Detecting privacy compliance of mobile applications from the perspective of the"minimum necessary"principle
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
国家科技期刊平台
NETL
NSTL
万方数据
为了满足法律法规对个人数据隐私保护的要求,移动应用程序开发商常以隐私政策的形式向用户披露其对用户个人数据的收集行为.如何精准理解这些冗长且复杂的法律文件,研究人员提出了一系列基于自然语言处理(natural language processing,NLP)的方法分析隐私政策文本并进行合规性检测.然而,目前的研究大多针对的是"透明、公开、合法"等原则,对"最小必要"原则进行检测的研究尚存在空白.为此,提出了一种基于数据收集的"最小必要"原则视角对应用程序进行自动化合规性检测方法MNPD(minimum necessary principle detection).通过多标签文本分类模型对待测App进行服务类型上的分类,确定不同类别App的"最小必要"信息范围;构造提示词指导大语言模型从隐私政策文本中提取出该App在基本业务功能模式下的数据收集行为,转化为隐私声明三元组并进行规范化;最后,通过合规性检测模型对待测App进行文本表述上的一致性检测以及"最小必要"原则检测.实验结果表明,所提方法对华为应用市场获取的101个"在线影音类"App自动化分析结果达到了86.20%的F1分数.
To comply with legal requirements for personal data privacy protection,mobile App developers typically disclose their data collection practices to users through privacy policies.Researchers have proposed various meth-ods using natural language processing(NLP)techniques to analyze privacy policy texts and perform compliance checks.However,most existing studies focus on principles like transparency,openness,and legality,leaving a gap in the evaluation of the'minimum necessary'principle.For this purpose,a framework called MNPD(minimum necessary principle detection)was proposed for automated compliance checking of applications from the perspec-tive of the'minimum necessary'principle.Initially,a multi-label text classification model categorized the target App based on its service type to determine the range of'minimum necessary information'for different App catego-ries.Then,prompt words were constructed to guide the large language model in extracting data collection practices of the App under its basic business functionality mode,transforming them into privacy statement triples and stan-dardizing them.Finally,the compliance checking model conducted consistency checks on the text representation of the target App and evaluated its adherence to the'minimum necessary'principle.The experimental results show that the proposed method achieves 86.20%F1 score in the automated analysis of 101'Online Audio-Visual'Apps obtained from Huawei's application market.
Appprivacy policylarge language modelminimum necessary principle
国家科技期刊平台
NSTL
万方数据
