, 2020


The CCPA is here! Now what? and The Startup (Medium)
January 8, 2020


How Mobile App Permissions (Don’t) Protect Privacy
The Startup (Medium)
June 6, 2019


Social Debt: Why Software Developers Should Think Beyond Tech
January 20, 2019


The Galaxy Nexus: Still Around After All These Years
May 27, 2018


T38 Global Privacy Control: Current Challenges and Future Plans

T37 An Introduction to Generative AI and its Privacy Implications

T36 Leveraging Global Privacy Control to Honor Do Not Sell and Share Requests

T35 Usability and Enforceability of Global Privacy Control

T34 Birds of a Feather Session: Privacy Preference Signals

T33 Global Privacy Control: Opting out from Web Tracking with One Click

T32 TikTok goes to Washington

T31 Privacy through Cryptography: Some Good News

T30 Privacy Preference Signals and Global Privacy Control

T29 How we work @

T28 Privacy Pioneer: Automating the Creation of Privacy Labels for Websites

T27 Emerging State Privacy Laws: Are They Working for Consumers and Businesses?

T26 Cryptography for Cryptocurrencies: The Technologies Behind the Blockchain

T25 Data Rights Summit

T24 Shasha Seminar: “Deep Fakes in the Age of Misinformation”

T23 Global Privacy Control (GPC)

T22 Standardizing and Implementing Do Not Sell

T21 “Getting Hacked is Contagious” – National Cybersecurity Awareness Month

T20 Data Privacy & Contact Tracing

T19 Feature Discussion Series on Privacy for iOS with iOS YouTuber Brian Advent

T18 PrivacyFlash Pro: Generating Privacy Policies from App Code

T17 Developing Privacy Policies for iOS Apps

T16 Cryptography Essentials

T15 What Are You Consenting To? A Panel on Data Privacy and Consent

T14 Mobile App Tracking: Technologies and Privacy Challenges

T13 Transparency & Notice: Third Parties and Cross-Device Ad Targeting in the Context of the CCPA

T12 On Big Data

T11 Compliance Traceability: Privacy Policies as Software Development Artifacts (Lightning Talk)

T10 Alternative Data

T09 MAPS: Scaling Privacy Compliance Analysis to a Million Apps

T08 Social Debt: Why Software Developers Need to Go Beyond Tech

T07 A Random Walk Down Silicon Alley

T06 A Privacy Analysis of Cross-device Tracking

T05 Automated Privacy Requirement Analysis for Mobile Apps

T04 Privacy Implications of Machine Learning

T03 Privee: An Architecture for Automatically Analyzing Web Privacy Policies

T02 Leveraging Technology to Improve Notice and Choice

T01 When Enough is Enough: Location Tracking, the Fourth Amendment, and Machine Learning

Research Team

F23+ 28. Zachary Liu ‘26
F23+ 27. Aleks Jacewicz ‘25
S23+ 26. Nishant Aggarwal ‘26
S23 25. Candace Walker ‘26
S23+ 24. Harry Yu ‘25
S23 23. Wesley Tan ‘26
F22+ 22. Kate Hausladen BA/MA ‘24
S22+ 21. Judeley Jean-Charles ‘24
S22+ 20. Joe Champeau ‘24
S22+ 19. Jocelyn Wang ‘24
S22-F23 18. Justin Casler ‘24
S22+ 17. Sophie Eng ‘25
S21+ 16. Oliver Wang ‘24
S21–S22 15. Chunyue Ma ‘22
S21–F21 14. Stanley Markman ‘23,
S21 13. Kiryl Beliauski, ‘23
S21–S23 12. Logan Brown ‘23
S21+ 11. Daniel Goldelman BA/Ma ‘24
S21+ 10. Bella Tassone ‘24
S21–S23 09. Eliza Kuller ‘23
F20–S22 08. Owen Kaplan ‘22
F20 07. Abdallah Salia ‘22
F20–S21 06. Daniel Knopf ‘22
S20–S22 05. Kuba Alicki ‘22
S20 04. Phil Kaelbling ‘22
F19 03. Sarah Jin ‘21
S19–S21 02. David Baraka ‘21
F18-S21 01. Rafael Goldstein ‘21

Awards & Grants

A&G12 Wesleyan University Grants (GISOS and Mathematics and Computer Science Department)
2023 ($17K)

A&G11 Collaborative Research: EAGER: Cross-platform Election Advertising Transparency Initiative ($260K)
With Erika Franklin-Fowler
2022–2024, National Science Foundation

A&G10 Google Research Scholar Award ($60K)
2022–2024, Google

A&G09 Design, Development, and Testing of a Generalizable Active Privacy Choice Mechanism ($34.9K)
2021–2023, Alfred P. Sloan Foundation

A&G08 SaTC: CORE: Small: Improving Internet Privacy with Global Privacy Control ($266K)
2020–2024, National Science Foundation

A&G07 Anil Fernando Grant
2023 ($1,750), 2022 ($1,500), 2021 ($950), 2020 ($1,400), 2019 ($900)

A&G06 Allbritton Grant for Support of a Faculty Study Group ($1K)
With Abigail Hornstein and Karl Boulware
2018, Allbritton Center for the Study of Public Life, Wesleyan University

A&G05 Research Grant ($5K)
2015, Comcast

A&G04 Community Service Award
2014, Computer Science Department, Columbia University

A&G03 Graduate Research Assistant Fellowship
2012–2016, Computer Science Department, Columbia University

