Saved in:
Bibliographic Details
Main Authors: Tang, Peng, Li, Xin, Chen, Yuxin, Qiu, Weidong, Mei, Haochen, Holmes, Allison, Li, Fenghua, Li, Shujun
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2410.04754
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917206835593216
author Tang, Peng
Li, Xin
Chen, Yuxin
Qiu, Weidong
Mei, Haochen
Holmes, Allison
Li, Fenghua
Li, Shujun
author_facet Tang, Peng
Li, Xin
Chen, Yuxin
Qiu, Weidong
Mei, Haochen
Holmes, Allison
Li, Fenghua
Li, Shujun
contents Machine learning based classifiers that take a privacy policy as the input and predict relevant concepts are useful in different applications such as (semi-)automated compliance analysis against requirements of the EU GDPR. In all past studies, such classifiers produce a concept label per segment (e.g., sentence or paragraph) and their performances were evaluated by using a dataset of labeled segments without considering the privacy policy they belong to. However, such an approach could overestimate the performance in real-world settings, where all segments in a new privacy policy are supposed to be unseen. Additionally, we also observed other research gaps, including the lack of a more complete GDPR taxonomy and the less consideration of hierarchical information in privacy policies. To fill such research gaps, we developed a more complete GDPR taxonomy, created the first corpus of labeled privacy policies with hierarchical information, and conducted the most comprehensive performance evaluation of GDPR concept classifiers for privacy policies. Our work leads to multiple novel findings, including the confirmed inappropriateness of splitting training and test sets at the segment level, the benefits of considering hierarchical information, and the limitations of the "one size fits all" approach, and the significance of testing cross-corpus generalizability.
format Preprint
id arxiv_https___arxiv_org_abs_2410_04754
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle A Comprehensive Study on GDPR-Oriented Analysis of Privacy Policies: Taxonomy, Corpus and GDPR Concept Classifiers
Tang, Peng
Li, Xin
Chen, Yuxin
Qiu, Weidong
Mei, Haochen
Holmes, Allison
Li, Fenghua
Li, Shujun
Cryptography and Security
Machine learning based classifiers that take a privacy policy as the input and predict relevant concepts are useful in different applications such as (semi-)automated compliance analysis against requirements of the EU GDPR. In all past studies, such classifiers produce a concept label per segment (e.g., sentence or paragraph) and their performances were evaluated by using a dataset of labeled segments without considering the privacy policy they belong to. However, such an approach could overestimate the performance in real-world settings, where all segments in a new privacy policy are supposed to be unseen. Additionally, we also observed other research gaps, including the lack of a more complete GDPR taxonomy and the less consideration of hierarchical information in privacy policies. To fill such research gaps, we developed a more complete GDPR taxonomy, created the first corpus of labeled privacy policies with hierarchical information, and conducted the most comprehensive performance evaluation of GDPR concept classifiers for privacy policies. Our work leads to multiple novel findings, including the confirmed inappropriateness of splitting training and test sets at the segment level, the benefits of considering hierarchical information, and the limitations of the "one size fits all" approach, and the significance of testing cross-corpus generalizability.
title A Comprehensive Study on GDPR-Oriented Analysis of Privacy Policies: Taxonomy, Corpus and GDPR Concept Classifiers
topic Cryptography and Security
url https://arxiv.org/abs/2410.04754