Software applications are designed to assist users in conducting a wide range of tasks or interactions. They have become prevalent and play an integral part in people's lives in this digital era. To use those software applications, users are sometimes requested to provide their personal information. As privacy has become a significant concern and many data protection regulations exist worldwide, software applications must provide users with a privacy policy detailing how their personal information is collected and processed. We propose an approach that generates a comprehensive and compliant privacy policy with respect to the General Data Protection Regulation (GDPR) for diverse software applications. To support this, we first built a library of privacy clauses based on existing privacy policy analysis. We then developed an interactive rule-based system that prompts software developers with a series of questions and uses their answers to generate a customised privacy policy for a given software application. We evaluated privacy policies generated by our approach in terms of readability, completeness and coverage and compared them to privacy policies generated by three existing privacy policy generators and a Generative AI-based tool. Our evaluation results show that the privacy policy generated by our approach is the most complete and comprehensive.
翻译:软件应用旨在协助用户执行广泛的任务或交互。在数字时代,这些应用已变得无处不在,并在人们的生活中扮演着不可或缺的角色。为使用这些软件应用,用户有时需要提供个人信息。随着隐私问题日益受到重视,全球范围内存在诸多数据保护法规,软件应用必须向用户提供隐私政策,详细说明其个人信息如何被收集和处理。本文提出一种方法,可为多样化的软件应用生成全面且符合《通用数据保护条例》(GDPR)的隐私政策。为此,我们首先基于现有隐私政策分析构建了隐私条款库。随后开发了一套基于规则的交互式系统,通过向软件开发人员提出一系列问题,并利用其回答为特定软件应用生成定制化的隐私政策。我们从可读性、完整性和覆盖范围三个维度评估了本方法生成的隐私政策,并与三种现有隐私政策生成工具及一种基于生成式人工智能的工具进行了比较。评估结果表明,本方法生成的隐私政策在完整性和全面性方面表现最优。