An Aston University researcher has suggested a more human-friendly way of reading websites' long-winded privacy notices.
A team led by Dr. Vitor Jesus has developed a system of making them quicker and easier to understand by converting them into machine-readable formats. This technique could allow the browser to guide the user through the document with recommendations or highlights of key points.
Providing privacy information is one of the key requirements of the UK General Data Protection Regulation (GDPR) and the UK Data protection Act but trawling through them can be a tedious manual process.
In 2012, The Atlantic magazine estimated it would take 76 days per year to diligently read privacy notices.
Privacy notices let people know what is being done with their data, how it will be kept safe if it's shared with anyone else and what will happen to it when it's no longer needed.
However, the documents are written in non-computer, often legal language, so in the paper Feasibility of Structured, Machine-Readable Privacy Notices Dr. Jesus and his team explored the feasibility of representing privacy notices in a machine-readable format.
Dr. Jesus said, "The notices are essential to keep the public informed and data controllers accountable, however they inherit a pragmatism that was designed for different contexts such as software licenses or to meet the—perhaps not always necessary—verbose completeness of a legal contract.
"And there are further challenges concerning updates to notices, another requirement by law, and these are often communicated off-band, e.g., by email if a user account exists."
Between August and September 2022, the team examined the privacy notices of 50 of the U.K.'s most popular websites, from global organizations such as Google.com to U.K. sites such as john-lewis.com. They covered a number of areas such as online services, news and fashion to be representative.
The researchers manually identified the notices' apparent structure and noted commonly-themed sections, then designed a JavaScript Object Notation (JSON) schema which allowed them to validate, annotate, and manipulate documents.
After identifying an overall potential structure, they revisited each notice to convert them into a format that was machine readable but didn't compromise both legal compliance and the rights of individuals.
Although there has been previous work to tackle the same problem, the Aston University team focused primarily on automating the policies rather than data collection and processing.
Dr. Jesus, who is based at the University's College of Engineering and Physical Sciences said, "Our research paper offers a novel approach to the long-standing problem of the interface of humans and online privacy notices.
"As literature and practice, and even art, for more than a decade have identified, privacy notices are nearly always ignored and "accepted" with little thought, mostly because it is not practical nor user-friendly to depend on reading a long text simply to access, for example, a news website. Nevertheless, privacy notices are a central element in our digital lives, often mandated by law, and with dire, often invisible, consequences."
The paper was published and won best paper at the International Conference on Behavioural and Social Computing, November 2023, now indexed at IEEE Xplore.
The team are now examining if AI can be used to further speed up the process by providing recommendations to the user, based on past preferences.
More information: Vitor Jesus et al, Feasibility of Structured, Machine-Readable Privacy Notices, 2023 10th International Conference on Behavioural and Social Computing (BESC) (2024). DOI: 10.1109/BESC59560.2023.10386763
Citation: New technique makes lengthy privacy notices easier to understand by converting them into machine-readable formats (2024, June 20) retrieved 20 June 2024 from https://techxplore.com/news/2024-06-technique-lengthy-privacy-easier-machine.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.