TLDR: Deep Learning-Based Automated Privacy Policy Annotation with Key Policy Highlights

Abstract

Privacy policies are the primary channel where service providers inform users about their data collection and use practices. However, privacy policies are often long and lack any specific structure. The average user struggles to understand their contents and usually skips them, regardless of their importance. Moreover, privacy policies may lack information on critical practices used by the service providers, such as data collection, use disclosure, tracking, and access. We tackle these challenges by introducing TLDR, a machine learning-based automated ensemble of privacy policy classifiers, for (i) categorizing the content into nine privacy policy categories with high performance and (ii) detecting missing information in the privacy policies. Towards addressing the length of the privacy policies, TLDR labels each paragraph in a policy by its content class, which enables users to focus on paragraphs of interest, such as paragraphs with information regarding data collection or tracking practices used by the service operators. TLDR reduces the average reading time by 39.14% by reducing the presented information to users. This process results in an increased understanding of the privacy policies by 18.84%. TLDR reduces the number of paragraphs and words required to be read by the user. This, in turn, reduces the required efforts to understand the service operator's practices.