Abstract
Show Abstract
A thriving field of research develops Privacy Enhancing Technologies (PET) that utilize a variety of machine learning, natural language processing, and crowd sourcing methods to automatically summarize long and hard-to-read online privacy policies. Very few researchers, however, have looked at how and why users actually run these PET tools. We present the first work to investigate the usage patterns of such tools to identify what features of a privacy policy make users interested in running PETs. We consider PrivacyCheck and Polisis, two well-known PET tools available as browser extensions. After collecting the privacy policies on which a PET tool is executed, we perform null hypothesis test-ing to see if there is a statistically significant difference between the readability, length, and category of the privacy policies of interest to PET users and a control group of 68K+ policies from the websites of the DMOZ project. We report the following findings: (1) In 20221, at least 16 years of education are required to understand an average privacy policy in the control group, which has an average length of over 2K words. (2) We observe no statistically significant difference between the read-ability or length of the policies in the control group and those on which PET tools are executed. (3) Users are keen on running PET tools on privacy policies that be-long to particular categories. Most notably, privacy polifcies of the Games websites were almost four times, and those from Computers, and Kids and Teens websites were more than three times more likely to be investigated with PET tools, compared to the control group. Our work motivates and guides the flourishing field of PET tools and enlightens privacy policy users, writers, and regulators alike.
Access Publication: Download PDF of Report
Downloads
/sites/default/files/2021-08/What%20Makes%20a%20Privacy%20Policy%20Need%20Automatic%20Summarization%3F.pdf
Display Title