Privacy policy compliance detection and analysis based on knowledge graph
The personal information protection law (PIPL) of the People’s Republic of China served as an important legal framework for safeguarding personal information rights. It established clear regulations for personal information controllers in their activities involving the collecting, storing, using, an...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024087 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1823864810725441536 |
|---|---|
| author | ZHANG Xiheng LI Xin TANG Peng HUANG Ruiqi HE Yuan QIU Weidong |
| author_facet | ZHANG Xiheng LI Xin TANG Peng HUANG Ruiqi HE Yuan QIU Weidong |
| author_sort | ZHANG Xiheng |
| collection | DOAJ |
| description | The personal information protection law (PIPL) of the People’s Republic of China served as an important legal framework for safeguarding personal information rights. It established clear regulations for personal information controllers in their activities involving the collecting, storing, using, and sharing of personal information. It also required that these controllers provide explanations within their privacy policies for the services they offered. This meant that any company providing services in China must first offer a privacy policy that complied with the requirements of the PIPL. Therefore, in order to analyze the compliance of privacy policies with respect to the PIPL, an intelligent method was presented for assessing privacy policy compliance based on a knowledge graph. First, a comprehensive analysis of the PIPL was conducted, and a multi-level privacy policy knowledge graph was proposed that covered concepts related to information protection that needed to be explained in privacy policies. Next, a semi-automated method was built for collecting privacy policies and collected the privacy policies of 400 Chinese Apps. 100 policies were cross-annotated based on the knowledge graph, resulting in the creation of the first Chinese privacy policy corpus tailored to the PIPL called APPCP-100 (APP-privacy-policy-corpus-for-PIPL-100). Using this corpus, a Chinese concept classifier model CPP-BERT was constructed to achieve efficient detection of privacy policy compliance. Finally, the knowledge graph was applied to conduct a comprehensive compliance analysis of privacy policies, and the results indicate that the current compliance of Chinese App privacy policies with the fine-grained concepts of the PIPL still needs improvement. |
| format | Article |
| id | doaj-art-0343b53eb9fe45fdad72ae916887a0d6 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-0343b53eb9fe45fdad72ae916887a0d62025-02-08T19:00:10ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-12-011015116380361782Privacy policy compliance detection and analysis based on knowledge graphZHANG XihengLI XinTANG PengHUANG RuiqiHE YuanQIU WeidongThe personal information protection law (PIPL) of the People’s Republic of China served as an important legal framework for safeguarding personal information rights. It established clear regulations for personal information controllers in their activities involving the collecting, storing, using, and sharing of personal information. It also required that these controllers provide explanations within their privacy policies for the services they offered. This meant that any company providing services in China must first offer a privacy policy that complied with the requirements of the PIPL. Therefore, in order to analyze the compliance of privacy policies with respect to the PIPL, an intelligent method was presented for assessing privacy policy compliance based on a knowledge graph. First, a comprehensive analysis of the PIPL was conducted, and a multi-level privacy policy knowledge graph was proposed that covered concepts related to information protection that needed to be explained in privacy policies. Next, a semi-automated method was built for collecting privacy policies and collected the privacy policies of 400 Chinese Apps. 100 policies were cross-annotated based on the knowledge graph, resulting in the creation of the first Chinese privacy policy corpus tailored to the PIPL called APPCP-100 (APP-privacy-policy-corpus-for-PIPL-100). Using this corpus, a Chinese concept classifier model CPP-BERT was constructed to achieve efficient detection of privacy policy compliance. Finally, the knowledge graph was applied to conduct a comprehensive compliance analysis of privacy policies, and the results indicate that the current compliance of Chinese App privacy policies with the fine-grained concepts of the PIPL still needs improvement.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024087personal information protection law of the People's Republic of Chinaprivacy policyprivacy protectioncompliance check |
| spellingShingle | ZHANG Xiheng LI Xin TANG Peng HUANG Ruiqi HE Yuan QIU Weidong Privacy policy compliance detection and analysis based on knowledge graph 网络与信息安全学报 personal information protection law of the People's Republic of China privacy policy privacy protection compliance check |
| title | Privacy policy compliance detection and analysis based on knowledge graph |
| title_full | Privacy policy compliance detection and analysis based on knowledge graph |
| title_fullStr | Privacy policy compliance detection and analysis based on knowledge graph |
| title_full_unstemmed | Privacy policy compliance detection and analysis based on knowledge graph |
| title_short | Privacy policy compliance detection and analysis based on knowledge graph |
| title_sort | privacy policy compliance detection and analysis based on knowledge graph |
| topic | personal information protection law of the People's Republic of China privacy policy privacy protection compliance check |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024087 |
| work_keys_str_mv | AT zhangxiheng privacypolicycompliancedetectionandanalysisbasedonknowledgegraph AT lixin privacypolicycompliancedetectionandanalysisbasedonknowledgegraph AT tangpeng privacypolicycompliancedetectionandanalysisbasedonknowledgegraph AT huangruiqi privacypolicycompliancedetectionandanalysisbasedonknowledgegraph AT heyuan privacypolicycompliancedetectionandanalysisbasedonknowledgegraph AT qiuweidong privacypolicycompliancedetectionandanalysisbasedonknowledgegraph |