Analyzing Privacy Policies at Scale

Citations Over TimeTop 10% of 2018 papers

Abstract

Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have the time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Some recent efforts have aimed to use a combination of crowdsourcing, machine learning, and natural language processing to interpret privacy policies at scale, thus producing annotations for use in interfaces that inform Internet users of salient policy details. However, little attention has been devoted to studying the accuracy of crowdsourced privacy policy annotations, how crowdworker productivity can be enhanced for such a task, and the levels of granularity that are feasible for automatic analysis of privacy policies. In this article, we present a trajectory of work addressing each of these topics. We include analyses of crowdworker performance, evaluation of a method to make a privacy-policy oriented task easier for crowdworkers, a coarse-grained approach to labeling segments of policy text with descriptive themes, and a fine-grained approach to identifying user choices described in policy text. Together, the results from these efforts show the effectiveness of using automated and semi-automated methods for extracting from privacy policies the data practice details that are salient to Internet users’ interests.

Related Papers

• → Examining Internet Privacy Policies Within the Context of User Privacy Values(2005)246 cited
• → Privacy Contracts as an Extension of Privacy Policies(2005)15 cited
• → Usability Enhanced Privacy Protection System Based on Users' Responses(2007)6 cited
• Modelling of a privacy language and efficient policy-based de-identification(2019)
• Information Privacy: Issues, Concerns and Strategies(2016)