Privacy Policy Analysis

Privacy-policy documents are a primary channel to inform users how their data is collected and/or shared, but they are hard for the users to understand due to their great length and use of legal/vague terms. Hard-to-understand privacy-policy documents can lead to blind consent or click-through agreements, placing users at privacy risks.

To alleviate the difficulties in reading/comprehending privacy policy documents, this project aims to analyze privacy policies and present them in an easy-to-read form to the users. Our approach includes analyzing privacy documents in a fine grain manner and designing user interfaces and models for improving user understanding of the documents. In particular, we create large annotated datasets of privacy policies and analyze them with neural natural language processing techniques.

Faculty

  • Kang G. Shin

Graduate Students

  • Brian Tang


Publications

  • Duc Bui, Brian Tang, and Kang G. Shin, Detection of Inconsistencies in Privacy Practices of Browser Extensions, in the 44th IEEE Symposium on Security & Privacy (Oakland '23), San Francisco, CA, May 2023.
    <pdf> 
  • Duc Bui, Brian Tang, and Kang G. Shin, Do Opt-Outs Really Opt Me Out?, in the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22), Los Angeles, CA, November 2022.
    <pdf>  <html> 
  • Duc Bui, Yuan Yao, Kang G. Shin, Jong-Min Choi, and Junbum Shin, Consistency Analysis of Data-Usage Purposes in Mobile Apps, in the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21), Virtual conference, November 2021.
    <pdf> 
  • Duc Bui, Kang G. Shin, Jong-Min Choi, and Junbum Shin, Automated Extraction and Presentation of Data Practices in Privacy Policies, in the 21st Privacy Enhancing Technologies Symposium (PETS '21), Virtual conference, July 2021.
    <pdf>