Multifaceted Metrics for Assessing Privacy Policies Using Text Processing and Clustering Analysis

Abstract

AbstractToday's privacy policies contain various deficiencies, including failure to convey information comprehensibly to most Internet users and a lack of transparency. Meanwhile, existing studies on privacy policies only focused on specific areas of interest and lack an inclusive outlook on the state privacy policies due to the differences in privacy policy samples, text properties, measures, methodologies, and backgrounds. Therefore, this research develops an assessment metric to bridge this gap by integrating the fragmented understanding of privacy policies and exploring potential aspects to evaluate privacy policies absent from existing studies. The multifaceted assessment metric developed through this study covers three main aspects: content, text property, and user interface. Through the investigation and analyses performed on Malaysian organizations’ online privacy policies, this study reveals several trends using text processing and clustering analysis methods: (1) the use of jargon in privacy policies are relatively low, (2) privacy policies with higher compliance levels tend to be lengthier and more repetitive, and vice versa, (3) regardless of compliance level, there are privacy policies that are not presented in user-friendly font size. Finally, as an experiment of applying the developed metrics, the results confirm the relevance of the assessment metrics developed for assessing online privacy policies via text processing and clustering analysis.KeywordsPrivacy policy evaluationAssessment metricPrivacy policy complianceClustering analysisText processing