DeepAI AI Chat
Log In Sign Up

The Privacy Policy Landscape After the GDPR

by   Thomas Linden, et al.
University of Wisconsin-Madison

Every new privacy regulation brings along the question of whether it results in improving the privacy for the users or whether it creates more barriers to understanding and exercising their rights. The EU General Data Protection Regulation (GDPR) is one of the most demanding and comprehensive privacy regulations of all time. Hence, a few months after it went into effect, it is natural to study its impact over the landscape of privacy policies online. In this work, we conduct the first longitudinal, in-depth, and at-scale assessment of privacy policies before and after the GDPR. We gauge the complete consumption cycle of these policies, from the first user impressions until the compliance assessment. We create a diverse corpus of 3,086 English-language privacy policies for which we fetch the pre-GPDR and the post-GDPR versions. Via a user study with 530 participants on Amazon Mturk, we discover that the visual presentation of privacy policies has slightly improved in limited data-sensitive categories in addition to the top European websites. We also find that the readability of privacy policies suffers under the GDPR, due to almost a 30 reliance on passive sentences. We further develop a new workflow for the automated assessment of requirements in privacy policies, building on automated natural language processing techniques. We find evidence for positive changes triggered by the GDPR, with the ambiguity level, averaged over 8 metrics, improving in over 20.5 cover more data practices, particularly around data retention, user access rights, and specific audiences, and that an average of 15.2 improved across 8 compliance metrics. Our analysis, however, reveals a large gap that exists between the current status-quo and the ultimate goals of the GDPR.


Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset

Automated analysis of privacy policies has proved a fruitful research di...

Automated Detection of GDPR Disclosure Requirements in Privacy Policies using Deep Active Learning

Since GDPR came into force in May 2018, companies have worked on their d...

The Saudi Privacy Policy Dataset

This paper introduces the Saudi Privacy Policy Dataset, a diverse compil...

Code Compliance Assessment as a Learning Problem

Manual code reviews and static code analyzers are the traditional mechan...

Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA

Vagueness and ambiguity in privacy policies threaten the ability of cons...

Building cross-language corpora for human understanding of privacy policies

Making sure that users understand privacy policies that impact them is a...

Three Dimensions of Privacy Policies

Privacy policies are the main way to obtain information related to perso...