The personal information protection law(PIPL)of the People's Republic of China served as an impor-tant legal framework for safeguarding personal information rights.It established clear regulations for personal infor-mation controllers in their activities involving the collecting,storing,using,and sharing of personal information.It also required that these controllers provide explanations within their privacy policies for the services they offered.This meant that any company providing services in China must first offer a privacy policy that complied with the re-quirements of the PIPL.Therefore,in order to analyze the compliance of privacy policies with respect to the PIPL,an intelligent method was presented for assessing privacy policy compliance based on a knowledge graph.First,a comprehensive analysis of the PIPL was conducted,and a multi-level privacy policy knowledge graph was pro-posed that covered concepts related to information protection that needed to be explained in privacy policies.Next,a semi-automated method was built for collecting privacy policies and collected the privacy policies of 400 Chinese Apps.100 policies were cross-annotated based on the knowledge graph,resulting in the creation of the first Chi-nese privacy policy corpus tailored to the PIPL called APPCP-100(APP-privacy-policy-corpus-for-PIPL-100).Us-ing this corpus,a Chinese concept classifier model CPP-BERT was constructed to achieve efficient detection of pri-vacy policy compliance.Finally,the knowledge graph was applied to conduct a comprehensive compliance analysis of privacy policies,and the results indicate that the current compliance of Chinese App privacy policies with the fine-grained concepts of the PIPL still needs improvement.
关键词
中华人民共和国个人信息保护法/隐私政策/隐私保护/合规性检测
Key words
personal information protection law of the People's Republic of China/privacy policy/privacy protec-tion/compliance check
维普
万方数据