Projects per year
Abstract
Almost every website, mobile application or cloud service requires users to agree to a privacy policy, or similar terms of service, detailing how the developer or service provider will handle user data, and the purposes for which it will be used. Many past works have criticised these documents on account of their length, excessively complex wording, or the simple fact that users typically do not read or understand them, and that potentially invasive or wide-reaching terms are included in these policies. In this paper, we present our automated approach and tool to gather and analyse these policies, and highlight some interesting considerations for these documents, specifically those surrounding past legal rulings over the enforceability of some specific and widely-used contract terms --- the ability for terms to be changed without directly notifying users (and presumed continued use indicates acceptance), and the protections in place in the event of a sale or acquisition of a company. We highlight the concerns these pose to user privacy and choice, and the extent to which these terms are found in policies and documents from many popular websites. We use our tool to highlight the extent to which these terms are found, and the extent of this potential problem, and explore potential solutions to the challenge of regulating user privacy via such contracts in an era where mobile devices contain significant quantities of highly sensitive personal data, which is highly desirable to service operators, as a core valuation asset of their company.
Original language | English |
---|---|
Number of pages | 5 |
Publication status | Published - Oct 2015 |
Event | Wireless World Research Forum Meeting 35 (WWRF35) - Aalborg University, Copenhagen Campus, Copenhagen, Denmark Duration: 14 Oct 2015 → 16 Oct 2015 |
Conference
Conference | Wireless World Research Forum Meeting 35 (WWRF35) |
---|---|
Country/Territory | Denmark |
City | Copenhagen |
Period | 14/10/15 → 16/10/15 |
Keywords
- privacy
- privacy policies
- personal data
Fingerprint
Dive into the research topics of 'Automating identification of potentially problematic privacy policies'. Together they form a unique fingerprint.Projects
- 1 Finished
-
Epsrc Doctoral Training Grant / RA8099
EPSRC (Engineering and Physical Sciences Research Council)
1/10/12 → 30/09/16
Project: Research Studentship - Internally Allocated