[Objective] This paper analyzes privacy policies for mobile health APPs in China with machine learning, aiming to improve the efficiency and accuracy of compliance evaluation. [Methods] First, we constructed the evaluation system for the privacy policy compliance of mobile health APPs according to relevant policies and regulations. Then, based on the hard voting classifier, we established the compliance evaluation model integrating three machine learning algorithms: CNN, RNN and LSTM. Finally, we examined our model using 1210 mobile health APPs from the Android APP market, and evaluated the compliance of their privacy policies. [Results] The overall compliance of the privacy policies for mobile health APPs was poor. There are many violations in the six evaluation criteria. The compliance scores of online medical APPs, medical service APPs, health management APPs, and medical information APPs were 0.63, 0.59, 0.61and 0.66. [Limitations] Due to the limited amount of annotated privacy policy data, the proposed model may not be able to fully learn the features of evaluation indicators. [Conclusions] This proposed model could conduct large-scale, fine-grained automatic evaluation of the compliance of APPs privacy policies. It also provides new ideas and methods for the government agencies and APP operators to improve decision making.
赵杨, 严周周, 沈棋琦, 李钟航. 基于机器学习的医疗健康APP隐私政策合规性研究*[J]. 数据分析与知识发现, 2022, 6(5): 112-126.
Zhao Yang, Yan Zhouzhou, Shen Qiqi, Li Zhonghang. Evaluating Privacy Policy for Mobile Health APPs with Machine Learning. Data Analysis and Knowledge Discovery, 2022, 6(5): 112-126.
( Wang Tianyi, Liu Aiping. Research on Privacy Protection of Medical Information in Big Data[J]. Information Technology and Network Security, 2019, 38(8): 28-32.)
( He Peiyu, Wang Xiaorui. Security Assurance Mechanism of Smart Phone Users’ Privacy Based on “Privacy Clause” of Third Party Application[J]. Information Studies: Theory & Application, 2018, 41(10): 40-46.)
( Li Yanshun. The Compliance Review and Improvement of China’s Mobile App Privacy Policy: A Text Review on 49 Cases of Privacy Policy[J]. Studies in Law and Business, 2019, 36(5): 26-39.)
( Guo Qingyue, Wu Dan. Research on Optimization of APP Privacy Policy Framework Based on Text Analysis[J]. Journal of Information Resources Management, 2021, 11(1): 18-29.)
( Liu Qiankun, Liu Haopeng, Qin Ziang, et al. Research on Users’ Privacy Protection Policy of M-Health Application Based on Content Analysis[J]. Chinese Hospitals, 2019, 23(9): 20-23.)
( Fu Shaoxiong, Zhao Anqi. Research on User Privacy Protection Policies of Health Apps——Based on Information Security Technology—Personal Information Security Specification[J]. Library Tribune, 2019, 39(12): 109-118.)
( Wang Xiwei, Xiang Mengmeng, Zhang Changliang, et al. Research on the Development Trend of Domestic and Foreign Information Privacy Under New Media Environment[J]. Library and Information Service, 2017, 61(15): 6-14.)
[9]
Rowan M, Dehlinger J. A Privacy Policy Comparison of Health and Fitness Related Mobile Applications[J]. Procedia Computer Science, 2014, 37: 348-355.
doi: 10.1016/j.procs.2014.08.051
[10]
Zapata B C, Hernández Niñirola A, Fernández-Alemán J L, et al. Assessing the Privacy Policies in Mobile Personal Health Records[C]// Proceedings of the 36th Annual International Conference of the IEEE Engineering in Medicine and Biology Society. 2014: 4956-4959.
[11]
Bachiri M, Idri A, Fernández-Alemán J L, et al. Evaluating the Privacy Policies of Mobile Personal Health Records for Pregnancy Monitoring[J]. Journal of Medical Systems, 2018, 42(8): 144.
doi: 10.1007/s10916-018-1002-x
pmid: 29959535
[12]
Powell A C, Singh P, Torous J. The Complexity of Mental Health App Privacy Policies: A Potential Barrier to Privacy[J]. JMIR MHealth and UHealth, 2018, 6(7): e158.
doi: 10.2196/mhealth.9871
[13]
Benjumea J, Ropero J, Rivera-Romero O, et al. Assessment of the Fairness of Privacy Policies of Mobile Health Apps: Scale Development and Evaluation in Cancer Apps[J]. JMIR MHealth and UHealth, 2020, 8(7): e17134.
doi: 10.2196/17134
[14]
Parker L, Halter V, Karliychuk T, et al. How Private is Your Mental Health App Data? An Empirical Study of Mental Health App Privacy Policies and Practices[J]. International Journal of Law and Psychiatry, 2019, 64: 198-204.
doi: S0160-2527(18)30268-1
pmid: 31122630
[15]
O’Loughlin K, Neary M, Adkins E C, et al. Reviewing the Data Security and Privacy Policies of Mobile Apps for Depression[J]. Internet Interventions, 2019, 15: 110-115.
doi: 10.1016/j.invent.2018.12.001
[16]
Rosenfeld L, Torous J, Vahia I V. Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies[J]. The American Journal of Geriatric Psychiatry, 2017, 25(8): 873-877.
doi: S1064-7481(17)30301-9
pmid: 28645535
[17]
Robillard J M, Feng T L, Sporn A B, et al. Availability, Readability, and Content of Privacy Policies and Terms of Agreements of Mental Health Apps[J]. Internet Interventions, 2019, 17: 100243.
doi: 10.1016/j.invent.2019.100243
[18]
Sunyaev A, Dehling T, Taylor P L, et al. Availability and Quality of Mobile Health App Privacy Policies[J]. Journal of the American Medical Informatics Association, 2014, 22(e1): e28-e33.
( Ma Chengyu, Liu Qiankun. Research on the Privacy Policy’s Evaluation and Empirical Study of Mobile Health Applications[J]. Library and Information Service, 2020, 64(7): 46-55.)
[20]
Contissa G, Docter K, Lagioia F, et al. Claudette Meets GDPR: Automating the Evaluation of Privacy Policies Using A.pngicial Intelligence[J]. SSRN Electronic Journal, 2018: 1-59.
[21]
Harkous H, Fawaz K, Lebret R, et al. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning[C]// Proceedings of the 27th USENIX Security Symposium. 2018:531-548.
( Ide.pngication Method of APP’s Illegal Collection and Use of Personal Information[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm.)
( Self-Assessment Guide of APP’s Illegal Collection and Use of Personal Information[EB/OL]. [2021-06-10]. https://pip.cybersac.cn/jbxt/privacy/detail/20190302114600934277.)
(Telecommunication Terminal Industry Forum Association. Application Software User Personal Information Collection and Usage Minimization and Necessity Evaluation Specification General Principle[EB/OL]. [2021-06-10]. http://www.taf.org.cn/StdDetail.aspx?uid=8EBE18CA-10C0-4300-B425-FDC43A9305ED&stdType=TAF.)
( Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications[EB/OL]. [2021-06-10]. http://www.cac.gov.cn/2021-03/22/c_1617990997054277.htm.)