University-Developed Polisis App Tackles Cumbersome Privacy Policies

It is now easier to search through often-cumbersome corporate privacy policies thanks to natural language processing techniques applied by university researchers.

Professors at the University of Wisconsin, the University of Michigan and the Federal Institute of Technology at Lausanne, Switzerland, have announced their new artificial intelligence-guided app. It is called Polisis, which is an abbreviation for “privacy policy analysis.”

How does it work? “Polisis is a framework that allows for automated analysis of the privacy policies,” Kassem Fawaz, an assistant professor of engineering at the University of Wisconsin, told Legaltech News.

“In particular, it visualizes the different aspects of the policies as well as the data flows,” he explained.

For example, Polisis shows users which data are being collected, for what reasons, and what options the user has for controlling data collection. For third parties, it shows the type of information shared, the reasons for sharing, and the options users have to control the sharing.

Fawaz said, “It employs novel natural language processing techniques to automatically understand the content of privacy policies.”

Above all, it makes it easier to understand privacy policies, which Fawaz called “our ultimate objective.” He added, “In 2008, a study [by] McDonald and Cranor estimated that it would take the average user 201 hours to read all the privacy policies encountered in a year. Now, with the rise of Internet of Things and mobile systems, the user is more likely to spend more time to read the policy of each website, service, app and device with which they interact. The users simply cannot cope with the depth and breadth of privacy policies.

“By providing more intuitive interfaces that extract the relevant information from the policy, we can reduce the gap between users and the language of the privacy policies,” Fawaz said.

The tool helps users make decisions about privacy when interacting with online services. Surveys have found users care about privacy, and they “need usable privacy-enhancing tools for them to take actions. In our research, we aim to provide users with the tools that help them understand how their information is being collected and managed,” Fawaz said.

It can also benefit other stakeholders, including lawyers. Kang G. Shin, a professor at the University of Michigan and founding director of the Real-Time Computing Laboratory, added in an interview, “Polisis can help lawyers understand the underlying privacy policies quickly and easily, and also explain them to their clients with natural language without relying on legal jargon.”

The app can benefit consumers, too, by giving them a better interface so they can understand the privacy policies. “Instead of parsing pages of unclear text, consumers can view more intuitive visualizations to understand how their data is being collected, processed, managed, and shared,” Fawaz said.

“As a result, they will sign off things with good and correct understanding of the substance in the lengthy, fuzzified policy documents/statements,” Shin further explained. “As is, most consumers sign off [on] things without knowing/understanding the privacy implications in those documents.”

Fawaz also confirmed that Polisis does not restrict companies or businesses: “It only requires companies to provide a privacy policy, which they already do. Polisis automatically fetches the privacy policy from the company's website and processes it.”

A research prototype is available at pribot.org/polisis, and a research prototype for a chatbot that answers consumers questions about privacy policies is at pribot.org/bot.