A machine learning solution to assess privacy policy completeness

E. Costante; Y. Sun; M. Petkovic; J.I. Hartog, den

doi:10.1145/2381966.2381979

A machine learning solution to assess privacy policy completeness

E. Costante, Y. Sun, M. Petkovic, J.I. Hartog, den

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

73 Citations (Scopus)

Abstract

A privacy policy is a legal document, used by websites to communicate how the personal data that they collect will be managed. By accepting it, the user agrees to release his data under the conditions stated by the policy. Privacy policies should provide enough information to enable users to make informed decisions. Privacy regulations support this by specifying what kind of information has to be provided. As privacy policies can be long and dif¿cult to understand, users tend not to read them. Because of this, users generally agree with a policy without knowing what it states and whether aspects important to him are covered at all. In this paper we present a solution to assist the user by providing a structured way to browse the policy content and by automatically assessing the completeness of a policy, i.e. the degree of coverage of privacy categories important to the user. The privacy categories are extracted from privacy regulations, while text categorization and machine learning techniques are used to verify which categories are covered by a policy. The results show the feasibility of our approach; an automatic classi¿er, able to associate the right category to paragraphs of a policy with an accuracy approximating that obtainable by a human judge, can be effectively created. Keywords: privacy, privacy policy, natural language, machine learning

Original language	English
Title of host publication	Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES co-located with CCS 2012), October 15, 2012, Raleigh NC, USA
Publisher	Association for Computing Machinery, Inc
Pages	91-96
ISBN (Print)	978-1-4503-1663-7
DOIs	https://doi.org/10.1145/2381966.2381979
Publication status	Published - 2012
Event	conference; 2012 ACM Workshop on Privacy in the Electronic Society; 2012-10-15; 2012-10-15 - Duration: 15 Oct 2012 → 15 Oct 2012

Conference

Conference	conference; 2012 ACM Workshop on Privacy in the Electronic Society; 2012-10-15; 2012-10-15
Period	15/10/12 → 15/10/12
Other	2012 ACM Workshop on Privacy in the Electronic Society

Access to Document

10.1145/2381966.2381979

Cite this

Costante, E., Sun, Y., Petkovic, M., & Hartog, den, J. I. (2012). A machine learning solution to assess privacy policy completeness. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES co-located with CCS 2012), October 15, 2012, Raleigh NC, USA (pp. 91-96). Association for Computing Machinery, Inc. https://doi.org/10.1145/2381966.2381979

@inproceedings{fbf2f8c48af54079b9fb6709cd75f23e,

title = "A machine learning solution to assess privacy policy completeness",

abstract = "A privacy policy is a legal document, used by websites to communicate how the personal data that they collect will be managed. By accepting it, the user agrees to release his data under the conditions stated by the policy. Privacy policies should provide enough information to enable users to make informed decisions. Privacy regulations support this by specifying what kind of information has to be provided. As privacy policies can be long and dif¿cult to understand, users tend not to read them. Because of this, users generally agree with a policy without knowing what it states and whether aspects important to him are covered at all. In this paper we present a solution to assist the user by providing a structured way to browse the policy content and by automatically assessing the completeness of a policy, i.e. the degree of coverage of privacy categories important to the user. The privacy categories are extracted from privacy regulations, while text categorization and machine learning techniques are used to verify which categories are covered by a policy. The results show the feasibility of our approach; an automatic classi¿er, able to associate the right category to paragraphs of a policy with an accuracy approximating that obtainable by a human judge, can be effectively created. Keywords: privacy, privacy policy, natural language, machine learning",

author = "E. Costante and Y. Sun and M. Petkovic and {Hartog, den}, J.I.",

year = "2012",

doi = "10.1145/2381966.2381979",

language = "English",

isbn = "978-1-4503-1663-7",

pages = "91--96",

booktitle = "Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES co-located with CCS 2012), October 15, 2012, Raleigh NC, USA",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

note = "conference; 2012 ACM Workshop on Privacy in the Electronic Society; 2012-10-15; 2012-10-15 ; Conference date: 15-10-2012 Through 15-10-2012",

}

Costante, E, Sun, Y, Petkovic, M & Hartog, den, JI 2012, A machine learning solution to assess privacy policy completeness. in Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES co-located with CCS 2012), October 15, 2012, Raleigh NC, USA. Association for Computing Machinery, Inc, pp. 91-96, conference; 2012 ACM Workshop on Privacy in the Electronic Society; 2012-10-15; 2012-10-15, 15/10/12. https://doi.org/10.1145/2381966.2381979

A machine learning solution to assess privacy policy completeness. / Costante, E.; Sun, Y.; Petkovic, M. et al.
Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES co-located with CCS 2012), October 15, 2012, Raleigh NC, USA. Association for Computing Machinery, Inc, 2012. p. 91-96.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - A machine learning solution to assess privacy policy completeness

AU - Costante, E.

AU - Sun, Y.

AU - Petkovic, M.

AU - Hartog, den, J.I.

PY - 2012

Y1 - 2012

N2 - A privacy policy is a legal document, used by websites to communicate how the personal data that they collect will be managed. By accepting it, the user agrees to release his data under the conditions stated by the policy. Privacy policies should provide enough information to enable users to make informed decisions. Privacy regulations support this by specifying what kind of information has to be provided. As privacy policies can be long and dif¿cult to understand, users tend not to read them. Because of this, users generally agree with a policy without knowing what it states and whether aspects important to him are covered at all. In this paper we present a solution to assist the user by providing a structured way to browse the policy content and by automatically assessing the completeness of a policy, i.e. the degree of coverage of privacy categories important to the user. The privacy categories are extracted from privacy regulations, while text categorization and machine learning techniques are used to verify which categories are covered by a policy. The results show the feasibility of our approach; an automatic classi¿er, able to associate the right category to paragraphs of a policy with an accuracy approximating that obtainable by a human judge, can be effectively created. Keywords: privacy, privacy policy, natural language, machine learning

AB - A privacy policy is a legal document, used by websites to communicate how the personal data that they collect will be managed. By accepting it, the user agrees to release his data under the conditions stated by the policy. Privacy policies should provide enough information to enable users to make informed decisions. Privacy regulations support this by specifying what kind of information has to be provided. As privacy policies can be long and dif¿cult to understand, users tend not to read them. Because of this, users generally agree with a policy without knowing what it states and whether aspects important to him are covered at all. In this paper we present a solution to assist the user by providing a structured way to browse the policy content and by automatically assessing the completeness of a policy, i.e. the degree of coverage of privacy categories important to the user. The privacy categories are extracted from privacy regulations, while text categorization and machine learning techniques are used to verify which categories are covered by a policy. The results show the feasibility of our approach; an automatic classi¿er, able to associate the right category to paragraphs of a policy with an accuracy approximating that obtainable by a human judge, can be effectively created. Keywords: privacy, privacy policy, natural language, machine learning

U2 - 10.1145/2381966.2381979

DO - 10.1145/2381966.2381979

M3 - Conference contribution

SN - 978-1-4503-1663-7

SP - 91

EP - 96

BT - Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (WPES co-located with CCS 2012), October 15, 2012, Raleigh NC, USA

PB - Association for Computing Machinery, Inc

T2 - conference; 2012 ACM Workshop on Privacy in the Electronic Society; 2012-10-15; 2012-10-15

Y2 - 15 October 2012 through 15 October 2012

ER -

A machine learning solution to assess privacy policy completeness

Abstract

Conference

Access to Document

Fingerprint

Cite this