Reference : An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Computational Sciences
http://hdl.handle.net/10993/43548
An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR
English
Torre, Damiano mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Abualhaija, Sallam [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Sabetzadeh, Mehrdad [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Baetens, Katrien [Linklaters LLP]
Goes, Peter [Linklaters LLP]
Forastier, Sylvie [Linklaters LLP]
Sep-2020
in Proceedings of the 28th IEEE International Requirements Engineering Conference (RE’20)
136-146
Yes
No
International
The 28th IEEE International Requirements Engineering Conference (RE’20)
from 31-08-2020 to 04-09-2020
[en] Legal Compliance ; Privacy Policies ; The General Data Protection Regulation (GDPR) ; Natural Language Processing (NLP) ; Machine Learning (ML) ; Case Study Research
http://hdl.handle.net/10993/43548
Privacy policies are critical for helping individuals make informed decisions about their personal data.
In Europe, privacy policies are subject to compliance with the General Data Protection Regulation (GDPR).
If done entirely manually, checking whether a given privacy policy complies with GDPR is both time-consuming and error-prone. Automated support for this task is thus advantageous. At the moment, there is an evident lack of such support on the market.
In this paper, we tackle an important dimension of GDPR compliance checking for privacy policies. Specifically, we provide automated support for checking whether the content of a given privacy policy is complete according to the provisions stipulated by GDPR. To do so, we present: (1) a conceptual model to characterize the information content envisaged by GDPR for privacy policies, (2) an AI-assisted approach for classifying the information content in GDPR privacy policies and subsequently checking how well the classified content meets the completeness criteria of interest; and (3) an evaluation of our approach through a case study over 24 unseen privacy policies. For classification, we leverage a combination of Natural Language Processing and supervised Machine Learning. Our experimental material is comprised of 234 real privacy policies from the fund industry.
Our empirical results indicate that our approach detected 45 of the total of 47 incompleteness issues in the 24 privacy policies it was applied to. Over these policies, the approach had eight false positives. The approach thus has a precision of 85% and recall of 96% over our case study.
FnR ; FNR13759068 > Mehrdad Sabetzadeh > > Artificial Intelligence-enabled Automation for GDPR Compliance > 01/01/2020 > 31/12/2022 > 2020)

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR.pdfAuthor postprint367.93 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.