← CHI 2026 map

CHI '26 · Honorable mention · full-paper review · confidence medium-high

Do We Need Subsidiarity in Software?

Louisa Conwill , Megan Levis Scheirer , Walter Scheirer

DOI PDF Program page Page JSON

This is a thoughtful normative reframing of software privacy/control through subsidiarity, and the empirical component is appropriately bounded. The contribution is strongest as a field-level argument and design lens, not as a universal measurement of privacy harm across software.

Axes Lens

Rare contribution shape, typical evidence profile. The point here is not a score. It is to show what kind of claim the paper makes, and whether the evidence pattern is unusual or baseline in this 268 -review set.

Review Summary

The paper’s main value is conceptual: it imports subsidiarity from social organization into HCI as a way to judge software control by whether authority is exercised at the lowest necessary level. That is a meaningful departure from the more familiar CHI vocabulary of consent, settings, transparency, and data minimization, because it asks a different normative question about where control should reside in the first place. The abstract explicitly frames the lens as “not previously explored,” and the paper’s own summary suggests the contribution is not merely a new label but a way to reason about the tradeoff between user autonomy and convenience-driven surrender to large platforms. Empirically, the paper does not overreach into claiming a universal law. Instead, it uses a mixed-method approach—data flow monitoring plus user interviews—to compare the control levels of selected everyday technologies with what users think is necessary. That makes the validation useful but bounded: the evidence supports a design and policy argument, not a comprehensive taxonomy of all software. The limitations matter materially. Encrypted packets prevented inspection of contents, so the authors could not determine whether observed transfers were sensitive user data. They also note that chat-app findings may change if other apps were included, and the interview sample is drawn from a university population in the US Midwest. Taken together, this reads as a solid honorable-mention style contribution: intellectually distinctive, methodologically careful enough for its scope, and best understood as a normative framework with illustrative empirical grounding rather than a definitive measurement study. The paper is especially persuasive when it turns from abstract principle to concrete design implications: chat applications should not surprise users with hidden collection, search engines can be differentiated by control level, and community governance may be a more realistic intermediate than a simple user-versus-platform binary. That said, the paper’s own method makes clear that its control taxonomy is an approximation, so readers should treat the results as a structured argument about privacy governance rather than a final empirical ranking of all software.

What Changed

Canon before

Prior CHI privacy and control work typically frames user control as consent, settings, transparency, or data minimization; this paper instead re-frames software control through subsidiarity, a social-organizational principle about lowest-necessary authority.

Departure from common sense

The paper argues that software control should be judged by subsidiarity—control at the lowest possible level and only as high as necessary—rather than only by conventional privacy or consent framings. That is a nonstandard normative lens for everyday software design and data governance, and it shifts the question from merely whether users can opt out to where authority should sit by default.

Actual novelty

The paper’s novelty is the introduction of subsidiarity as a field-level normative lens for software privacy and control, paired with a mixed-method empirical probe that compares observed data flows against user judgments about the lowest necessary level of control across everyday software categories. It is not just a rebranding of privacy concerns; it operationalizes a moral principle into a comparative analysis of operating systems, browsers, email, search, social media, and chat, then uses the mismatch to motivate design implications and a community-level governance discussion.

Evidence

The paper combines network/data-flow monitoring with user interviews to compare how everyday technologies currently operate and how much control users think is necessary. The empirical scope is intentionally bounded to selected operating systems, browsers, and web applications, and the authors explicitly note that encrypted traffic limits packet inspection and that the interview sample comes from a university-based participant pool. Those constraints make the evidence strong for the paper’s scoped argument but not for universal claims about all software or all users.

Limits

Method limits

Encrypted packets prevented inspection of contents, so observed transfers could not be confirmed as sensitive user data. The study also relies on a bounded set of technologies and interview participants rather than a broad population sample, and the authors acknowledge that their network method cannot definitively separate user-, community-, and platform-level control in all cases.

Deployment limits

Findings are most directly applicable to the specific everyday technologies studied and to design discussions about privacy/control tradeoffs; they do not by themselves establish universal rules for all software categories or all user populations. The strongest deployment implication is for chat, search, and community-governed software contexts where the paper’s subsidiarity framing can guide product and policy choices.

Boundary conditions

Results are conditioned by the selected applications, operating systems, and participant pool. The paper itself notes that chat-app conclusions may shift if other apps such as Signal or Telegram were included, and that the interview sample comes from a university population in the US Midwest. The authors also emphasize that community-level control was not directly observed in the network traces, so that level is inferred mainly from interviews and discussion rather than measured directly.

Manual check: none

Position in field

This is a CHI paper that imports a moral/social principle into software privacy analysis, positioning itself as a conceptual reframing plus a bounded empirical probe rather than a purely technical measurement study. Its field contribution is strongest as a normative lens for HCI and privacy design, with the empirical work serving to show where the lens reveals mismatches between user expectations and platform behavior.

Abstract

Subsidiarity is a principle of social organization that promotes human dignity and resists over-centralization by balancing personal autonomy with intervention from higher authorities only when necessary. Thus it is a relevant, but not previously explored, critical lens for discerning the tradeoffs between complete user control of software and surrendering control to “big tech” for convenience, as is common in surveillance capitalism. Our study explores data privacy through the lens of subsidiarity: we employ a multi-method approach of data flow monitoring and user interviews to determine the level of control different everyday technologies currently operate at, and the level of control everyday computer users think is necessary. We found that chat platforms like Slack and Discord violate subsidiarity the most. Our work provides insight into when users are willing to surrender privacy for convenience and demonstrates how subsidiarity can inform designs that promote human flourishing.