Paper Info
Title
Have You been Properly Notified? Automatic Compliance Analysis of Privacy Policy Text with GDPR Article 13
Abstract
ABSTRACT With the rapid development of web and mobile applications, as well as their wide adoption in different domains, more and more personal data is provided, consciously or unconsciously, to different application providers. Privacy policy is an important medium for users to understand what personal information has been collected and used. As data privacy protection is becoming a critical social issue, there are laws and regulations being enacted in different countries and regions, and the most representative one is the EU General Data Protection Regulation (GDPR). It is thus important to detect compliance issues among regulations, e.g., GDPR, with privacy policies, and provide intuitive results for data subjects (i.e., users), data collection party (i.e., service providers) and the regulatory authorities. In this work, we target to solve the problem of compliance analysis between GDPR (Article 13) and privacy policies. We format the task into a combination of a sentence classification step and a rule-based analysis step. We manually curate a corpus of 36,610 labeled sentences from 304 privacy policies, and benchmark our corpus with several standard sentence classifiers. We also conduct a rule-based analysis to detect compliance issues and a user study to evaluate the usability of our approach. The web-based tool AutoCompliance is publicly accessible 1.
Year
DOI
Venue
2021
10.1145/3442381.3450022
International World Wide Web Conference
Keywords
DocType
Citations 
Privacy, Compliance Analysis, Natural Language Processing
Conference
0
PageRank 
References 
Authors
0.34
0
6
Name
Order
Citations
PageRank
Shuang Liu13622.95
Baiyang Zhao200.34
Renjie Guo300.68
Guozhu Meng400.34
Fan Zhang500.68
Meishan Zhang600.68