Skip to main content
SpringerLink
Log in

KnIGHT: Mapping Privacy Policies to GDPR

  • Conference paper
  • First Online:
Book cover Knowledge Engineering and Knowledge Management (EKAW 2018)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11313))

Included in the following conference series:

Abstract

Although the use of apps and online services comes with accompanying privacy policies, a majority of end-users ignore them due to their length, complexity and unappealing presentation.pite the potential risks. In light of the, now enforced EU-wide, General Data Protection Regulation (GDPR) we present an automatic technique for mapping privacy policies excerpts to relevant GDPR articles so as to support average users in understanding their usage risks and rights as a data subject. KnIGHT (Know your rIGHTs), is a tool that finds candidate sentences in a privacy policy that are potentially related to specific articles in the GDPR. The approach employs semantic text matching in order to find the most appropriate GDPR paragraph, and to the best of our knowledge is one of the first automatic attempts of its kind applied to a company’s policy. Our evaluation shows that on average between 70–90% of the tool’s automatic mappings are at least partially correct, meaning that the tool can be used to significantly guide human comprehension. Following this result, in the future we will utilize domain-specific vocabularies to perform a deeper semantic analysis and improve the results further.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.theguardian.com/technology/2015/feb/23/facebooks-privacy-policy-breaches-european-law-report-finds.

  2. 2.

    https://www.bbc.com/news/technology-41634617.

  3. 3.

    https://gdpr-info.eu/.

  4. 4.

    http://www.grctc.com/.

  5. 5.

    http://www.omg.org/.

  6. 6.

    https://www.omg.org/spec/SBVR.

  7. 7.

    https://www.omg.org/spec/EDMC-FIBO/FND/.

  8. 8.

    https://www.researchgate.net/privacy-policy.

  9. 9.

    http://www.unileverprivacypolicy.com/en_gb/policy.aspx.

  10. 10.

    https://usableprivacy.org/.

  11. 11.

    https://pribot.org/polisis.

  12. 12.

    https://s3.amazonaws.com/dl4j-distribution/GoogleNews-vectors-negative300.bin.gz.

  13. 13.

    https://gate.ac.uk/projects/neon/termraider.html.

  14. 14.

    https://www.ryanair.com/gb/en/corporate/privacy-policy.

  15. 15.

    http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1525876803065&uri=CELEX:32002L0058.

  16. 16.

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2017:0010:FIN.

  17. 17.

    Although we strived to increase the number of evaluators, it was notably hard to find legal experts that agreed to participate in this voluntary task.

References

  1. Deeplearning4j: Open-source distributed deep learning for the JVM Apache Software Foundation License 2.0 (2015). http://deeplearning4j.org/word2vec.html

  2. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005). https://doi.org/10.1109/MSP.2005.22

    Article  Google Scholar 

  3. Alzahrani, S., Salim, N., Abraham, A.: Understanding plagiarism linguistic patterns, textual features, and detection methods. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 42, 133–149 (2012)

    Article  Google Scholar 

  4. Bartolini, C., Muthuri, R.: Reconciling data protection rights and obligations: an ontology of the forthcoming EU regulation. In: Proceedings of the Workshop on Language and Semantic Technology for Legal Domain (LST4LD) (2015)

    Google Scholar 

  5. Breaux, T.D., Vail, M.W., Anton, A.I.: Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In: Proceedings of the 14th IEEE International Requirements Engineering Conference, pp. 46–55. RE 2006. IEEE Computer Society, Washington, DC (2006). https://doi.org/10.1109/RE.2006.68

  6. Cohen, J.M.: Weighted kappa: nominal scale agreement with provision for scaled disagreement or partial credit. Psychol. Bull. 70(4), 213–20 (1968)

    Article  Google Scholar 

  7. Costante, E., Sun, Y., Petković, M., den Hartog, J.: A machine learning solution to assess privacy policy completeness: (short paper). In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, pp. 91–96. WPES 2012. ACM, New York (2012). https://doi.org/10.1145/2381966.2381979

  8. Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact. 13(2), 135–178 (2006). https://doi.org/10.1145/1165734.1165735

