Go to DBLP homepagei-Right: Identifying and Classifying GDPR User Rights in Fitness Tracker and Smart Home Privacy Policies
Abstract: Regulations and laws, such as the EU GDPR, require service providers to inform the users about their data collection and processing practices. The existing method used for the portrayal of the rights and responsibilities of both the user and the service provider in terms of data collection, processing and sharing, are the privacy policies, that depict the practices that an organization or company follows when handling the personal data of its users. In this work, we introduce an automated approach, i-Right that classifies the text of privacy policies from the domains of fitness trackers and smart homes, extracting information regarding the eight GDPR user rights present (e.g. Right to Object). Our results show that i-Right achieves classification of the text with high accuracy. The proposed approach could provide a valuable tool for users to understand how their personal data is handled by service providers and to comprehend the possible risks from using their devices. A side contribution of our work is the creation of a labelled dataset of 133 privacy policies to assist the above process.
Loading