Abstract
In the present article, the authors investigate to what extent supervised binary classification can be used to distinguish between legitimate and rogue privacy policies posted on web pages. 15 classification algorithms are evaluated using a data set that consists of 100 privacy policies from legitimate websites (belonging to companies that top the Fortune Global 500 list) as well as 67 policies from rogue websites. A manual analysis of all policy content was performed and clear statistical differences in terms of both length and adherence to seven general privacy principles are found. Privacy policies from legitimate companies have a 98% adherence to the seven privacy principles, which is significantly higher than the 45% associated with rogue companies. Out of the 15 evaluated classification algorithms, Naïve Bayes Multinomial is the most suitable candidate to solve the problem at hand. Its models show the best performance, with an AUC measure of 0.90 (0.08), which outperforms most of the other candidates in the statistical tests used.
| Original language | English |
|---|---|
| Pages (from-to) | 47-66 |
| Number of pages | 20 |
| Journal | International Journal of Information Security and Privacy |
| Volume | 13 |
| Issue number | 2 |
| DOIs | |
| Publication status | Published - 1 Apr 2019 |
| Externally published | Yes |
Keywords
- Classification
- Classification algorithms
- Information security
- Machine learning
- Privacy policies
- Privacy policy data set