PolicyGPT: Automated Analysis of Privacy Policies with Large Language Models
read the original abstract
Privacy policies serve as the primary conduit through which online service providers inform users about their data collection and usage procedures. However, in a bid to be comprehensive and mitigate legal risks, these policy documents are often quite verbose. In practical use, users tend to click the Agree button directly rather than reading them carefully. This practice exposes users to risks of privacy leakage and legal issues. Recently, the advent of Large Language Models (LLM) such as ChatGPT and GPT-4 has opened new possibilities for text analysis, especially for lengthy documents like privacy policies. In this study, we investigate a privacy policy text analysis framework PolicyGPT based on the LLM. This framework was tested using two datasets. The first dataset comprises of privacy policies from 115 websites, which were meticulously annotated by legal experts, categorizing each segment into one of 10 classes. The second dataset consists of privacy policies from 304 popular mobile applications, with each sentence manually annotated and classified into one of another 10 categories. Under zero-shot learning conditions, PolicyGPT demonstrated robust performance. For the first dataset, it achieved an accuracy rate of 97%, while for the second dataset, it attained an 87% accuracy rate, surpassing that of the baseline machine learning and neural network models.
This paper has not been read by Pith yet.
Forward citations
Cited by 4 Pith papers
-
APPSI-139: A Parallel Corpus of English Application Privacy Policy Summarization and Interpretation
APPSI-139 supplies a high-quality parallel corpus of privacy policies with expert summaries and labels, paired with TCSI-pp-V2, a hybrid framework that outperforms GPT-4o and LLaMA-3-70B on readability and reliability.
-
PrivacyAkinator: Articulating Key Privacy Design Decisions by Answering LLM-Generated Multiple-choice Questions
PrivacyAkinator uses LLM-generated questions grounded in data-flow representations and a news-mined design space to help developers surface privacy decisions, yielding 47% more decisions identified in 73% less time th...
-
PrivSTRUCT: Untangling Data Purpose Compliance of Privacy Policies in Google Play Store
PrivSTRUCT extracts more than twice as many data-purpose pairs from privacy policies as prior tools by respecting document structure and finds developers overstate purposes 20.4% more often with global disclosures tha...
-
Customized Generative AI Agent for Transportation Engineering Practice: A Development and Continued Pre-training Guideline
A framework is described for adapting six LLMs to transportation engineering via LoRA-based continued pretraining on domain documents, with two models showing strongest results on BLEU-4 and ROUGE metrics.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.