Problem Summary

The complexity of privacy policies often makes it difficult for users to understand data practices and their implications. Traditional privacy policies are usually lengthy, dense, and filled with legal jargon, leading to a lack of user engagement and comprehension.

Rationale

The rationale is that improving the clarity and comprehension of privacy policies for users by simplifying and structuring these policies can help users understand the information more easily, make informed decisions, and reduce the cognitive burden associated with lengthy and complex policies.

Solution

The automation or development of tools that improve the querying and readability of privacy policies, enhancing users' understanding, clarity, and awareness. These tools primarily focus on annotating privacy policies to facilitate subsequent processing. Given the complexity of automating this annotation process, they employ natural language processing (NLP) and machine learning (ML) techniques for automation. The OPP-115 dataset is predominantly utilised for training the proposed models in the supporting research presented below.

Harkous et al. [1] proposed Polisis, a scalable tool for privacy policy analysis that breaks privacy policies into segments and annotates each for detailed data practices. This allows for both high-level and fine-grained queries. Polisis consists of three layers: (a) Application Layer - provides information queried by users; (b) Data Layer - responsible for scraping the policy webpage, extracting, and segmenting the privacy policy; and (c) Machine Learning Layer - utilises word embeddings and neural networks for text classification, trained on the OPP-115 dataset to detect fine-grained labels of privacy policy segments. The prototype browser extensions for Chrome and Firefox and the prototype webpage (https://pribot.org/) are no longer operational.

Brunotte et al. [2] proposed the Online Privacy Policy eXplainer (PriX), a web browser extension designed to help users understand privacy policies through visual explanations. PriX performs three key functions: checking if a website has a privacy policy, analysing the privacy policy, and providing visual explanations to enhance user comprehension. The tool uses trained classifiers (Naive Bayes and Random Forest) to identify data categories and present them with corresponding privacy icons, facilitating better understanding. The classifiers were trained on the OPP-115.

Shayegh and Ghanavati [3] proposed a method for extracting notice and choice statements from privacy policies. Privacy policies are annotated with five key labels: #D (definition), #A (action), #F (fact), #NR (non-relevant), and #CR (cross-references). Actions are further detailed with sub-annotations such as #Collect, #Purpose, #Shared, #Permit, and #Information. These annotations are used to create graphs from the annotated action sections, establishing connections between different tags. The graphs are then transformed into concise notices and choices regarding data practices. This method aims to generate short, understandable notices and choices, improving the readability and usability of privacy policies for users, particularly in IoT devices.

Alabduljabbar et al. [4] developed TLDR, a segment-highlighting tool that condenses essential segments in privacy policies related to specific privacy practices. TLDR employs machine learning and deep learning models to extract privacy and data collection practices. The process involves segment preprocessing, extracting deep features from text representation techniques, and using an ensemble of classifiers for multi-label classification. The classifiers were trained using the OPP-115 dataset to detect fine-grained labels of privacy policy segments. Although the work does not include screenshots of the segments' presentation, it provides detailed performance metrics for the classifiers and machine learning algorithms used in TLDR's construction.

Windl et al. [5] developed PrivacyInjector, a web browser extension for Google Chrome and Firefox, designed to enhance user privacy awareness by providing contextual privacy policy information. PrivacyInjector operates in five steps: identifying the URL of the site's privacy policy, segmenting and annotating the policy, recognising relevant contexts, and displaying annotated segments as icon bubbles on the webpage. The tool uses domain-specific word embeddings created from unlabelled data and trains text classifiers using convolutional neural networks (CNNs). The segment classification process involves preprocessing, extracting deep features from text representation techniques, and utilising an ensemble of classifiers for multi-label classification. PrivacyInjector leverages the MAPS Policies Dataset to form a corpus of privacy-related words and uses fastText for training word embeddings. The contextual privacy policy (CPP) design includes collaboration with design experts, resulting in concise information displayed in sidebars with draggable bubbles appearing in relevant website areas. The extension's client and server-side components are available on GitHub, allowing for further research and development. The PrivacyInjector authors have also made the trained classifiers available in the repository https://github.com/Maxikilliane/polisis-classifiers, which uses results from the work of Harkous et al. [1].

