Top

Hint

Swipe to navigate through the chapters of this book

Published in:

Read chapter Read first chapter

2019 | OriginalPaper | Chapter

On GDPR Compliance of Companies’ Privacy Policies

Authors : Nicolas M. Müller, Daniel Kowatsch, Pascal Debus, Donika Mirdita, Konstantin Böttinger

Published in: Text, Speech, and Dialogue

Publisher: Springer International Publishing

Abstract

We introduce a data set of privacy policies containing more than 18,300 sentence snippets, labeled in accordance to five General Data Protection Regulation (GDPR) privacy policy core requirements. We hope that this data set will enable practitioners to analyze and detect policy compliance with the GDPR legislation in various documents. In order to evaluate our data set, we apply a number of NLP and other classification algorithms and achieve an \(F_1\) score between 0.52 and 0.71 across the five requirements. We apply our trained models to over 1200 real privacy policies which we crawled from companies’ websites, and find that over 76% do not contain all of the requirements, thus potentially not fully complying with GDPR.

To get access to this content you need the following product:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

inform now

previous chapter Czech Text Processing with Contextual Embeddings: POS Tagging, Lemmatization, Parsing and NER

next chapter A Semi-automatic Structure Learning Method for Language Modeling

Obtainable at: http://git.aisec.fraunhofer.de/projects/GDPRCOM/repos/on-gdpr-compliance.

https://github.com/eyaler/word2vec-slim.

https://dl.fbaipublicfiles.com/fasttext/vectors-crawl/cc.en.300.bin.gz.

https://tfhub.dev/google/elmo/2.

Bojanowski, P., Grave, E., Joulin, A., Mikolov, T.: Enriching word vectors with subword information. Trans. Assoc. Comput. Linguist. 5, 135–146 (2017) CrossRef

Bowyer, K.W., Chawla, N.V., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. CoRR abs/1106.1813 (2011). http://arxiv.org/abs/1106.1813

Chollet, F.: Keras (2015). https://github.com/fchollet/keras

Deloitte: Deloitte general data protection regulation benchmarking survey (2018). https://www2.deloitte.com/content/dam/Deloitte/be/Documents/risk/emea-gdpr-benchmarking-survey.pdf

Dragoni, M., Villata, S., Rizzi, W., Governatori, G.: Combining NLP approaches for rule extraction from legal documents. In: 1st Workshop on MIning and REasoning with Legal Texts (MIREL 2016) (2016)

Gowling WLG: Checklist for tasks needed in order to comply with GDPR. https://gowlingwlg.com/GowlingWLG/media/UK/pdf/170630-gdpr-checklist-for-compliance.pdf. Accessed 31 Mar 2019

Hachey, B., Grover, C.: Extractive summarisation of legal texts. Artif. Intell. Law 14(4), 305–345 (2006) CrossRef

Japkowicz, N., Stephen, S.: The class imbalance problem: a systematic study. Intell. Data Anal. 6, 429–449 (2002) CrossRef

Kiyavitskaya, N., et al.: Automating the extraction of rights and obligations for regulatory compliance. In: Li, Q., Spaccapietra, S., Yu, E., Olivé, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 154–168. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87877-3_13 CrossRef

10.

Lame, G.: Using NLP techniques to identify legal ontology components: concepts and relations. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. LNCS (LNAI), vol. 3369, pp. 169–184. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-32253-5_11 CrossRef

11.

Law.Com: Over half of companies are far from GDPR compliance, report finds (2018). https://www.law.com/corpcounsel/2018/10/19/over-half-of-companies-are-far-from-gdpr-compliance-report-finds/

12.

Mikolov, T., Sutskever, I., Chen, K., Corrado, G.S., Dean, J.: Distributed representations of words and phrases and their compositionality. In: Advances in Neural Information Processing Systems, pp. 3111–3119 (2013)

13.

Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011) MathSciNetMATH

14.

Peters, M.E., et al.: Deep contextualized word representations. CoRR abs/1802.05365 (2018). http://arxiv.org/abs/1802.05365

Title: On GDPR Compliance of Companies’ Privacy Policies
Authors: Nicolas M. Müller
Daniel Kowatsch
Pascal Debus
Donika Mirdita
Konstantin Böttinger
Publisher: Springer International Publishing
Book: Text, Speech, and Dialogue
Print ISBN: 978-3-030-27946-2

Electronic ISBN: 978-3-030-27947-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-27947-9_13

Springer Professional

Hint

Swipe to navigate through the chapters of this book

Abstract

Please log in to get access to this content

To get access to this content you need the following product:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner