Automatically identifying relations in privacy policies

Stamey, John; Rossi, Ryan A.

doi:10.1145/1621995.1622041

Cited by 19 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rule-based extraction techniques have been proposed to extract some of a website's data collection practices from its privacy policy (Costante et al, 2013) or to answer certain binary questions about a privacy policy (Zimmeck and Bellovin, 2014). Other approaches leverage topic mod-eling (Chundi and Subramaniam, 2014;Stamey and Rossi, 2009) or sequence alignment techniques to analyze privacy policies or identify similar policy sections and paragraphs. However, the complexity and vagueness of privacy policies makes it difficult to automatically extract complex data practices from privacy policies without substantial gold standard data.…”

Section: Related Workmentioning

confidence: 99%

The Creation and Analysis of a Website Privacy Policy Corpus

Wilson¹,

Schaub

Dara

et al. 2016

Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)

211

149

View full text Add to dashboard Cite

Website privacy policies are often ignored by Internet users, because these documents tend to be long and difficult to understand. However, the significance of privacy policies greatly exceeds the attention paid to them: these documents are binding legal agreements between website operators and their users, and their opaqueness is a challenge not only to Internet users but also to policy regulators. One proposed alternative to the status quo is to automate or semi-automate the extraction of salient details from privacy policy text, using a combination of crowdsourcing, natural language processing, and machine learning. However, there has been a relative dearth of datasets appropriate for identifying data practices in privacy policies. To remedy this problem, we introduce a corpus of 115 privacy policies (267K words) with manual annotations for 23K fine-grained data practices. We describe the process of using skilled annotators and a purpose-built annotation tool to produce the data. We provide findings based on a census of the annotations and show results toward automating the annotation procedure. Finally, we describe challenges and opportunities for the research community to use this corpus to advance research in both privacy and language technologies.

show abstract

Section: Related Workmentioning

confidence: 99%

The Creation and Analysis of a Website Privacy Policy Corpus

Wilson¹,

Schaub

Dara

et al. 2016

Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)

211

149

View full text Add to dashboard Cite

show abstract

“…Stamey et al used latent semantic analysis to analyze e-commerce privacy policies to identify the important privacy sections and ranked the significant words for the identified sections [40]. The authors analyzed the sematic relations between words in the policies and identified ambiguity in text.…”

Section: Chapter 2 Content Analysis Of Privacy Policiesmentioning

confidence: 99%

A Semantic-based Approach to Reduce the Reading Time of Privacy Policies

Kaur¹

2022

2022 19th Annual International Conference on Privacy, Security &Amp; Trust (PST)

View full text Add to dashboard Cite

Privacy policy is a legal document in which the users are informed about the data practices used by the organizations. Past research indicates that the privacy policies are long and hard to understand. They are also known to have incomplete content. Users are not inclined to read the policy as they have to read long policies to find information about data practices of an organization. The solution that we are proposing in this research is to assist users with finding relevant content to their queries using semantic approach. This thesis presents the development of domain ontology for privacy policies. Natural Language Processing was used to understand the content of the policies and capture vocabulary for the ontology. This vocabulary was further used to build the ontology so that the ontology highlights relevant sentences related to a privacy concern. We validated and evaluated the ontology using different methods: competency questions, data driven, metric based and user evaluation. Results from the evaluation of ontology show that the amount of text to read is significantly reduced as the users have to only read selected text that ranged from 1% to 30% of a privacy policy. The amount of text depended on the query and its associated keywords. This signifies that the time required to read a policy is significantly reduced as the ontology directs user to the right content for a query. This finding was also confirmed by the results of the user study session. The results from the user study session indicated that the users found ontology helpful in finding relevant selected sentences to read as compared to reading the entire policy.iii ACKNOWLEDGEMENT First, I would like to express my gratitude to my advisor Dr. Rozita Dara for her constant support and advice throughout my research. Her vast knowledge, guidance and patience has helped me get through my masters. Next, I would like to thank my coadvisor Dr. Charlie Obimbo for his inputs and continuous support during my research. His encouragement and generous advice has helped me throughout my masters.Additionally, I would like to thank Dhiren Audich for providing the dataset of privacy policies and Curtis Rasmussen for providing the data set with the user concerns. I would also like to thank the participants who took their time to participate in the user study session. Also, I am forever grateful to my parents and my brother for their love, support and encouragement. This would have not been possible without their help. Lastly, I would like to thank my friends and extended family who have helped me during my study in Canada.

show abstract

“…Their analysis addresses six binary questions (e.g., whether a policy provides for limited retention or allows ad tracking), reaching F 1 scores between 0.6 and 1. Other approaches have applied topic modeling to privacy policies (Chundi and Subramaniam 2014;Stamey and Rossi 2009) and have automatically grouped related sections and paragraphs of privacy policies . introduce an unsupervised model for the automatic alignment of privacy policies and show that hidden Markov models are more effective than clustering and topic models.…”

Section: Related Workmentioning

confidence: 99%

Analyzing Privacy Policies at Scale

et al. 2018

View full text Add to dashboard Cite

Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have the time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Some recent efforts have aimed to use a combination of crowdsourcing, machine learning, and natural language processing to interpret privacy policies at scale, thus producing annotations for use in interfaces that inform Internet users of salient policy details. However, little attention has been devoted to studying the accuracy of crowdsourced privacy policy annotations, how crowdworker productivity can be enhanced for such a task, and the levels of granularity that are feasible for automatic analysis of privacy policies. In this article, we present a trajectory of work addressing each of these topics. We include analyses of crowdworker performance, evaluation of a method to make a privacy-policy oriented task easier for crowdworkers, a coarse-grained approach to labeling segments of policy text with descriptive themes, and a fine-grained approach to identifying user choices described in policy text. Together, the results from these efforts show the effectiveness of using automated and semi-automated methods for extracting from privacy policies the data practice details that are salient to Internet users’ interests.

show abstract

Automatically identifying relations in privacy policies

Cited by 19 publications

References 9 publications

The Creation and Analysis of a Website Privacy Policy Corpus

The Creation and Analysis of a Website Privacy Policy Corpus

A Semantic-based Approach to Reduce the Reading Time of Privacy Policies

Analyzing Privacy Policies at Scale

Contact Info

Product

Resources

About