Corpus of Privacy Policies for Web Services and Internet of Things Devices for Analyzing the Awareness of Personal Data Subjects

• Published in: Informatika i avtomatizaciâ (Online) Vol. 24; no. 1; pp. 163 - 192
• Main Authors: Kuznetsov, Mikhail, Novikova, Evgenia
• Format: Journal Article
• Language: English
• Published: 20.01.2025
• ISSN: 2713-3192; 2713-3206
• DOI: 10.15622/ia.24.1.7

Information about what personal data is collected and processed by various devices and digital services is presented in privacy policies, however, as studies show, users rarely read them and, as a result, do not realize which data security risks associated with the processing of personal data arise. The solution to the problem of increasing the awareness of personal data subjects is associated with the development of decision support methods that present privacy policies in a form that is easier to understand, for example, in the form of quantitative risk assessments and pictograms. Their development requires a structured and marked-up corpus of documents. This paper systematizes the corpora of privacy policies that are in open access and shows their distinctive characteristics, such as the year of creation, volume and presence of annotations. A description of a new corpus of documents written in Russian is also presented, the results of a structural and semantic analysis of the collected security policies are given, and a comparison with the corpus of privacy policies written in English is made. It has been shown that the description of scenarios for storing, collecting and processing data in documents in Russian accounts for only 25% of the volume of the document text, which may indicate a lack of details about what types of data are collected, what mechanisms are used for collection, and what are the storage periods, which affects the “transparency” of the use of personal data.