Articles producció científicaEnginyeria Informàtica i Matemàtiques

Automatic assessment of privacy policies under the gdpr

  • Identification data

    Identifier:  imarina:9173269
    Handlehttps://hdl.handle.net/20.500.11797/imarina9173269
    Authors:  Sánchez, D; Viejo, A; Batet, M
    Abstract:
    © 2021 by the authors. Licensee MDPI, Basel, Switzerland. To comply with the EU General Data Protection Regulation (GDPR), companies managing personal data have been forced to review their privacy policies. However, privacy policies will not solve any problems as long as users do not read or are not able to understand them. In order to assist users in both issues, we present a system that automatically assesses privacy policies. Our proposal quantifies the degree of policy compliance with respect to the data protection goals stated by the GPDR and presents clear and intuitive privacy scores to the user. In this way, users will become immediately aware of the risks associated with the services and their severity; this will empower them to take informed decisions when accepting (or not) the terms of a service. We leverage manual annotations and machine learning to train a model that automatically tags privacy policies according to their compliance (or not) with the data protection goals of the GDPR. In contrast with related works, we define clear annotation criteria consistent with the GDPR, and this enables us not only to provide aggregated scores, but also fine-grained ratings that help to understand the reasons of the assessment. The latter is aligned with the concept of explainable artificial intelligence. We have applied our method to the policies of 10 well-known internet services. Our scores are sound and consistent with the results reported in related works.

  • Others:

    Link to the original source: https://www.mdpi.com/2076-3417/11/4/1762
    APA: Sánchez, D; Viejo, A; Batet, M (2021). Automatic assessment of privacy policies under the gdpr. Applied Sciences-Basel, 11(4), 1762-11. DOI: 10.3390/app11041762
    Paper original source: Applied Sciences-Basel. 11 (4): 1762-11
    Article's DOI: 10.3390/app11041762
    Journal publication year: 2021-02-02
    Entity: Universitat Rovira i Virgili
    Paper version: info:eu-repo/semantics/publishedVersion
    Record's date: 2026-05-09
    URV's Author/s: Batet Sanromà, Montserrat / Sánchez Ruenes, David / Viejo Galicia, Luis Alexandre
    Department: Enginyeria Informàtica i Matemàtiques
    Licence document URL: https://repositori.urv.cat/ca/proteccio-de-dades/
    Publication Type: Journal Publications
    Author, as appears in the article.: Sánchez, D; Viejo, A; Batet, M
    licence for use: https://creativecommons.org/licenses/by/3.0/es/
    Thematic Areas: Process chemistry and technology, Physics, applied, Materials science, multidisciplinary, Materials science (miscellaneous), Materials science (all), Instrumentation, General materials science, General engineering, Fluid flow and transfer processes, Engineering, multidisciplinary, Engineering (miscellaneous), Engineering (all), Computer science applications, Ciências biológicas i, Ciências agrárias i, Chemistry, multidisciplinary
    Author's mail: montserrat.batet@urv.cat, montserrat.batet@urv.cat, david.sanchez@urv.cat, david.sanchez@urv.cat, alexandre.viejo@urv.cat, alexandre.viejo@urv.cat, montserrat.batet@urv.cat

  • Keywords:

    Privacy policies
    Privacy goals
    Privacy assessment
    Machine learning
    Gdpr
    Chemistry
    Multidisciplinary
    Computer Science Applications
    Engineering (Miscellaneous)
    Engineering
    Fluid Flow and Transfer Processes
    Instrumentation
    Materials Science (Miscellaneous)
    Materials Science
    Physics
    Applied
    Process Chemistry and Technology
    Materials science (all)
    General materials science
    General engineering
    Engineering (all)
    Ciências biológicas i
    Ciências agrárias i

  • Documents:

    DocumentPrincipal

  • Cerca a google

    Search to google scholar