Artificial intelligence can help you protect your personal data

February 16, 2018, Ecole Polytechnique Federale de Lausanne
Artificial intelligence can help you protect your personal data
Credit: EPFL / Alain Herzog

It's a safe bet that some of the websites and apps you use collect and subsequently sell your personal data. But how can you know which ones? An EPFL researcher has led the development of a program that can answer that question in just a few seconds, thanks to artificial intelligence.

If you're like most people, you don't always take the time to read terms and conditions before accepting them. Not only are they extremely lengthy, they are also convoluted and written in opaque legalese. However, they can contain surprising clauses about a website's or app's right to use the data it collects about you, such as your IP address, your age and your online preferences. To help consumers get a better grasp of what they're agreeing to, a team of researchers from EPFL, the University of Wisconsin-Madison, and the University of Michigan have developed a program that uses to decipher websites' data policies in the blink of an eye. Called Polisis, short for privacy policy analysis, their program can be used free of charge either as a browser extension (for Chrome of Firefox) or directly on their website.

"Our program uses simple graphs and color codes to show users exactly how their data could be used. For instance, some websites share geolocation data for marketing purposes, while others may not fully protect information about children. Such clauses are typically buried deep in their data protection policies," says Hamza Harkous, a post-doc working at EPFL's Distributed Information Systems Laboratory and the project lead.

With a little help from machine learning

The researchers used artificial intelligence to teach their program how to pick apart websites' data protection policies, drawing on over 130,000 that they found online. Once the text of a policy is fed into the program, the software scours through it in just a few seconds and displays the results in easy-to-read visuals. That lets you see at a glance which data a website would be authorized to collect and for what purpose. You can then make an informed decision about whether to use the website, or, in the case of an app, download it. The program also indicates what options you have for refusing to share certain data and lists the potential disadvantages of each one.

Polisis works hand-in-hand with another program called Pribot, which is an online chatbot where you can enter questions (for now only in English) about a website's data protection policy. For example, you can type in "Does it share my ?" and get a speedy answer. While Pribot, like Polisis, is not perfect – their results are for information only and offer no legal guarantee – it gives the right answer in the top 3 in around 82% of the time. A respectable score that could make it, along with its sister Polisis, extremely useful for consumers as well as journalists, researchers and data protection watchdogs.

Credit: Ecole Polytechnique Federale de Lausanne

Giving consumers a choice

Going forward, the team's program could be used for other applications such as the Internet of Things. If you're thinking about installing a connected object in your home, then you want to make sure its data protection is rock-solid. "We want to show consumers that they have a choice by giving them the tools to evaluate a service and select an alternative if necessary," says Harkous. His next goals are to develop an alert system that would notify users of any unexpected use of their data, and to create a system for ranking services and connected objects according to their data protection policies.

Explore further: Fifth of websites 'lack privacy protection info'

More information: Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. arXiv:1802.02561 [cs.CL]

Related Stories

Nobody reads privacy policies – here's how to fix that

October 10, 2017

Have you ever actually read an app's privacy policy before clicking to accept the terms? What about reading the privacy policy for the website you visit most often? Have you ever read or even noticed the privacy policy posted ...

German court finds Facebook oversharing user data

February 12, 2018

A German court has found Facebook is breaching data protection rules with privacy settings that over-share by default and by requiring users to give real names, a consumer rights organisation said Monday.

Web-based services that store too much personal data

June 19, 2015

Photos, videos, PDF documents and location data: the permissions requested by some apps give them access to more information than users are aware of. EPFL researchers have come up with a tool to better follow and manage these ...

Recommended for you

1 in 3 Michigan workers tested opened fake 'phishing' email

March 16, 2018

Michigan auditors who conducted a fake "phishing" attack on 5,000 randomly selected state employees said Friday that nearly one-third opened the email, a quarter clicked on the link and almost one-fifth entered their user ...

World's biggest battery in Australia to trump Musk's

March 16, 2018

British billionaire businessman Sanjeev Gupta will built the world's biggest battery in South Australia, officials said Friday, overtaking US star entrepreneur Elon Musk's project in the same state last year.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.