Privacy policy compliance detection and analysis based on knowledge graph

Privacy policy compliance detection and analysis based on knowledge graph

The personal information protection law (PIPL) of the People’s Republic of China served as an important legal framework for safeguarding personal information rights. It established clear regulations for personal information controllers in their activities involving the collecting, storing, using, an...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHANG Xiheng, LI Xin, TANG Peng, HUANG Ruiqi, HE Yuan, QIU Weidong
Format: Article
Language:English
Published: POSTS&TELECOM PRESS Co., LTD 2024-12-01
Series:网络与信息安全学报
Subjects:
personal information protection law of the People's Republic of China
privacy policy
privacy protection
compliance check
Online Access:http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024087
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The personal information protection law (PIPL) of the People’s Republic of China served as an important legal framework for safeguarding personal information rights. It established clear regulations for personal information controllers in their activities involving the collecting, storing, using, and sharing of personal information. It also required that these controllers provide explanations within their privacy policies for the services they offered. This meant that any company providing services in China must first offer a privacy policy that complied with the requirements of the PIPL. Therefore, in order to analyze the compliance of privacy policies with respect to the PIPL, an intelligent method was presented for assessing privacy policy compliance based on a knowledge graph. First, a comprehensive analysis of the PIPL was conducted, and a multi-level privacy policy knowledge graph was proposed that covered concepts related to information protection that needed to be explained in privacy policies. Next, a semi-automated method was built for collecting privacy policies and collected the privacy policies of 400 Chinese Apps. 100 policies were cross-annotated based on the knowledge graph, resulting in the creation of the first Chinese privacy policy corpus tailored to the PIPL called APPCP-100 (APP-privacy-policy-corpus-for-PIPL-100). Using this corpus, a Chinese concept classifier model CPP-BERT was constructed to achieve efficient detection of privacy policy compliance. Finally, the knowledge graph was applied to conduct a comprehensive compliance analysis of privacy policies, and the results indicate that the current compliance of Chinese App privacy policies with the fine-grained concepts of the PIPL still needs improvement.
ISSN:2096-109X

Similar Items