PrivacyLens: A Framework to Collect and Analyze the Landscape of Past, Present, and Future Smart Device Privacy Policies





Citation of Original Publication


This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)



As the adoption of smart devices continues to permeate all aspects of our lives, concerns surrounding user privacy have become more pertinent than ever before. While privacy policies define the data management practices of their manufacturers, previous work has shown that they are rarely read and understood by users. Hence, automatic analysis of privacy policies has been shown to help provide users with appropriate insights. Previous research has extensively analyzed privacy policies of websites, e-commerce, and mobile applications, but privacy policies of smart devices, present some differences and specific challenges such as the difficulty to find and collect them. We present PrivacyLens, a novel framework for discovering and collecting past, present, and future smart device privacy policies and harnessing NLP and ML algorithms to analyze them. PrivacyLens is currently deployed, collecting, analyzing, and publishing insights about privacy policies to assist different stakeholders of smart devices, such as users, policy authors, and regulators. We show several examples of analytical tasks enabled by PrivacyLens, including comparisons of devices per type and manufacturing country, categorization of privacy policies, and impact of data regulations on data practices. At the time of submitting this paper, PrivacyLens had collected and analyzed more than 1,200 privacy policies for 7,300 smart devices.