{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,27]],"date-time":"2024-03-27T08:28:19Z","timestamp":1711528099963},"reference-count":42,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,4,1]]},"abstract":"<p>In the present article, the authors investigate to what extent supervised binary classification can be used to distinguish between legitimate and rogue privacy policies posted on web pages. 15 classification algorithms are evaluated using a data set that consists of 100 privacy policies from legitimate websites (belonging to companies that top the Fortune Global 500 list) as well as 67 policies from rogue websites. A manual analysis of all policy content was performed and clear statistical differences in terms of both length and adherence to seven general privacy principles are found. Privacy policies from legitimate companies have a 98% adherence to the seven privacy principles, which is significantly higher than the 45% associated with rogue companies. Out of the 15 evaluated classification algorithms, Na\u00efve Bayes Multinomial is the most suitable candidate to solve the problem at hand. Its models show the best performance, with an AUC measure of 0.90 (0.08), which outperforms most of the other candidates in the statistical tests used.<\/p>","DOI":"10.4018\/ijisp.2019040104","type":"journal-article","created":{"date-parts":[[2019,4,4]],"date-time":"2019-04-04T14:06:54Z","timestamp":1554386814000},"page":"47-66","source":"Crossref","is-referenced-by-count":3,"title":["Analysis and Text Classification of Privacy Policies From Rogue and Top-100 Fortune Global Companies"],"prefix":"10.4018","volume":"13","author":[{"given":"Martin","family":"Boldt","sequence":"first","affiliation":[{"name":"Blekinge Institute of Technology, Karlskrona, Sweden"}]},{"given":"Kaavya","family":"Rekanar","sequence":"additional","affiliation":[{"name":"Blekinge Institute of Technology, Karlskrona, Sweden"}]}],"member":"2432","reference":[{"key":"IJISP.2019040104-0","author":"W.Ammar","year":"2012","journal-title":"Automatic Categorization of Privacy Policies:A Pilot Study"},{"key":"IJISP.2019040104-1","doi-asserted-by":"crossref","unstructured":"Breaux, T. D., & Schaub, F. (2014). Scaling requirements extraction to the crowd: Experiments with privacy policies. In Proceedings of the 22nd Requirements Engineering Conference (pp. 163-173). Karlskrona.","DOI":"10.1109\/RE.2014.6912258"},{"key":"IJISP.2019040104-2","author":"J.Cohen","year":"1988","journal-title":"Statistical power analysis for the behavioral sciences"},{"key":"IJISP.2019040104-3","unstructured":"Cohen, W. W. (1996). Learning Rules that Classify E-Mail. In Proceedings of the 1996 AAAI Spring Symposium on Machine Learning and Information Access (pp. 18-25)."},{"key":"IJISP.2019040104-4","doi-asserted-by":"publisher","DOI":"10.1145\/2381966.2381979"},{"key":"IJISP.2019040104-5","unstructured":"Cranor, L. F. (2002). Web privacy with P3P - the platform for privacy preferences. Sebastopol, CA: O'Reilly."},{"key":"IJISP.2019040104-6","unstructured":"Cranor, L. F. (2012). Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunication and High Technology Law, 10(2), 273-307."},{"key":"IJISP.2019040104-7","unstructured":"Cranor, L. F., McDonald, A. M., Egelman, S., & Sheng, S. (2006). Privacy Policy Trends Report. Carnegie Mellon CyLab Privacy Interest Group. Retrieved from http:\/\/www.chariotsfire.com\/pub\/cpig-jan2007.pdf"},{"key":"IJISP.2019040104-8","unstructured":"Dale, E., & Chall, J. (1948). A Formula for Predicting Readability. Educational Research Bulletin, 27(1), 11-20, 28."},{"issue":"12","key":"IJISP.2019040104-9","first-page":"1","article-title":"Statistical Comparisons of Classifiers over Multiple Data Sets.","volume":"7","author":"J.Demsar","year":"2006","journal-title":"Journal of Machine Learning Research"},{"key":"IJISP.2019040104-10","doi-asserted-by":"publisher","DOI":"10.1109\/72.788645"},{"key":"IJISP.2019040104-11","unstructured":"European Commission. (2009). The EU-U.S. Privacy Shield - European Commission. Retrieved from http:\/\/ec.europa.eu\/justice\/data-protection\/international-transfers\/eu-us-privacy-shield\/index_en.htm"},{"key":"IJISP.2019040104-12","unstructured":"European Commission. (2012). Reform of EU data protection rules - European Commission. Retrieved from http:\/\/ec.europa.eu\/justice\/data-protection\/reform\/index_en.htm"},{"key":"IJISP.2019040104-13","unstructured":"Fawcett, T. (2003). ROC graphs - notes and practical considerations for data mining researchers. Palo Alto, CA: Intelligent enterprise technologies laboratories."