网络与信息安全学报 (Dec 2023)
GDPR-oriented intelligent checking method of privacy policies compliance
Abstract
The implementation of the EU’s General Data Protection Regulation (GDPR) has resulted in the imposition of over 300 fines since its inception in 2018.These fines include significant penalties for prominent companies like Google, which were penalized for their failure to provide transparent and comprehensible privacy policies.The GDPR, known as the strictest data protection laws in history, has made companies worldwide more cautious when offering cross-border services, particularly to the European Union.The regulation's territorial scope stipulates that it applies to any company providing services to EU citizens, irrespective of their location.This implies that companies worldwide, including domestic enterprises, are required to ensure compliance with GDPR in their privacy policies, especially those involved in international operations.To meet this requirement, an intelligent detection method was introduced.Machine learning and automation technologies were utilized to automatically extract privacy policies from online service companies.The policies were converted into a standardized format with a hierarchical structure.Through natural language processing, the privacy policies were classified, allowing for the identification of relevant GDPR concepts.In addition, a constructed GDPR taxonomy was used in the detection mechanism to identify any missing concepts as required by GDPR.This approach facilitated intelligent detection of GDPR-oriented privacy policy compliance, providing support to domestic enterprises while they provided cross-border services to EU users.Analysis of the corpus samples reveals the current situation that mainstream online service companies generally fail to meet GDPR compliance requirements.
Keywords
