TY - JOUR
T1 - Analyzing privacy policies at scale
T2 - From crowdsourcing to automated annotations
AU - Wilson, Shomir
AU - Schaub, Florian
AU - Liu, Frederick
AU - Sathyendra, Kanthashree Mysore
AU - Smullen, Daniel
AU - Zimmeck, Sebastian
AU - Ramanath, Rohan
AU - Story, Peter
AU - Liu, Fei
AU - Sadeh, Norman
AU - Smith, Noah A.
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/12
Y1 - 2018/12
N2 - Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have the time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Some recent efforts have aimed to use a combination of crowdsourcing, machine learning, and natural language processing to interpret privacy policies at scale, thus producing annotations for use in interfaces that inform Internet users of salient policy details. However, little attention has been devoted to studying the accuracy of crowdsourced privacy policy annotations, how crowdworker productivity can be enhanced for such a task, and the levels of granularity that are feasible for automatic analysis of privacy policies. In this article, we present a trajectory of work addressing each of these topics. We include analyses of crowdworker performance, evaluation of a method to make a privacy-policy oriented task easier for crowdworkers, a coarse-grained approach to labeling segments of policy text with descriptive themes, and a fine-grained approach to identifying user choices described in policy text. Together, the results from these efforts show the effectiveness of using automated and semi-automated methods for extracting from privacy policies the data practice details that are salient to Internet users' interests. 2018 Copyright is held by the owner/author(s).
AB - Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have the time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Some recent efforts have aimed to use a combination of crowdsourcing, machine learning, and natural language processing to interpret privacy policies at scale, thus producing annotations for use in interfaces that inform Internet users of salient policy details. However, little attention has been devoted to studying the accuracy of crowdsourced privacy policy annotations, how crowdworker productivity can be enhanced for such a task, and the levels of granularity that are feasible for automatic analysis of privacy policies. In this article, we present a trajectory of work addressing each of these topics. We include analyses of crowdworker performance, evaluation of a method to make a privacy-policy oriented task easier for crowdworkers, a coarse-grained approach to labeling segments of policy text with descriptive themes, and a fine-grained approach to identifying user choices described in policy text. Together, the results from these efforts show the effectiveness of using automated and semi-automated methods for extracting from privacy policies the data practice details that are salient to Internet users' interests. 2018 Copyright is held by the owner/author(s).
UR - http://www.scopus.com/inward/record.url?scp=85058278785&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85058278785&partnerID=8YFLogxK
U2 - 10.1145/3230665
DO - 10.1145/3230665
M3 - Article
AN - SCOPUS:85058278785
SN - 1559-1131
VL - 13
JO - ACM Transactions on the Web
JF - ACM Transactions on the Web
IS - 1
M1 - 1
ER -