|
|
Analyzing Compliance of Privacy Policy with Knowledge-Enhanced Deep Learning Model: From the Perspective of Integrity and Semantic Conflict |
Zhu Hou(),Luo Yingjia,Chen Menglei,Ouyang Jiaxiang,Xiao Ying,Cai Yinan |
School of Information Management, Sun Yat-Sen University, Guangzhou 510006, China |
|
|
Abstract [Objective] The paper aims to detect the compliance of privacy policies at the semantic level by integrating legal and regulatory knowledge. [Methods] We constructed a compliance evaluation index system from the integrity and semantic conflict perspective based on the Information Security Technology—Personal Information Security Specification (GB/T 35273-2020) and annotated the corpus. Then, we used the K-BERT model embedded with a knowledge graph to build an integrity evaluation model and a consistency evaluation model to detect semantic conflicts. Finally, we analyzed the compliance of app privacy policies in 15 fields with the integrity and consistency evaluation models. [Results] We constructed a Chinese privacy policy corpus that passed the Kendall's W test, and the F1 Score of the integrity and consistency evaluation models reached 0.92 and 0.87, respectively. We analyzed 1762 app privacy policies and found that policies in the fields of Audio-Video Entertainment, Purchase Comparison, Financial Planning, Sports and Health, and Automotive are better in integrity, while those in the fields of Social Communication and Purchase Comparison are more semantically compliant with legal and regulatory requirements. [Limitations] The content in hyperlinks that may appear in a few privacy policies is ignored, which may cause bias in the compliance testy of some privacy policies. [Conclusions] The proposed model achieves the goal of automated analysis of privacy policy compliance in various fields, which is significant for China in enhancing the regulatory capacity for mobile apps handling user privacy data.
|
Received: 11 May 2023
Published: 15 March 2024
|
|
Fund:Humanities and Social Science Research of the Ministry of Education(23YJC630270);Natural Science Foundation of Guangdong Province(2021A1515011805) |
Corresponding Authors:
Zhu Hou,ORCID:0000-0002-6843-9795,E-mail:zhuhou3@mail.sysu.edu.cn。
|
[1] |
李延舜. 我国移动应用软件隐私政策的合规审查及完善——基于49例隐私政策的文本考察[J]. 法商研究, 2019, 36(5): 26-39.
|
[1] |
(Li Yanshun. The Compliance Review and Improvement of China’s Mobile App Privacy Policy: A Text Review on 49 Cases of Privacy Policy[J]. Studies in Law and Business, 2019, 36(5): 26-39.)
|
[2] |
郭清玥, 吴丹. 基于文本分析的APP隐私政策框架优化研究[J]. 信息资源管理学报, 2021, 11(1): 17-29.
|
[2] |
(Guo Qingyue, Wu Dan. Research on Optimization of APP Privacy Policy Framework Based on Text Analysis[J]. Journal of Information Resources Management, 2021, 11(1): 17-29.)
|
[3] |
刘百灵, 夏惠敏, 李延晖, 等. 保健和激励双因素视角下影响移动支付意愿的实证研究[J]. 管理学报, 2017, 14(4): 600-608.
|
[3] |
(Liu Bailing, Xia Huimin, Li Yanhui, et al. An Empirical Study on User’s Mobile Payment Willingness from the Double Perspectives of Both Hygiene and Motivation[J]. Chinese Journal of Management, 2017, 14(4): 600-608.)
|
[4] |
梁晓丹, 李颖灏, 刘芳. 在线隐私政策对消费者提供个人信息意愿的影响机制研究——信息敏感度的调节作用[J]. 管理评论, 2018, 30(11): 97-107.
|
[4] |
(Liang Xiaodan, Li Yinghao, Liu Fang. The Influence Mechanism of Privacy Policies on Consumers’ Willingness to Provide Information: Based on Moderating Effects of Information Sensitivity[J]. Management Review, 2018, 30(11): 97-107.)
|
[5] |
朱侯, 张明鑫, 路永和. 社交媒体用户隐私政策阅读意愿实证研究[J]. 情报学报, 2018, 37(4): 362-371.
|
[5] |
(Zhu Hou, Zhang Mingxin, Lu Yonghe. An Empirical Study on Privacy Policy Reading Intention of Social Media Users[J]. Journal of the China Society for Scientific and Technical Information, 2018, 37(4): 362-371.)
|
[6] |
张艳丰, 邱怡. 我国移动阅读应用个人信息保护政策合规性测度研究[J]. 图书情报工作, 2021, 65(22): 35-43.
doi: 10.13266/j.issn.0252-3116.2021.22.004
|
[6] |
(Zhang Yanfeng, Qiu Yi. Research on Compliance Measurement of Personal Information Protection Policies for Mobile Reading Applications in China[J]. Library and Information Service, 2021, 65(22): 35-43.)
doi: 10.13266/j.issn.0252-3116.2021.22.004
|
[7] |
张玥, 王坚, 朱庆华. 医疗问诊APP隐私政策的认知影响因素框架模型研究——基于扎根理论方法[J]. 情报理论与实践, 2019, 42(6): 105-110.
doi: 10.16353/j.cnki.1000-7490.2019.06.019
|
[7] |
(Zhang Yue, Wang Jian, Zhu Qinghua. Research on Cognitive Influencing Factors Framework Model of Medical Interrogation APP Privacy Policy: Based on Grounded Theory[J]. Information Studies: Theory & Application, 2019, 42(6): 105-110.)
