Personalised Privacy Policies

  • Harshvardhan Jitendra PanditEmail author
  • Declan O’Sullivan
  • Dave Lewis
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 909)


Internet services have become an important part of the daily life for a large number of people, and often deal with varying amounts of personal information. A privacy policy is a legal document governed by territorial laws that outlines the collection, usage, storage, and sharing of personal data. A known problem with such documents is its ambiguity and difficulty in comprehension for end users. The General Data Protection Regulation (GDPR) requires transparency regarding the provision of such information to the data subject through its various obligations and rights. We propose a remodelling of the privacy policy based on provision of relevant information regarding personal data specific to the user. Such a policy will dynamically reflect the state of activities over personal data using a legal and comprehensive document, and can be used as a tool for the provision of rights and requests from data subjects. We support our discussion with an example use-case of a GDPR-based privacy policy adopted from online services. We present our analysis on identifying changes and our approach towards the representation and creation of such dynamic policies.


Privacy policy Personalisation GDPR Metadata 



This work is supported by the ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.


  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88, May 2016.
  2. 2.
    Ammar, W., Wilson, S., Sadeh, N., Smith, N.A.: Automatic categorization of privacy policies: a pilot study (2012).
  3. 3.
    Bhatia, J., Breaux, T.D.: A data purpose case study of privacy policies. In: 2017 IEEE 25th International Requirements Engineering Conference (RE), pp. 394–399. IEEE (2017)Google Scholar
  4. 4.
    Bier, C., Kühne, K., Beyerer, J.: PrivacyInsight: the next generation privacy dashboard. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 135–152. Springer, Cham (2016). Scholar
  5. 5.
    Esayas, S., Mahler, T., McGillivray, K.: Is a picture worth a thousand terms? Visualising contract terms and data protection requirements for cloud computing users. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 39–56. Springer, Cham (2016). Scholar
  6. 6.
    Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence, WI 2017, pp. 18–25. ACM, New York (2017).
  7. 7.
    Fawaz, H.H.K., Schaub, R.L.F., Karl, K.G.S.: Polisis: automated analysis and presentation of privacy policies using deep learning. Technical report, EPFL (2017).
  8. 8.
    Jensen, C., Potts, C.: Privacy policies as decision-making tools: an evaluation of online privacy notices. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 471–478. ACM, New York (2004).
  9. 9.
    Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018).
  10. 10.
    Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). Scholar
  11. 11.
    Pandit, H.J., Lewis, D.: Modelling provenance for GDPR compliance using linked open data vocabularies. In: Proceedings of the 5th Workshop on Society, Privacy and the Semantic Web - Policy and Technology (PrivOn2017) (PrivOn) (2017).
  12. 12.
    Rossi, A., Palmirani, M.: A visualization approach for adaptive consent in the european data protection framework. In: 2017 Conference for E-Democracy and Open Government (CeDEM), pp. 159–170, May 2017.
  13. 13.
    Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: WWW 2018 Companion Proceedings of the Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2018).
  14. 14.
    Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, IWSPA 2018, pp. 15–21. ACM, New York (2018).
  15. 15.
    Wilson, S., et al.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330–1340. Association for Computational Linguistics, Berlin, Germany, August 2016.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Harshvardhan Jitendra Pandit
    • 1
    Email author
  • Declan O’Sullivan
    • 1
  • Dave Lewis
    • 1
  1. 1.ADAPT CentreTrinity College DublinDublinIreland

Personalised recommendations