A&G02 Research Fellowship
2011-2013, Google/Berkeley Center for Law & Technology

A&G01 Student Fellowship
2005 – 2006, German Academic Exchange Service

Thesis Advisor

TA3 Privacy Choice Mechanisms and the Online Advertising Ecosystem: Can Generalizable Active Privacy Choices and Online Advertising Coexist?
Eliza Kuller ‘23
Spring 2023

TA2 Privacy Pioneer: Creating an Automated Data-Privacy UI for Web Browsers
Owen Kaplan ‘22
Spring 2022

TA1 Don’t Sell Our Data: Exploring CCPA Compliance via Automated Privacy Signal Detection
Kuba Alicki ‘22
Spring 2022

Thesis Reader

TR3 A Comparative Study on Analyses of Browser Fingerprinting
Timothy Stephenson ‘23
Spring 2023

TR2 Fairness & Social Influence Maximization
Schuyler Sloman ‘22
Spring 2022

TR1 All My Friends Are Fake: A Node-By-Node Approach to Social Network Classification
Isaac Jacobs ‘20
Spring 2020


T4 COMP 333: Software Engineering
Fall 2023, Spring 2022, Spring 2021
Software engineering is the application of engineering principles to the software development process. Eliciting requirements from stakeholders, designing the architecture of a program, performing usability studies, and testing a codebase are some of the aspects that elevate program development to software engineering. Focusing on web and mobile apps, students in this course will gain expertise in state-of-the-art frontend, backend, and mobile technologies, as well as related tooling. We will also cover the collaborative organization of software projects, software licensing, software business models, and ethical considerations for professional software engineers.

T3 COMP 114: How to Talk to Machines
Spring 2024, Fall 2022, Fall 2020, Fall 2019, Spring 2019
How do we tell robots and computers how to do what they do? Getting a handle on this question is the goal of this course. Since telling a device how to do something depends a lot on what that device can do, along the way we will learn a bit about what is “in the box.” We will start with the kind of programming one might use to instruct a robot how to interact with the world around it. That will lead us to the Turing machine, a beautiful mathematical model of a computer. We will adapt that model to something that is closer to how most computer systems today are designed. We will end with an introduction to high-level programming, learning the fundamentals of programming in a language such as Python or Java. The goal of the course is to understand not just programming, but how computers are designed, and how those designs are reflected in the way we program them.

T2 COMP 360: Information Security and Privacy
Spring 2023, Spring 2020, Fall 2018
This course explores principles and practical applications of computer security and privacy. Some of the topics covered include static and dynamic code analysis, secure authentication, privacy enhancing technologies, usable privacy and security, and web tracking. It will also touch upon theoretical areas, such as basic cryptographic concepts as well as differential privacy. The course has the objective to provide students with the conceptual knowledge and technical skills to identify and resolve privacy and security issues in the design, development, and evaluation of information systems.

T1 COMP 4xx: Advanced Information Security and Privacy Research Seminar, Undergraduate
Spring 2024, Fall 2023, Spring 2023, Fall 2022, Spring 2022, Fall 2021, Spring 2021, Fall 2020, Spring 2020, Fall 2019, Spring 2019, Fall 2018
In this research seminar students will work together on a research project that is advancing knowledge in information security and privacy. During their work they will not only gain experience in security and privacy, but in web and mobile app engineering as well. Students will also have the opportunity to co-author a paper to be submitted at a top-tier academic security and privacy venue.

Academic Service

2023 Wesleyan University, A Roadmap for Internet Privacy (Shasha Seminar for Human Concerns)
2022 NSF Review Panel Computer Science and Engineering (October) (CISE)
2022 NSF Review Panel Computer Science and Engineering (April/May) (CISE)
2022 NSF Review Panel and Ad Hoc Review Computer Science and Engineering (CISE)
2021 NSF Review Panel Computer Science and Engineering (CISE)
2019 AAAI 2019 Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (PAL)
2018 International World Wide Web Conference (WWW)
2016 Privacy Enhancing Technologies Symposium (PETS)
2015 ACM Transactions on Information and System Security (TISSEC)
2013 IEEE Security & Privacy (S&P)
2013 20th ACM Conference on Computer and Communications Security (CCS)
2013 1st ACM Conference on Online Social Networks (COSN)

Community Service

F23+ Undergraduate Admission Faculty Ambassador
F23 Generative AI Faculty Ambassador
S23+ Consultant for the Connecticut Office of the Attorney General on the Connecticut Data Privacy Act
F22-S23 Mathematics & Computer Science Faculty Search Committee Co-lead
F22+ Mathematics & Computer Science Website Coordinator
S22+ Computer Science Undergraduate Club Code_Wes Liaison
F19-S21 Computer Science Advisory Committee (CADCOM)
F18+ Computer Science Lecture Series
F18+ Security Advisory Group
F18-S20 Library Committee and Science Library Faculty Committee
F18-S20 Financial Economics Faculty Study Group Co-lead


2021+ Applied Computational Data Analysis Fellow

2021+ Consumer Reports Data Rights Protocol Technical Advisors Board

2020+ Global Privacy Control Group Co-founder

2020+ W3C Privacy Community Group

2019-2021 Governance Research in Artificial Intelligence Leadership (GRAIL) Network

2010+ The State Bar of California (Inactive status)

Last updated: --- Privacy Policy --- PGP Public Key --- Theme by Eliseo Papa