CompAi: A Tool for GDPR Completeness Checking of Privacy Policies using Artificial Intelligence

Orlando Amaral Cejas, Sallam Abualhaija, Lionel C. Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We introduce CompAl - a tool for checking the completeness of privacy policies against the general data protection regulation (GDPR). CompAl facilitates the analysis of privacy policies to check their compliance to GDPR requirements. Since privacy policies serve as an agreement between a software system and its prospective users, the policy must fully capture such requirements to ensure that collected personal data of individuals (or users) remains protected as specified by the GDPR. For a given privacy policy, CompAl semantically analyzes its textual content against a comprehensive conceptual model which captures all information types that might appear in any policy. Based on this analysis, alongside some input from the end user, CompAl can determine the potential incompleteness violations in the input policy with an accuracy of ≈96%. CompAl generates a detailed report that can be easily reviewed and validated by experts. The source code of CompAl is publicly available on https://figshare.com/articles/online_resource/CompAI/23676069, and a demo of the tool is available on https://youtu.be/zwa_tM3fXHU.

Original languageEnglish
Title of host publicationProceedings - 2024 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
PublisherAssociation for Computing Machinery, Inc
Pages2366-2369
Number of pages4
ISBN (Electronic)9798400712487
DOIs
Publication statusPublished - 27 Oct 2024
Event39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024 - Sacramento, United States
Duration: 28 Oct 20241 Nov 2024

Publication series

NameProceedings - 2024 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024

Conference

Conference39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
Country/TerritoryUnited States
CitySacramento
Period28/10/241/11/24

Keywords

  • artificial intelligence (AI)
  • machine learning (ML)
  • natural language processing (NLP)
  • privacy
  • regulatory compliance
  • requirements engineering (RE)
  • the general data protection regulation (GDPR)

Fingerprint

Dive into the research topics of 'CompAi: A Tool for GDPR Completeness Checking of Privacy Policies using Artificial Intelligence'. Together they form a unique fingerprint.

Cite this