},{"key":"IJISP.2019040104-14","unstructured":"Federal Trade Commission. (1983). FTC Policy Statement on Deception. Retrieved from http:\/\/www.ftc.gov\/bcp\/policystmt\/ad-decept.html"},{"key":"IJISP.2019040104-15","unstructured":"Federal Trade Commission. (2016). Privacy Initiatives. Retrieved from http:\/\/www.ftc.gov\/privacy\/"},{"key":"IJISP.2019040104-16","author":"R. S.Feldman","year":"2007","journal-title":"The text mining handbook"},{"key":"IJISP.2019040104-17","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511973000"},{"key":"IJISP.2019040104-18","doi-asserted-by":"publisher","DOI":"10.1037\/h0057532"},{"issue":"4","key":"IJISP.2019040104-19","first-page":"1","article-title":"True and Quasi Experimental Designs.","volume":"15","author":"B.Gribbons","year":"1997","journal-title":"Practical Assessment, Research & Evaluation"},{"key":"IJISP.2019040104-20","unstructured":"Internet Society. (2012). Global Internet User Survey 2012. Retrieved from https:\/\/www.internetsociety.org\/internet\/globalinternet-user-survey-2012"},{"key":"IJISP.2019040104-21","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-011-0438-9"},{"key":"IJISP.2019040104-22","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-009-0278-z"},{"key":"IJISP.2019040104-23","unstructured":"McDonald, A., & Cranor, L. (2008). The cost of reading privacy policies. I\/S: A Journal of Law and Policy for the Information Society, 4(3), 1-22."},{"key":"IJISP.2019040104-24","doi-asserted-by":"crossref","unstructured":"McDonald, A., Reader, R., Kelley, P., & Cranor, L. (2009). A comparative study of online privacy policies and formats. In Proceedings of the 9th international symposium on Privacy Enhancing Technologies, Seattle, WA (pp. 37-55).","DOI":"10.1007\/978-3-642-03168-7_3"},{"key":"IJISP.2019040104-25","doi-asserted-by":"publisher","DOI":"10.1023\/B:AHSE.0000038173.00909.f6"},{"key":"IJISP.2019040104-26","author":"P.Nemenyi","year":"1963","journal-title":"Distribution-free Multiple Comparisons"},{"key":"IJISP.2019040104-27","unstructured":"OECD. (1980). 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Retrieved from http:\/\/www.oecd.org\/sti\/ieconomy\/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm"},{"key":"IJISP.2019040104-28","unstructured":"PEW Research Center. (2014). What Internet Users Know about Technology and the Web. Retrieved from http:\/\/www.pewinternet.org\/2014\/11\/25\/web-iq\/"},{"key":"IJISP.2019040104-29","author":"C.Robson","year":"2011","journal-title":"Real World Research"},{"key":"IJISP.2019040104-30","unstructured":"Sahami, M., Dumais, S., Heckerman, D., & Horvitz, E. (1998). A Bayesian approach to filtering junk email. In Proceedings of the AAAI-98 Workshop on Learning for Text Categorization, Madison, WI (pp. 55-62)."},{"key":"IJISP.2019040104-31","doi-asserted-by":"publisher","DOI":"10.22237\/jmasm\/1257035100"},{"key":"IJISP.2019040104-32","author":"W.Shadish","year":"2002","journal-title":"Experimental and Quasi-Experimental Designs"},{"key":"IJISP.2019040104-33","doi-asserted-by":"crossref","unstructured":"Shadish, W. R. T. C. (2002). Experimental and Quasi-Experimental Designs. Belmont, CA: Wadsworth Cengage Learning.","DOI":"10.1016\/B0-08-043076-7\/00419-8"},{"key":"IJISP.2019040104-34","author":"D.Sheskin","year":"2007","journal-title":"Handbook of parametric and nonparametric statistical procedures"},{"key":"IJISP.2019040104-35","doi-asserted-by":"publisher","DOI":"10.2307\/1321160"},{"key":"IJISP.2019040104-36","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-34555-0"},{"key":"IJISP.2019040104-37","unstructured":"Westin, A. F., & Ruebhausen, O. M. (1967). Privacy and freedom. New York: Atheneum."},{"key":"IJISP.2019040104-38","author":"I.Witten","year":"2011","journal-title":"Data Mining - Practical Machine Learning Tools and Techniques"},{"key":"IJISP.2019040104-39","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1212"},{"key":"IJISP.2019040104-40","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-59904-252-7"},{"key":"IJISP.2019040104-41","unstructured":"Zimmeck, S., & Bellovin, S. (2014). Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA (pp. 1-16)."}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=226949","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T18:24:28Z","timestamp":1651861468000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJISP.2019040104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2019,4,1]]},"references-count":42,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"URL":"https:\/\/doi.org\/10.4018\/ijisp.2019040104","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,1]]}}}