SOK:THREE FACETSOF POLICIES Victor Morel ([email protected]), Raúl Pardo ([email protected]) SOUPS 2021

Motivation Insights Natural Language Facet

• Privacy policies are the main way to obtain infor- mation related to personal collection Existing means of expressing privacy policies can- • They are however rarely read nor understood not be legally valid and understandable and au- • Different means of expressing privacy policies tomatically enforceable arose from different communities, adressing differ- ent requirements, i.e., legal validity, understand- ability, and enforceability Recommendations Figure 1: Excerpt of Facebook’s privacy policy menu • So far, no work systematically studied the different means of expressing privacy policies Privacy policies should be presented as multi- Aimed at: law practitioners faceted, combining natural language, graphical Methodology representations, and machine-readable facets. Graphical Facet

• We use the term facet to denote each main way Natural Language facet to express privacy policies, i.e., in natural lan- Graphical facet Machine-readable facet guage, with graphical representations, and us- ing machine-readable means. Figure 2: Excerpt of the Privacy Tech icons [2] • We categorize the content of each facet with a tax- Aimed at: the general public onomy inspired by Wilson et al. [3]: 1st Party Type of data collected, purpose and collection mode Provide measurement, analytics, and Machine-readable Facet 3rd Party Type of data, purpose and collection mode for third parties other business services. We use the "datatype": Legal Basis Ground which determines the lawfulness of processing information we have (including your ac- tivity off our Products, such as the web- "Websites visited", DS Rights Rights of the data subjects Listing 1: Excerpt of a Pilot [1] privacy policy implemented in JSON sites you visit and ads you see) to help "dcr":[{ 1 { Data Retention Duration of advertisers and other partners measure "entity": "Facebook" 2 "pilotRule":[{ Modalities of protection of data the effectiveness and distribution of their "dur": [{ 3 "datatype":"Wi-FiMAC Address", ads and services, and understand the Policy Change Modalities of notification for policy changes "purpose": 4 "dcr":[{ types of people who use their services "Analytics" ... 5 "entity":"Google", Other Identity of DC, information related to DNT, to children ... and how people interact with their web- 6 "dur":[{ sites, apps, and services. • For each facet we also study specific tools, bene- 7 "purpose":"Marketing", fits, and limitations: 8 "retentionTime":30 9 }] Natural Language Graphical Machine-readable 10 }] Templates Enforcement engines Example of a multi-faceted privacy policy 11 }] Notifications Generators Formal semantics 12 } Tools Retrievers Policy comparison Visual comparison + Multifaceted policies overcomes the respective limitations Analysis tools Analysis tools Aimed at: machines Enforcement of each facet by bringing together their benefits Auditability Benefits Legal value Understandability Correctness - In multifaceted policies, ensuring the consistency of References Automation Ambiguity Ambiguity Understandability facets may be challenging [1] Raúl Pardo and Daniel Le Métayer. “Analysis of privacy policies to enhance informed consent”. In: IFIP Annual Conference Limitations Understandability Incompleteness Lack of adoption on Data and Applications Security and Privacy. Springer. 2019, pp. 177–198. [2] Privacy Tech. Privacy Icons. 2018. URL: ://www.privacytech.fr/privacy-icons/. Enforceability [3] Shomir Wilson et al. “The creation and analysis of a website privacy policy corpus”. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). 2016, pp. 1330–1340.