Authors:
Nolan Zhang
1
;
Peter Bodorik
1
and
Dawn Jutla
2
Affiliations:
1
Faculty of Computer Science, Dalhousie University, Canada
;
2
Sobey School of Business, Saint Mary’s University, Canada
Keyword(s):
Privacy Technologies, Platform for Privacy Preferences (P3P), P3P Agent, P3P Privacy Policy, Natural Language Privacy Policy, Compliance of Privacy Policy with Legal Requirements, Classification of Privacy Policy, Support Vector Machine, Decision Tree Analysis, Principal Components Analysis.
Related
Ontology
Subjects/Areas/Topics:
Adoption of Standards and Protocols for e-Business Applications
;
Applications
;
Artificial Intelligence
;
Business and Social Applications
;
Collaboration and e-Services
;
e-Business
;
Enterprise Information Systems
;
Knowledge Engineering and Ontology Development
;
Knowledge-Based Systems
;
Semantic Web
;
Soft Computing
;
Symbolic Systems
;
Trust and Privacy Issues in Social Networks
Abstract:
The W3C’s Platform for Privacy Preferences (P3P) is a set of standards that provides for representation of web-sites’ privacy policies using XML so that a privacy policy can be automatically retrieved and inspected by a user’s agent. The agent can compare the site’s policy with the user’s preferences on collection and use of his/her private data. If the site’s privacy policy is incompatible with the user’s preferences, the agent informs the user on the privacy policy’s shortcomings. The P3P specification defines XML tags, schema for data, set of uses, recipients, and other disclosures for expressing web-sites’ privacy policies. It is important for the user’s agent to determine whether the site’s privacy policy actually satisfies privacy regulations that are applicable to the user’s current transaction. We show that the P3P specification is not sufficiently expressive to capture all of the legal requirements that may apply to a transaction. Consequently, to determine whether or not a
site’s privacy policy satisfies the requirements of a particular law in question, the site’s privacy policy expressed in the natural language must also be retrieved and examined. To determine which legal requirements of a particular law are satisfied by the site’s P3P privacy policy, which is an XML document, we examine the document’s XML tags - a relatively straight-forward task. To determine whether legal requirements, which cannot be satisfied by using P3P XML tags, are present in the site’s privacy policy expressed in the natural language, we use standard classification algorithms. As a proof of concept, we apply our approach to the Canadian PIPEDA privacy law and show up to 88% accuracy in identifying the legal privacy clauses concerning the Safeguard principle in privacy statements.
(More)