[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Incorporating Taxonomic Reasoning and Regulatory Knowledge into Automated Privacy Question Answering

  • Conference paper
  • First Online:
Web Information Systems Engineering – WISE 2024 (WISE 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15436))

Included in the following conference series:

  • 189 Accesses

Abstract

Privacy policies are often lengthy and complex legal documents, and are difficult for many people to read and comprehend. Recent research efforts have explored automated assistants that process the language in policies and answer people’s privacy questions. This study documents the importance of two different types of reasoning necessary to generate accurate answers to people’s privacy questions. The first is the need to support taxonomic reasoning about related terms commonly found in privacy policies. The second is the need to reason about regulatory disclosure requirements, given the prevalence of silence in privacy policy texts. Specifically, we report on a study involving the collection of 749 sets of expert annotations to answer privacy questions in the context of 210 different policy/question pairs. The study highlights the importance of taxonomic reasoning and of reasoning about regulatory disclosure requirements when it comes to accurately answering everyday privacy questions. Next we explore to what extent current generative AI tools are able to reliably handle this type of reasoning. Our results suggest that in their current form and in the absence of additional help, current models cannot reliably support the type of reasoning about regulatory disclosure requirements necessary to accurately answer privacy questions. We proceed to introduce and evaluate different approaches to improving their performance. Through this work, we aim to provide a richer understanding of the capabilities automated systems need to have to provide accurate answers to everyday privacy questions and, in the process, outline paths for adapting AI models for this purpose.

A. Ravichander and I. Yang—The first two authors contributed equally to this work. Please refer questions about this research to the last author, Prof. N. Sadeh - sadeh@cs.cmu.edu.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 49.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 64.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Our interpretation of this pseudo-hypernym is that payment information can include Point-of-Sale data and therefore be indicative of a location visited by the user.

  2. 2.

    Accessed Nov 30, 2023.

  3. 3.

    We find that Llama-2 often generates responses we are unable to map to any of our categories, in these cases we do not assign a positive score to the model’s prediction.

References

  1. Andow, B., et al.: \(\{\)PolicyLint\(\}\): investigating internal privacy policy contradictions on google play. In: 28th USENIX Security Symposium (2019)

    Google Scholar 

  2. Balaji, A., Duesterwald, L., Yang, I., Priyanshu, A., Alfieri, C., Sadeh, N.: Generating effective answers to people’s everyday cybersecurity questions: an initial study. In: International Conference on Web Information Systems Engineering (2024)

    Google Scholar 

  3. Bhatia, J., et al.: Automated extraction of regulated information types using hyponymy relations. In: 2016 IEEE 24th International Requirements Engineering Conference Workshops, pp. 19–25. IEEE (2016)

    Google Scholar 

  4. Evans, M.C., et al.: An evaluation of constituency-based hyponymy extraction from privacy policies. In: IEEE 25th International Requirements Engineering Conference (2017)

    Google Scholar 

  5. Harkous, H., et al.: Polisis: automated analysis and presentation of privacy policies using deep learning. arXiv preprint arXiv:1802.02561 (2018)

  6. Kelley, P.G., et al.: A nutrition label for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security. ACM (2009)

    Google Scholar 

  7. Kelley, P.G., et al.: Privacy as part of the app decision-making process. Association for Computing Machinery (2013)

    Google Scholar 

  8. Manandhar, S., et al.: Smart home privacy policies demystified: a study of availability, content, and coverage. In: 31st USENIX Security Symposium (2022)

    Google Scholar 

  9. Mysore Sathyendra, K., Wilson, S., Schaub, F., Zimmeck, S., Sadeh, N.: Identifying the provision of choices in privacy policy text. In: EMNLP (2017)

    Google Scholar 

  10. Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Seman. Web 9(2), 185–203 (2017)

    Google Scholar 

  11. OpenAI: GPT-4 technical report (2023)

    Google Scholar 

  12. Ravichander, A., et al.: Question answering for privacy policies: combining computational and legal perspectives. In: EMNLP (2019)

    Google Scholar 

  13. Reidenberg, J.R., et al.: Disagreeable privacy policies: mismatches between meaning and users’ understanding. Berkeley Tech. LJ 30, 39 (2015)

    Google Scholar 

  14. Sadeh, N., et al.: The usable privacy policy project: combining crowdsourcing, machine learning and natural language processing to semi-automatically answer those privacy questions users care about, Technical Report CMU-ISR-13-119, Carnegie Mellon University, Pittsburgh, Pennsylvania (2013)

    Google Scholar 

  15. Touvron, H., et al.: Llama 2: open foundation and fine-tuned chat models (2023)

    Google Scholar 

  16. Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) (2016)

    Google Scholar 

  17. Zhang, S., et al.: How usable are IOS app privacy labels. Proc. Priv. Enhancing Technol. 2022(4) (2022)

    Google Scholar 

  18. Zimmeck, S., et al.: Maps: scaling privacy compliance analysis to a million apps. Proc. Priv. Enhancing Technol. 2019(3), 66–86 (2019)

    Article  Google Scholar 

Download references

Acknowledgments

This research has been supported in part by grants from the National Science Foundation under the SaTC program (grants CNS-1914486, 1914444, 1914446) and under the REU program, the latter in part through CMU’s RE-USE Program (NSF grant 2150217).

Author information

Authors and Affiliations

  1. University of Washington, Seattle, USA

    Abhilasha Ravichander

  2. Georgia Institute of Technology, Atlanta, USA

    Ian Yang

  3. Carnegie Mellon University, Pittsburgh, USA

    Ian Yang, Rex Chen & Norman Sadeh

  4. Penn State University, University Park, USA

    Shomir Wilson

  5. Fordham University, New York, USA

    Thomas Norton

Authors
  1. Abhilasha Ravichander
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rex Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shomir Wilson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Norton
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Norman Sadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ian Yang .

Editor information

Editors and Affiliations

  1. Qatar University, Doha, Qatar

    Mahmoud Barhamgi

  2. Victoria University, Melbourne, VIC, Australia

    Hua Wang

  3. Tianjin University, Tianjin, China

    Xin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ravichander, A., Yang, I., Chen, R., Wilson, S., Norton, T., Sadeh, N. (2025). Incorporating Taxonomic Reasoning and Regulatory Knowledge into Automated Privacy Question Answering. In: Barhamgi, M., Wang, H., Wang, X. (eds) Web Information Systems Engineering – WISE 2024. WISE 2024. Lecture Notes in Computer Science, vol 15436. Springer, Singapore. https://doi.org/10.1007/978-981-96-0579-8_31

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0579-8_31

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0578-1

  • Online ISBN: 978-981-96-0579-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation