An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR

Torre, Damiano; Abualhaija, Sallam; Sabetzadeh, Mehrdad; Briand, Lionel; Baetens, Katrien; Goes, Peter; Forastier, Sylvie

doi:10.1109/RE48521.2020.00025

Reference : An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Computational Sciences
	To cite this reference:	http://hdl.handle.net/10993/43548

Title :	An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR
Language :	English
Author, co-author :	Torre, Damiano [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Abualhaija, Sallam [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Sabetzadeh, Mehrdad [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Briand, Lionel [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Baetens, Katrien [Linklaters LLP]
	Goes, Peter [Linklaters LLP]
	Forastier, Sylvie [Linklaters LLP]
Publication date :	Sep-2020
Main document title :	in Proceedings of the 28th IEEE International Requirements Engineering Conference (RE’20)
Pages :	136-146
Peer reviewed :	Yes
On invitation :	No
Audience :	International
Event name :	The 28th IEEE International Requirements Engineering Conference (RE’20)
Event date :	from 31-08-2020 to 04-09-2020
Keywords :	[en] Legal Compliance ; Privacy Policies ; The General Data Protection Regulation (GDPR) ; Natural Language Processing (NLP) ; Machine Learning (ML) ; Case Study Research
Permalink :	http://hdl.handle.net/10993/43548
DOI :	10.1109/RE48521.2020.00025
Commentary :	Privacy policies are critical for helping individuals make informed decisions about their personal data. In Europe, privacy policies are subject to compliance with the General Data Protection Regulation (GDPR). If done entirely manually, checking whether a given privacy policy complies with GDPR is both time-consuming and error-prone. Automated support for this task is thus advantageous. At the moment, there is an evident lack of such support on the market. In this paper, we tackle an important dimension of GDPR compliance checking for privacy policies. Specifically, we provide automated support for checking whether the content of a given privacy policy is complete according to the provisions stipulated by GDPR. To do so, we present: (1) a conceptual model to characterize the information content envisaged by GDPR for privacy policies, (2) an AI-assisted approach for classifying the information content in GDPR privacy policies and subsequently checking how well the classified content meets the completeness criteria of interest; and (3) an evaluation of our approach through a case study over 24 unseen privacy policies. For classification, we leverage a combination of Natural Language Processing and supervised Machine Learning. Our experimental material is comprised of 234 real privacy policies from the fund industry. Our empirical results indicate that our approach detected 45 of the total of 47 incompleteness issues in the 24 privacy policies it was applied to. Over these policies, the approach had eight false positives. The approach thus has a precision of 85% and recall of 96% over our case study.
FnR project :	FnR ; FNR13759068 > Mehrdad Sabetzadeh > > Artificial Intelligence-enabled Automation for GDPR Compliance > 01/01/2020 > 31/12/2022 > 2020)

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR.pdf		Author postprint	367.93 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices