It's a safe bet that some of the websites and apps you use collect and subsequently sell your personal data. But how can you know which ones? An EPFL researcher has led the development of a program that can answer that question in just a few seconds, thanks to artificial intelligence.
"Our program uses simple graphs and color codes to show users exactly how their data could be used. For instance, some websites share geolocation data for marketing purposes, while others may not fully protect information about children. Such clauses are typically buried deep in their data protection policies," says Hamza Harkous, a post-doc working at EPFL's Distributed Information Systems Laboratory and the project lead.
With a little help from machine learning
The researchers used artificial intelligence to teach their program how to pick apart websites' data protection policies, drawing on over 130,000 that they found online. Once the text of a policy is fed into the program, the software scours through it in just a few seconds and displays the results in easy-to-read visuals. That lets you see at a glance which data a website would be authorized to collect and for what purpose. You can then make an informed decision about whether to use the website, or, in the case of an app, download it. The program also indicates what options you have for refusing to share certain data and lists the potential disadvantages of each one.
Polisis works hand-in-hand with another program called Pribot, which is an online chatbot where you can enter questions (for now only in English) about a website's data protection policy. For example, you can type in "Does it share my credit card information?" and get a speedy answer. While Pribot, like Polisis, is not perfect – their results are for information only and offer no legal guarantee – it gives the right answer in the top 3 in around 82% of the time. A respectable score that could make it, along with its sister Polisis, extremely useful for consumers as well as journalists, researchers and data protection watchdogs.
Giving consumers a choice
Going forward, the team's program could be used for other applications such as the Internet of Things. If you're thinking about installing a connected object in your home, then you want to make sure its data protection policy is rock-solid. "We want to show consumers that they have a choice by giving them the tools to evaluate a service and select an alternative if necessary," says Harkous. His next goals are to develop an alert system that would notify users of any unexpected use of their data, and to create a system for ranking services and connected objects according to their data protection policies.
Explore further: Fifth of websites 'lack privacy protection info'
Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. arXiv:1802.02561 [cs.CL] arxiv.org/abs/1802.02561