    Article  Google Scholar 

  9. Cunningham, H., Maynard, D., Tablan, V.: JAPE: a Java Annotation Patterns Engine (Second Edition). Research Memorandum CS-00-10, Department of Computer Science, University of Sheffield (November 2000). http://www.dcs.shef.ac.uk/~diana/Papers/jape.ps

  10. Fleiss, J.L.: Measuring agreement between two judges on the presence or absence of a trait. Biometrics 31(3), 651–659 (1975). http://www.jstor.org/stable/2529549

    Article  MathSciNet  Google Scholar 

  11. Guntamukkala, N., Dara, R., Grewal, G.W.: A machine-learning based approach for measuring the completeness of online privacy policies. In: 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pp. 289–294 (2015)

    Google Scholar 

  12. Harkous, H., Fawaz, K., Lebret, R., Schaub, F., Shin, K.G., Aberer, K.: Polisis: automated analysis and presentation of privacy policies using deep learning. CoRR abs/1802.02561 (2018)

    Google Scholar 

  13. Hripcsak, G., Heitjan, D.: Measuring agreement in medical informatics reliability studies. J. Biomed. Inform. 35(2), 99–110 (2002). https://doi.org/10.1016/S1532-0464(02)00500-2

    Article  Google Scholar 

  14. Hripcsak, G., Rothschild, A.S.: Agreement, the F-Measure, and Reliability in Information Retrieval. JAMIA 12(3), 296–298 (2005). https://doi.org/10.1197/jamia.M1733

    Article  Google Scholar 

  15. Jensen, C., Potts, C., Jensen, C.: Privacy practices of internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud. 63(1–2), 203–227 (2005). https://doi.org/10.1016/j.ijhcs.2005.04.019

    Article  Google Scholar 

  16. Kenter, T., Borisov, A., de Rijke, M.: Siamese CBOW: optimizing word embeddings for sentence representations. CoRR abs/1606.04640 (2016). http://arxiv.org/abs/1606.04640

  17. Obar, J.A., Oeldorf-Hirsch, A.: The biggest lie on the internet: Ignoring the privacy policies and terms of service policies of social networking services. Inf. Commun. Soc. (2018). https://doi.org/10.1080/1369118X.2018.1486870

  18. Pandit, H.J., Lewis, D., O’Sullivan, D.: Gdprtext - gdpr as a linked data resource, January 2018. https://doi.org/10.5281/zenodo.1146351

  19. Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: ACL (2016)

    Google Scholar 

  20. Zeni, N., Kiyavitskaya, N., Mich, L., Cordy, J.R., Mylopoulos, J.: Gaiust: supporting the extraction of rights and obligations for regulatory compliance. Requir. Eng. 20(1), 1–22 (2015). https://doi.org/10.1007/s00766-013-0181-8

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Smart Data Analytics (SDA), University of Bonn, Bonn, Germany

    Najmeh Mousavi Nejad, Simon Scerri & Jens Lehmann

  2. Fraunhofer Intelligent Analysis and Information Systems (IAIS), Sankt Augustin, Germany

    Najmeh Mousavi Nejad, Simon Scerri & Jens Lehmann

Authors
  1. Najmeh Mousavi Nejad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Scerri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jens Lehmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Najmeh Mousavi Nejad .

Editor information

Editors and Affiliations

  1. Université Côte d’Azur, CNRS, Inria, I3S, Sophia Antipolis, France

    Catherine Faron Zucker

  2. Fondazione Bruno Kessler, Trento, Italy

    Chiara Ghidini

  3. University of Lorraine, CNRS, Inria, LORIA, Nancy, France

    Amedeo Napoli

  4. University of Lorraine, CNRS, Inria, LORIA, Nancy, France

    Yannick Toussaint

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mousavi Nejad, N., Scerri, S., Lehmann, J. (2018). KnIGHT: Mapping Privacy Policies to GDPR. In: Faron Zucker, C., Ghidini, C., Napoli, A., Toussaint, Y. (eds) Knowledge Engineering and Knowledge Management. EKAW 2018. Lecture Notes in Computer Science(), vol 11313. Springer, Cham. https://doi.org/10.1007/978-3-030-03667-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03667-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03666-9

  • Online ISBN: 978-3-030-03667-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation