Analyzing GDPR compliance in Cloud Services' privacy policies using Textual Fuzzy Interpretive Structural Modeling (TFISM)

Thumbnail Image

Files

1103.pdf (765.78 KB)

Links to Files

https://ieeexplore.ieee.org/document/9592430

Permanent Link

http://hdl.handle.net/11603/22330
 https://doi.org/10.1109/SCC53864.2021.00021

Collections

UMBC Information Systems Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-6354-1686

Date

2021-09-06

Type of Work

conference papers and proceedings
preprints
Text

Department

Program

Citation of Original Publication

R. Razavisousan and K. P. Joshi, "Analyzing GDPR compliance in Cloud Services' privacy policies using Textual Fuzzy Interpretive Structural Modeling (TFISM)," 2021 IEEE International Conference on Services Computing (SCC), 2021, pp. 89-98, doi: 10.1109/SCC53864.2021.00021.

Rights

© 2021 IEEE.  Personal use of this material is permitted.  Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Subjects

UMBC Ebiquity Research Group

Abstract

Cloud Service providers must comply with data protection regulations, like European Union (EU) General Data Protection Regulation (GDPR), to ensure their users' personal data security and privacy. Hence, the service privacy policies and terms of service documents refer to the rules it complies with within the data protection regulation. However, these documents contain legalese jargon that requires significant manual effort to parse and confirm compliance. We have developed a novel methodology, Textual Fuzzy Interpretive Structural Modeling (TFISM), that automatically analyzes large textual datasets to identify driving and dependent factors in the dataset. TFISM enhances Interpretive Structural Modeling (ISM) to analyze textual data and integrate it with Artificial Intelligence and Text extraction techniques. Using TFISM, we identified the critical factors in GDPR and compared them with various Cloud Service privacy policies. In this paper, we present the results of this study that identified how different factors are emphasized in GDPR and 224 publicly available service privacy policies. TFISM can be used both by service providers and consumers to automatically analyze how close a service privacy policy aligns with the GDPR.