Privacy2Practice: Leveraging Automated Analysis for Privacy Policy Transparency and Compliance

Saja Alqurashi; Saja Alqurashi; Indrakshi Ray

doi:10.5220/0013518600003979

Privacy2Practice: Leveraging Automated Analysis for Privacy Policy Transparency and Compliance

Saja Alqurashi, Saja Alqurashi, Indrakshi Ray

2025

Abstract

Privacy policies play a critical role in safeguarding information systems, yet they are frequently expressed in lengthy, complex natural language documents. The intricate and dense language of these policies poses sub-stantial challenges, making it difficult for both novice users and experts to fully comprehend data collection, sharing practices, and the overall transparency of data handling. This issue is particularly concerning given the necessity of disclosing data practices to users, as mandated by privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). To address these challenges and improve data transparency, this paper introduces Privacy2Practice, a comprehensive automated framework leveraging Natural Language Processing (NLP) techniques to extract and analyze key information from privacy policies. By automating the identification of data practices mandated by privacy regulations, the framework assesses how transparently these practices are disclosed, ensuring better alignment with regulatory requirements.The proposed approach significantly enhances the transparency and the compliance of privacy policies by identifying entities (F1-scores: 97% for first-party and 93% for third-party entities), data types (F1-score: 82%), and purposes of data collection and sharing (F1-score: 90%). These results underscore the importance of transparency, particularly when data is shared with external parties, and highlight the challenges associated with automating privacy policy analysis. The results highlight significant challenges, such as undisclosed third-party sharing, while showcasing the potential of automation to be more comprehensive, transparent and compliant with regulatory standards.

Download

Paper Citation

in Harvard Style

Alqurashi S. and Ray I. (2025). Privacy2Practice: Leveraging Automated Analysis for Privacy Policy Transparency and Compliance. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 132-143. DOI: 10.5220/0013518600003979

in Bibtex Style

@conference{secrypt25,
author={Saja Alqurashi and Indrakshi Ray},
title={Privacy2Practice: Leveraging Automated Analysis for Privacy Policy Transparency and Compliance},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={132-143},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013518600003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Privacy2Practice: Leveraging Automated Analysis for Privacy Policy Transparency and Compliance
SN - 978-989-758-760-3
AU - Alqurashi S.
AU - Ray I.
PY - 2025
SP - 132
EP - 143
DO - 10.5220/0013518600003979
PB - SciTePress