doi: 10.16353/j.cnki.1000-7490.2019.06.019
|
[8] |
张玥, 王坚, 余姝, 等. 信息表征对移动医疗APP隐私政策阅读效果的影响研究——基于认知负荷理论[J]. 图书情报工作, 2021, 65(11): 3-13.
doi: 10.13266/j.issn.0252-3116.2021.11.001
|
[8] |
(Zhang Yue, Wang Jian, Yu Shu, et al. Research on the Influence of Information Representation on Privacy Policy of M-Health APP: Based on Cognitive Load Theory[J]. Library and Information Service, 2021, 65(11): 3-13.)
doi: 10.13266/j.issn.0252-3116.2021.11.001
|
[9] |
徐磊, 郭旭. 大数据时代读者个人信息保护的实践逻辑与规范路径——以图书类App隐私政策文本为视角[J]. 图书馆建设, 2021(1): 74-83.
|
[9] |
(Xu Lei, Guo Xu. Practice Logic and Normative Path of Protecting Readers’ Personal Information in the Age of Big Data—From the Perspective of Privacy Policy of Book Apps[J]. Library Development, 2021(1): 74-83.)
|
[10] |
马骋宇, 刘乾坤. 移动健康应用程序的隐私政策评价及实证研究[J]. 图书情报工作, 2020, 64(7): 46-55.
doi: 10.13266/j.issn.0252-3116.2020.07.006
|
[10] |
(Ma Chengyu, Liu Qiankun. Research on the Privacy Policy’s Evaluation and Empirical Study of Mobile Health Applications[J]. Library and Information Service, 2020, 64(7): 46-55.)
doi: 10.13266/j.issn.0252-3116.2020.07.006
|
[11] |
石婧, 潘雅. 隐私声明评估指标体系与网络应用文本分析[J]. 现代传播(中国传媒大学学报), 2020, 42(3): 76-82.
|
[11] |
Shi Jing, Pan Ya. Evaluation Index System of Privacy Statement and Text Analysis of Network Application[J]. Modern Communication (Journal of Communication University of China), 2020, 42(3): 76-82.)
|
[12] |
朱颖. 我国移动APP隐私保护政策研究——基于96个移动应用APP的分析[J]. 暨南学报(哲学社会科学版), 2017, 39(12): 107-114.
|
[12] |
Zhu Ying. Research on Privacy Protection Policy of Mobile Apps in China—Based on the Analysis of 96 Mobile Apps[J]. Jinan Journal (Philosophy & Social Science Edition), 2017, 39(12): 107-114.)
|
[13] |
杨瑞仙, 沈嘉宁, 许帆, 等. 社交媒体APP隐私政策评价指标体系构建及实证研究[J]. 情报理论与实践, 2023, 46(1): 81-89.
|
[13] |
(Yang Ruixian, Shen Jianing, Xu Fan, et al. Construction of Privacy Policy Evaluation Index System for Social Media APPs and Empirical Study[J]. Information Studies: Theory & Application, 2023, 46(1): 81-89.)
|
[14] |
朱璋颖, 陆亦恬, 唐祝寿, 等. 基于隐私政策条款和机器学习的应用分类[J]. 通信技术, 2020, 53(11): 2749-2757.
|
[14] |
(Zhu Zhangying, Lu Yitian, Tang Zhushou, et al. Application Classification Based on Privacy Policy Terms and Machine Learning[J]. Communications Technology, 2020, 53(11): 2749-2757.)
|
[15] |
Wilson S, Schaub F, Dara A A, et al. The Creation and Analysis of a Website Privacy Policy Corpus[C]// Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics. 2016: 1330-1340.
|
[16] |
Oltramari A, Piraviperumal D, Schaub F, et al. PrivOnto: A Semantic Framework for the Analysis of Privacy Policies[J]. Semantic Web, 2018, 9(2): 185-203.
|
[17] |
Sánchez D, Viejo A, Batet M. Automatic Assessment of Privacy Policies Under the GDPR[J]. Applied Sciences, 2021, 11(4): Article No.1762.
|
[18] |
Harkous H, Fawaz K, Lebret R, et al. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning[C]// Proceedings of the 27th USENIX Conference on Security Symposium. ACM, 2018: 531-548.
|
[19] |
贾哲. 基于本体的隐私策略冲突检测研究[D]. 南京: 南京航空航天大学, 2012.
|
[19] |
(Jia Zhe. Research on Ontology-Based Privacy Policy Conflict Detection[D]. Nanjing: Nanjing University of Aeronautics and Astronautics, 2012.)
|
[20] |
雷永康. 中文隐私政策命名实体识别研究[D]. 西安: 西安电子科技大学, 2020.
|
[20] |
(Lei Yongkang. Research on Named Entity Recognition of Chinese Privacy Policy[D]. Xi’an: Xidian University, 2020.)
|
[21] |
Hosseini M B, Breaux T D, Slavin R, et al. Analyzing Privacy Policies Through Syntax-Driven Semantic Analysis of Information Types[J]. Information and Software Technology, 2021, 138: Article No.106608.
|
[22] |
Elluri L, Pande Joshi K, Kotal A. Measuring Semantic Similarity across EU GDPR Regulation and Cloud Privacy Policies[C]// Proceedings of the 2020 IEEE International Conference on Big Data. 2020: 3963-3978.
|
[23] |
Liu W J, Zhou P, Zhao Z, et al. K-BERT: Enabling Language Representation with Knowledge Graph[C]// Proceedings of the 34th AAAI Conference on Artificial Intelligence. 2020: 2901-2908.
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|