SoK: Technical Implementation and Human Impact of Internet Privacy Regulations

Growing recognition of the potential for exploitation of personal data and of the shortcomings of prior privacy regimes has led to the passage of a multitude of new online privacy regulations. Some of these laws -- notably the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) -- have been the focus of large bodies of research by the computer science community, while others have received less attention. In this work, we analyze a set of Internet privacy and data protection regulations drawn from around the world -- both those that have frequently been studied by computer scientists and those that have not -- and develop a taxonomy of rights granted and obligations imposed by these laws. We then leverage this taxonomy to systematize 270 technical research papers published in computer science venues that investigate the impact of these laws and explore how technical solutions can complement legal protections. Finally, we analyze the results in this space through an interdisciplinary lens and make recommendations for future work at the intersection of computer science and legal privacy.