Seeing through Website Privacy Policies Rishiraj Saha Roy Max Planck Institute for Informatics Saarbrücken, Germany "Data, Responsibly", Dagstuhl Seminar, 20 July 2016
Opacity in today’s Website privacy policies Privacy policies are very long “Cookie messages” not enough "Data, Responsibly", Dagstuhl Seminar, 20 July 2016
Understanding privacy policies better Data collection: Contact, Location, Financial, Health Yes, No, Not clear, Not applicable Sharing collected information with third parties No sharing, For core service only, Sharing for other purpose, Sharing for other purpose (explicit consent), Unclear, Not applicable Deletion of user information No removal, full removal, partial removal, Unclear, Not applicable Humans can find answers, machine can find relevant excerpts! Wilson et al., Crowdsourcing Annotations for Websites' Privacy Policies: Can it Really Work?, WWW 2016 Best Paper Nominee "Data, Responsibly", Dagstuhl Seminar, 20 July 2016
How can we guide the user better (trivially)? When you visit the platform, we may collect information from you. Some of it may be personal information. This information can include search history, IP address, screen resolution, browser used, operating system and settings, access times and referring URL. If you are using a mobile device, we may also collect data that identifies your device, your settings and your location. We may share your personal information with our corporate affiliates and with third parties for our legitimate business purposes as permitted by law. For example, we may share your personal information with suppliers who perform services on our behalf and have agreed in writing to protect and not further disclose your information. <No information on data deletion> Policy summary Trackers, if any "Data, Responsibly", Dagstuhl Seminar, 20 July 2016
Automatic reasoning and finding alternatives X P P X X Suggest alternatives Get user’s privacy settings Check site policy compliance "Data, Responsibly", Dagstuhl Seminar, 20 July 2016
Research challenges Some policy aspects unclear to humans Disagreements between average and expert users Reasoning about clauses non-trivial Not every request is through search engine "Data, Responsibly", Dagstuhl Seminar, 20 July 2016
Recommend
More recommend