Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset
share
Automated analysis of privacy policies has proved a fruitful research direction, with developments such as automated policy summarization, question answering systems, and compliance detection. So far, prior research has been limited to analysis of privacy policies from a single point in time or from short spans of time, as researchers did not have access to a large-scale, longitudinal, curated dataset. To address this gap, we developed a crawler that discovers, downloads, and extracts archived privacy policies from the Internet Archive's Wayback Machine. Using the crawler and natural language processing, we curated a dataset of 1,071,488 English language privacy policies, spanning over two decades and over 130,000 distinct websites. Our analyses of the data show how the privacy policy landscape has changed over time and how websites have reacted to the evolving legal landscape, such as the adoption of privacy seals and the impact of new regulations such as the GDPR. Our results suggest that privacy policies underreport the presence of tracking technologies and third parties. We find that, over the last twenty years, privacy policies have more than doubled in length and the median reading level, while already challenging, has increased modestly.
READ FULL TEXT