Open Access iconOpen Access

ARTICLE

crossmark

A GDPR Compliant Approach to Assign Risk Levels to Privacy Policies

Abdullah R. Alshamsan1, Shafique A. Chaudhry1,2,*

1 Department of Computer Science, Clarkson University, Clarkson Ave, Potsdam, 13699, NY, USA
2 David D. Reh School of Business, Clarkson University, Clarkson Ave, Potsdam, 13699, NY, USA

* Corresponding Author: Shafique A. Chaudhry. Email: email

Computers, Materials & Continua 2023, 74(3), 4631-4647. https://doi.org/10.32604/cmc.2023.034039

Abstract

Data privacy laws require service providers to inform their customers on how user data is gathered, used, protected, and shared. The General Data Protection Regulation (GDPR) is a legal framework that provides guidelines for collecting and processing personal information from individuals. Service providers use privacy policies to outline the ways an organization captures, retains, analyzes, and shares customers’ data with other parties. These policies are complex and written using legal jargon; therefore, users rarely read them before accepting them. There exist a number of approaches to automating the task of summarizing privacy policies and assigning risk levels. Most of the existing approaches are not GDPR compliant and use manual annotation/labeling of the privacy text to assign risk level, which is time-consuming and costly. We present a framework that helps users see not only data practice policy compliance with GDPR but also the risk levels to privacy associated with accepting that policy. The main contribution of our approach is eliminating the overhead cost of manual annotation by using the most frequent words in each category to create word-bags, which are used with Regular Expressions and Pointwise Mutual Information scores to assign risk levels that comply with the GDPR guidelines for data protection. We have also developed a web-based application to graphically display risk level reports for any given online privacy policy. Results show that our approach is not only consistent with GDPR but performs better than existing approaches by successfully assigning risk levels with 95.1% accuracy after assigning data practice categories with an accuracy rate of 79%.

Keywords


Cite This Article

APA Style
Alshamsan, A.R., Chaudhry, S.A. (2023). A GDPR compliant approach to assign risk levels to privacy policies. Computers, Materials & Continua, 74(3), 4631-4647. https://doi.org/10.32604/cmc.2023.034039
Vancouver Style
Alshamsan AR, Chaudhry SA. A GDPR compliant approach to assign risk levels to privacy policies. Comput Mater Contin. 2023;74(3):4631-4647 https://doi.org/10.32604/cmc.2023.034039
IEEE Style
A.R. Alshamsan and S.A. Chaudhry, "A GDPR Compliant Approach to Assign Risk Levels to Privacy Policies," Comput. Mater. Contin., vol. 74, no. 3, pp. 4631-4647. 2023. https://doi.org/10.32604/cmc.2023.034039



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 3756

    View

  • 761

    Download

  • 2

    Like

Share Link