UNIVERSITY PARK, Pa. — Thirty-one researchers from 10 countries spent five days in a historic castle discussing the challenges and opportunities involving research on privacy documents, including privacy policies, terms of use, cookie policies, and other data practices. Shomir Wilson, associate professor in the Penn State College of Information Sciences and Technology (IST), was the lead organizer of the event, held Jan. 5-10 at the Schloss Dagstuhl – Leibniz Center for Informatics in Germany.
“We gathered researchers from privacy, natural language processing, human-computer interaction, public policy and law to identify and characterize key challenges and collaboratively develop a roadmap for making progress in the area of privacy documents research,” Wilson said. “The seminar provided a platform for the interdisciplinary discovery of shared goals and possible solutions.”
According to Wilson, privacy documents currently fail to fulfill the needs of stakeholders in our information society. For example, privacy policies that disclose how organizations collect, analyze, share and secure their online users’ personal data are often the only source of information regarding what happens to that information, and the availability of the policies — and the ability of users to understand them — is key to ensuring individuals can make informed decisions about their personal information.
“Many internet users have concerns about their privacy, but most lack the time, knowledge and other resources to understand these documents,” Wilson said. “This leaves them underinformed and compromising notice and choice.”
The needs of other stakeholders — including researchers, policymakers and privacy practitioners — are similarly stymied, according to Wilson.
“Although a growing body of research is devoted to analyzing, reconstituting or otherwise using these documents to satisfy stakeholders’ needs, broader interdisciplinary efforts are needed,” he said.
Attendees of the retreat discussed the challenges they face in their privacy documents research, including:
- Deciding what privacy documents to analyze
- Addressing the lack of rigid standards for where to post a privacy policy and how to parse its text
- Exploring policy analysis methods, ranging from hand-labeling small quantities of documents to text classification using large language models
- Lack of a dedicated research community and publication outlets for privacy policy analysis
- Lack of a way to discover tools for working with privacy documents
Wilson worked with Florian Schaub, associate professor of information at the University of Michigan, and Christine Utz, assistant professor in the digital security group at Raboud University in the Netherlands, to organize the retreat.
The Schloss Dagstuhl – Leibniz Center for Informatics hosted the event and will publish the resulting roadmap as a technical report this summer.
“Dagstuhl is also the name of the historic castle that the retreat was held in, and participants had their meals and lodging in the castle,” Wilson said.
Constructed in 1760, the castle was purchased by German state governments to establish the International Conference and Research Center for Computer Science. The first seminar took place in August 1990 and prepared the way for the rapid growth of the center’s international renown, according to the Dagstuhl website.