The number and dynamic nature of web and mobile applications presents significant challenges for assessing their compliance with data protection laws. In this context, symbolic and statistical Natural Language Processing (NLP) techniques have been employed for the automated analysis of these systems' privacy policies. However, these techniques typically require labor-intensive and potentially error-prone manually annotated datasets for training and validation. This research proposes the application of Large Language Models (LLMs) as an alternative for effectively and efficiently extracting privacy practices from privacy policies at scale. Particularly, we leverage well-known LLMs such as ChatGPT and Llama 2, and offer guidance on the optimal design of prompts, parameters, and models, incorporating advanced strategies such as few-shot learning. We further illustrate its capability to detect detailed and varied privacy practices accurately. Using several renowned datasets in the domain as a benchmark, our evaluation validates its exceptional performance, achieving an F1 score exceeding 93%. Besides, it does so with reduced costs, faster processing times, and fewer technical knowledge requirements. Consequently, we advocate for LLM-based solutions as a sound alternative to traditional NLP techniques for the automated analysis of privacy policies at scale.

翻译：网络和移动应用程序的数量众多且动态变化，给评估其是否符合数据保护法律带来了重大挑战。在此背景下，符号和统计自然语言处理（NLP）技术已被用于对这些系统的隐私政策进行自动化分析。然而，这些技术通常需要劳动密集型且可能容易出错的人工标注数据集进行训练和验证。本研究提出应用大型语言模型（LLMs）作为一种替代方案，以有效且高效地从隐私政策中规模化提取隐私实践。具体而言，我们利用诸如ChatGPT和Llama 2等知名LLMs，并就提示、参数和模型的最佳设计提供指导，其中融入了小样本学习等高级策略。我们进一步展示了其准确检测详细且多样隐私实践的能力。使用该领域内多个知名数据集作为基准，我们的评估验证了其卓越性能，F1分数超过93%。此外，该方法以更低的成本、更快的处理时间以及更少的技术知识要求实现了这一目标。因此，我们主张将基于LLM的解决方案作为传统NLP技术的一种可靠替代，用于隐私政策的规模化自动化分析。