Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset [article]

Ryan Amos, Gunes Acar, Elena Lucherini, Mihir Kshirsagar, Arvind Narayanan, Jonathan Mayer
2020 arXiv   pre-print
Automated analysis of privacy policies has proved a fruitful research direction, with developments such as automated policy summarization, question answering systems, and compliance detection. So far, prior research has been limited to analysis of privacy policies from a single point in time or from short spans of time, as researchers did not have access to a large-scale, longitudinal, curated dataset. To address this gap, we developed a crawler that discovers, downloads, and extracts archived
more » ... rivacy policies from the Internet Archive's Wayback Machine. Using the crawler and natural language processing, we curated a dataset of 1,071,488 English language privacy policies, spanning over two decades and over 130,000 distinct websites. Our analyses of the data show how the privacy policy landscape has changed over time and how websites have reacted to the evolving legal landscape, such as the adoption of privacy seals and the impact of new regulations such as the GDPR. Our results suggest that privacy policies underreport the presence of tracking technologies and third parties. We find that, over the last twenty years, privacy policies have more than doubled in length and the median reading level, while already challenging, has increased modestly.
arXiv:2008.09159v2 fatcat:oevueqefcreojazb3qbz2rtnje