论文信息 - Crowdsourcing the Extraction of Data Practices from Privacy Policies

Crowdsourcing the Extraction of Data Practices from Privacy Policies

Website and mobile application privacy policies are intended to describe the system’s data practices. However, they are often written in non-standard formats and contain ambiguities that make it difficult for users to read and comprehend these documents. We propose a crowdsourcing approach to extract data practices from privacy policies to provide more concise and useable privacy notices to users and support the analysis of stated data practices. To that end, we designed a hierarchical task workflow for crowdsourcing the extraction of data practices from privacy policies. We discuss our workflow design and report preliminary results.

Norman M. Sadeh | Travis D. Breaux | Florian Schaub

[1] Travis D. Breaux,et al. Scaling requirements extraction to the crowd: Experiments with privacy policies , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[2] Noah A. Smith,et al. Automatic Categorization of Privacy Policies: A Pilot Study , 2012 .

[3] Lorrie Faith Cranor,et al. Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice , 2012, J. Telecommun. High Technol. Law.

[4] Steven M. Bellovin,et al. Privee: An Architecture for Automatically Analyzing Web Privacy Policies , 2014, USENIX Security Symposium.

[5] Aniket Kittur,et al. Crowd synthesis: extracting categories and clusters from complex data , 2014, CSCW.

[6] Noah A. Smith,et al. Unsupervised Alignment of Privacy Policies using Hidden Markov Models , 2014, ACL.

[7] Ashwini Rao,et al. Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements , 2014, Requirements Engineering.