Chang et al. [6] propose a system that builds a user privacy concern profile using crowdsourced data and interviews. These profiles are grouped using hierarchical clustering to create a system that matches new users to a profile cluster. The system employs Convolutional Neural Networks (CNN) and Random Forest models to analyse privacy policies, considering the user's privacy concern profile and related GDPR items. The OPP-115 dataset is used for training and privacy categories, achieving a precision of 0.94 for privacy category classification and an accuracy of 0.81 for policy segment extraction. Although the paper does not provide a link to the new privacy concern profiles dataset or screenshots of the implemented Android app, it demonstrates the system's effectiveness in improving user privacy awareness.

Pontes, Zorzo and Mello [7] developed PPMark, a prototype tool designed to process privacy policies written in natural language and extract information about data collection and usage, presenting this information in a label format similar to nutrition facts. PPMark aims to make privacy policies more understandable by displaying key data collection practices in a user-friendly manner.

Platforms: personal computers, mobile devices

Related guidelines: Implement Visual Strategies for Effective Communication of Lengthy Privacy Policies, Incorporate Icons to Improve Privacy Policy Communication

Example

The user interface of Privacy Policy eXplainer (PriX) [2] from Wayback Machine. (See enlarged)

Generated notice example [4]. (See enlarged)

Overview of PrivacyInjector as in Windl et al. [5]. In the example, a user navigated to the homepage of Webex. PrivacyInjector identified segments related to cookies and tracking elements in the lengthy policy document (c). An information icon (a) appears on the cookie banner, and when selected, a sidebar (b) reveals the extracted info snippets. (See enlarged)

• A user study showed that visual explanations are an appropriate way to foster privacy awareness and can help users understand privacy policies [2].
• TLDR streamlines reading, slashing the average time by 39.14% through condensing information, simplifying the process by reducing paragraphs and words, and lessening the effort required to grasp the service provider's practices [4].
• PrivacyInjector effectively recognised privacy policies across various websites, earning high functionality ratings from participants and encouraging more thoughtful privacy behaviours. Users found the tool increasingly useful over time, noting that it did not disrupt their browsing experience but provided valuable information beyond the initial exploration phase, particularly during registration/login or when surprising information was revealed [5].
• A real-world study of the proposed solution showcased its effectiveness, accurately providing users with concerning content at a 0.81 accuracy rate [6].
• Extracting notice and choice statements improves the clarity and precision of privacy policy summaries [3]. Also, PPMark's label format presentation of privacy policy information is user-friendly, making complex privacy terms more understandable, and users felt it reduced the time required to read privacy policies [7].
• Polisis allows detailed queries on data practices, significantly improving users' ability to understand complex privacy policies through machine learning-driven analysis [1].

• Needs long term study to test user habituation [2][5].
• Service providers need to improve machine accessibility (machine reading) of privacy policies [6].
• Currently, it only identifies and analyses privacy policies in English, even on multi-language websites, displaying the English version in the context of any language version [5]. Only English is also the case cited in [2] and [3].
• Unusual website interactions, unclear policy URLs, mandatory user interactions, and missing policy links make it challenging to analyse and communicate policy segments systematically [5]. Additionally, the lack of a standard format in privacy policies leads to ambiguity [4]. The PPMark tool, for example, relies on structured input formats and may struggle with unstructured or poorly formatted privacy policies, limiting its effectiveness [7].
• The technological difficulty regarding explanations about privacy, in general, is to ensure that the texts continue to be legally compliant [2].
• The proposed method of annotating privacy policies is done manually, so it is necessary to build a tool to automate the steps [3]. Additionally, the performance of machine learning models in accurately classifying and annotating segments of privacy policies may vary depending on the quality and representativeness of the training data [1].

Such solutions aim to communicate personal data handling practices through privacy notices. It can also be integrated with privacy choices [8], enabling users to make immediate decisions, which researchers find more effective. Considering the design space for privacy notices [9], this guideline can be applied to the following dimensions:

Transparency [10] is the main privacy attribute since this mechanism involves the proactive distribution of information to users, promoting visually accessible communication of data handling practices, and helping users to make privacy-informed decisions. Other related privacy attributes: