A BERT Based Approach to Measure Web Services Policies Compliance With GDPR

Thumbnail Image

Files

A_BERT_Based_Approach_to_Measure_Web_Services_Policies_Compliance_With_GDPR.pdf (1.52 MB)

Links to Files

https://ieeexplore.ieee.org/document/9592800

Permanent Link

http://hdl.handle.net/11603/23571
 https://doi.org/10.1109/ACCESS.2021.3123950

Collections

UMBC Information Systems Department
UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-8881-3369
 https://orcid.org/0000-0002-3663-9231
 https://orcid.org/0000-0002-6354-1686
 https://orcid.org/0000-0002-6593-1792
 https://orcid.org/0000-0002-8641-3193

Date

2021-10-28

Type of Work

journal articles
Text

Department

Program

Citation of Original Publication

L. Elluri, S. S. L. Chukkapalli, K. P. Joshi, T. Finin and A. Joshi, "A BERT Based Approach to Measure Web Services Policies Compliance With GDPR," in IEEE Access, vol. 9, pp. 148004-148016, 2021, doi: 10.1109/ACCESS.2021.3123950.

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution 4.0 International (CC BY 4.0)

Subjects

UMBC Ebiquity Research Group

Abstract

Data confidentiality is an issue of increasing importance. Several authorities and regulatory bodies are creating new laws that control how web services data is handled and shared. With the rapid increase of such regulations, web service providers face challenges in complying with these evolving regulations across jurisdictions. Providers must update their service policies regularly to address the new regulations. The challenge is that regulatory documents are large text documents and require substantial human effort to comprehend and enforce. On the other hand, web service provider privacy policies are relatively short compared to the regulatory texts, so it is hard to determine if an organization's policy document addresses the regulation's essential elements. We have developed a framework to automatically compare web service policies with regulatory policies to measure how closely the web service provider complies with a regulation. In this paper, we present our framework's details along with the results of analyzing a corpus of 3,000 privacy policies against GDPR. Our framework uses BiLSTM multi-class classification and a BERT extractive summarizer. We evaluate the framework's efficacy by checking the context similarity score between summarized GDPR and web service provider privacy policies.