Mining Privacy Goals from Privacy Policies Using Hybridized Task Recomposition

Bhatia, Jaspreet; Breaux, Travis D.; Schaub, Florian

doi:10.1145/2907942

Cited by 41 publications

(22 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Semantically-labeled privacy policies constitute an important resource for privacy analysts and regulators, but scaling the process of annotating natural language privacy policies accordingly can be challenging. As part of the efforts in the UPP project, we investigate the potential of crowdsourcing privacy policy analysis from non-experts, in combination with machine learning, in order to enable semi-or fully automated extraction of data practices and their attributes from privacy policy documents [3,5,48]. These efforts show promise for scaling up our analysis, which would enable further expansion of PrivOnto's knowledge base.…”

Section: Discussion and Future Workmentioning

confidence: 99%

PrivOnto: A semantic framework for the analysis of privacy policies

Oltramari

Piraviperumal

Schaub

et al. 2018

Self Cite

View full text Add to dashboard Cite

Privacy policies are intended to inform users about the collection and use of their data by websites, mobile apps and other services or appliances they interact with. This also includes informing users about any choices they might have regarding such data practices. However, few users read these often long privacy policies; and those who do have difficulty understanding them, because they are written in convoluted and ambiguous language. A promising approach to help overcome this situation revolves around semi-automatically annotating policies, using combinations of crowdsourcing, machine learning and natural language processing. In this article, we introduce PrivOnto, a semantic framework to represent annotated privacy policies. PrivOnto relies on an ontology developed to represent issues identified as critical to users and/or legal experts. PrivOnto has been used to analyze a corpus of over 23,000 annotated data practices, extracted from 115 privacy policies of US-based companies. We introduce a collection of 57 SPARQL queries to extract information from the PrivOnto knowledge base, with the dual objective of (1) answering privacy questions of interest to users and (2) supporting researchers and regulators in the analysis of privacy policies at scale. We present an interactive online tool using PrivOnto to help users explore our corpus of 23,000 annotated data practices. Finally, we outline future research and open challenges in using semantic technologies for privacy policy analysis.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

PrivOnto: A semantic framework for the analysis of privacy policies

Oltramari

Piraviperumal

Schaub

et al. 2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…Breaux and Schaub report that they could reduce manual extraction cost by up to 60% for some policies while preserving task accuracy, and for some policies increase accuracy by 16%, based on their ways of task decomposition. They continue using crowdsourcing, combined with NLP techniques, to extract privacy goals [4]. Reidenberg et al [36] investigate how privacy policies are perceived by expert, knowledgeable, and typical users, and did not find significant differences among them.…”

Section: Background and Related Workmentioning

confidence: 99%

Çorba: crowdsourcing to obtain requirements from regulations and breaches

et al. 2019

View full text Add to dashboard Cite

show abstract

“…In relation to legal requirements specifically, Bhatia et al [9], [39] and Evans et al [40] apply constituency and dependency parsing for analyzing privacy policies. These threads of work have provided us with useful inspiration.…”

Section: Constituency and Dependency Parsing In Rementioning

confidence: 99%

“…Within the limits and according to the provisions stated in this article, the municipal authorities may, in whole or in part, temporarily or permanently, regulate or prohibit traffic on the public roads of the territory of the municipality, provided that these municipal regulations concern the traffic on the municipal roads as well as on the national roads situated inside the municipality's agglomerations. requirements [1], [7], [8], [9], and transitioning from legal texts to formal specifications [10] or models [3], [8], [11]. In this paper, we concern ourselves with semantic legal metadata.…”

Section: Introductionmentioning

confidence: 99%

Automated Extraction of Semantic Legal Metadata using Natural Language Processing

Sleimi

Sannier

Sabetzadeh

et al. 2018

2018 IEEE 26th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Context] Semantic legal metadata provides information that helps with understanding and interpreting the meaning of legal provisions. Such metadata is important for the systematic analysis of legal requirements.[Objectives] Our work is motivated by two observations: (1) The existing requirements engineering (RE) literature does not provide a harmonized view on the semantic metadata types that are useful for legal requirements analysis.(2) Automated support for the extraction of semantic legal metadata is scarce, and further does not exploit the full potential of natural language processing (NLP). Our objective is to take steps toward addressing these limitations.[Methods] We review and reconcile the semantic legal metadata types proposed in RE. Subsequently, we conduct a qualitative study aimed at investigating how the identified metadata types can be extracted automatically.[Results and Conclusions] We propose (1) a harmonized conceptual model for the semantic metadata types pertinent to legal requirements analysis, and (2) automated extraction rules for these metadata types based on NLP. We evaluate the extraction rules through a case study. Our results indicate that the rules generate metadata annotations with high accuracy.

show abstract

Mining Privacy Goals from Privacy Policies Using Hybridized Task Recomposition

Cited by 41 publications

References 32 publications

PrivOnto: A semantic framework for the analysis of privacy policies

PrivOnto: A semantic framework for the analysis of privacy policies

Çorba: crowdsourcing to obtain requirements from regulations and breaches

Automated Extraction of Semantic Legal Metadata using Natural Language Processing

Contact Info

Product

Resources

About