Skip to main content
SpringerLink
Log in

CompLicy: Evaluating the GDPR Alignment of Privacy Policies - A Study on Web Platforms

  • Conference paper
  • First Online:
Research Challenges in Information Science (RCIS 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 415))

Included in the following conference series:

Abstract

The European Union General Data Protection Regulation (GDPR) came into effect on May 25, 2018, imposing new rights and obligations for the collection and processing of EU citizens personal data. Inevitably, privacy policies of systems handling such data are required to be adapted accordingly. Specific rights and provisions are now required to be communicated to the users, as specified in GDPR Articles 12-14. This work aims to provide insights on whether privacy policies are aligned to the GDPR in this regard, i.e., including the needed information, formulated in sets of terms, by studying the paradigm of web platforms. We present: (1) a defined set of 89 terms, in 7 groups that need to be included within a systems’ privacy policy, resulting from a study of the GDPR and from an examination and analysis of real-life web platforms privacy policies; (2) the CompLicy tool, which as a first step crawls a given web platform, to infer whether a privacy policy page exists and, if it does, subsequently parses it, identifying GDPR terms and groups within, and finally, providing results for the inclusion of the necessary GDPR information within the aforementioned policy; (3) the evaluation of 148 existing web platforms, from 5 different sectors: (i) banking, (ii) e-commerce, (iii) education, (iv) travelling, and (v) social media, presenting the results .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    According to GDPR, personal data are defined as information that relates to an identified or identifiable individual.

  2. 2.

    https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/.

  3. 3.

    https://www.statista.com/statistics/251666/number-of-digital-buyers-worldwide/.

  4. 4.

    https://www.statista.com/chart/21224/learners-impacted-by-national-school-closures/, https://en.unesco.org/covid19/educationresponse.

  5. 5.

    https://www.statista.com/chart/19058/how-many-websites-are-there/.

  6. 6.

    “CompLicy” is a portmanteau, i.e., a made-up word, coined from the combination of the words “Compliance” and “Policy”.

References

  1. Chang, C., Li, H., Zhang, Y., Du, S., Cao, H., Zhu, H.: Automated and personalized privacy policy extraction under GDPR consideration. In: Biagioni, E.S., Zheng, Y., Cheng, S. (eds.) WASA 2019. LNCS, vol. 11604, pp. 43–54. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23597-0_4

    Chapter  Google Scholar 

  2. Contissa, G., et al.: CLAUDETTE meets GDPR: Automating the evaluation of privacy policies using artificial intelligence. SSRN 3208596 (2018)

    Google Scholar 

  3. European Parliament and Council of the European Union: Charter of fundamental rights of the European union. Official Journal of the European Union (2012)

    Google Scholar 

  4. European Parliament and Council of the European Union: General data protection regulation. Official Journal of the European Union (2015)

    Google Scholar 

  5. Hadar, I., et al.: Privacy by designers: software developers’ privacy mindset. Empirical Softw. Eng. 23(1), 259–289 (2018)

    Article  Google Scholar 

  6. Krumay, B., Klar, J.: Readability of privacy policies. In: Singhal, A., Vaidya, J. (eds.) DBSec 2020. LNCS, vol. 12122, pp. 388–399. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-49669-2_22

    Chapter  Google Scholar 

  7. Linden, T., Khandelwal, R., Harkous, H., Fawaz, K.: The privacy policy landscape after the GDPR. Priv. Enhanc. Technol. 2020(1), 47–64 (2020)

    Article  Google Scholar 

  8. McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A comparative study of online privacy policies and formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_3

    Chapter  Google Scholar 

  9. Renaud, K., Shepherd, L.A.: How to make privacy policies both GDPR-compliant and usable. In: International Conference on Cyber Situational Awareness, Data Analytics and Assessment, pp. 1–8. IEEE (2018)

    Google Scholar 

  10. Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: Privacy policy benchmarking using machine learning and the EU GDPR. In: The Web Conference, pp. 163–166 (2018)

    Google Scholar 

  11. Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: International Workshop on Security and Privacy Analytics. pp. 15–21 (2018)

    Google Scholar 

  12. Torre, D., Abualhaija, S., Sabetzadeh, M., Briand, L., Baetens, K., Goes, P., Forastier, S.: An AI-assisted approach for checking the completeness of privacy policies against GDPR. In: International Requirements Engineering Conference, pp. 136–146. IEEE (2020)

    Google Scholar 

  13. Vanezi, E., et al.: GDPR Compliance in the Design of the INFORM e-learning platform: a case study. In: International Conference on Research Challenges in Information Science, pp. 1–12. IEEE (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Cyprus, Nicosia, Cyprus

    Evangelia Vanezi, George Zampa, Christos Mettouris, Alexandros Yeratziotis & George A. Papadopoulos

Authors
  1. Evangelia Vanezi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Zampa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christos Mettouris
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alexandros Yeratziotis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. George A. Papadopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Evangelia Vanezi .

Editor information

Editors and Affiliations

  1. Conservatoire National des Arts et MĂ©tiers, Paris, France

    Samira Cherfi

  2. Fondazione Bruno Kessler, Trento, Italy

    Anna Perini

  3. University Paris 1 Panthéon-Sorbonne, Paris, France

    Selmin Nurcan

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vanezi, E., Zampa, G., Mettouris, C., Yeratziotis, A., Papadopoulos, G.A. (2021). CompLicy: Evaluating the GDPR Alignment of Privacy Policies - A Study on Web Platforms. In: Cherfi, S., Perini, A., Nurcan, S. (eds) Research Challenges in Information Science. RCIS 2021. Lecture Notes in Business Information Processing, vol 415. Springer, Cham. https://doi.org/10.1007/978-3-030-75018-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75018-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75017-6

  • Online ISBN: 978-3-030-75018-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation