A BERT-based Empirical Study of Privacy Policies' Compliance with GDPR

TL;DR

This paper uses a BERT-based model to empirically analyze GDPR compliance and readability of privacy policies from 70 5G network providers, revealing significant challenges in policy clarity and adherence.

Contribution

It introduces an automated BERT-based classification approach for GDPR compliance analysis and provides empirical insights into privacy policy readability for 5G networks.

Findings

51% of companies show strong GDPR adherence

Majority of policies are difficult to read

Need for improved privacy policy clarity

Abstract

Since its implementation in May 2018, the General Data Protection Regulation (GDPR) has prompted businesses to revisit and revise their data handling practices to ensure compliance. The privacy policy, which serves as the primary means of informing users about their privacy rights and the data practices of companies, has been significantly updated by numerous businesses post-GDPR implementation. However, many privacy policies remain packed with technical jargon, lengthy explanations, and vague descriptions of data practices and user rights. This makes it a challenging task for users and regulatory authorities to manually verify the GDPR compliance of these privacy policies. In this study, we aim to address the challenge of compliance analysis between GDPR (Article 13) and privacy policies for 5G networks. We manually collected privacy policies from almost 70 different 5G MNOs, and we utilized an automated BERT-based model for classification. We show that an encouraging 51$\%$ of companies demonstrate a strong adherence to GDPR. In addition, we present the first study that provides current empirical evidence on the readability of privacy policies for 5G network. we adopted readability analysis toolset that incorporates various established readability metrics. The findings empirically show that the readability of the majority of current privacy policies remains a significant challenge. Hence, 5G providers need to invest considerable effort into revising these documents to enhance both their utility and the overall user experience.