Semantic Inference from Natural Language Privacy Policies (Sept 25, 5 pm)

Title: Semantic Inference from Natural Language Privacy Policies


Several state laws, along with app markets, such as Apple’s App Store and Google Play, require app developers to provide users with legal privacy notices (privacy policy) containing critical requirements that inform users about what kinds of personal information is collected, how the data is used, and with whom the data is shared. Because privacy policies consist of legal terms often written by a legal team without rigorous insight into the app source code, and because the policy and app code can change independently, privacy policies become misaligned with the actual data practices. In addition to misinforming users, such inconsistencies between policies and data practices can have legal repercussions. The goal of this work is to capture and formalize the semantics of natural language privacy policies into a knowledge base that can actuate (1) transparent software implementation; and (2) shared understanding between policy authors, app developers, and regulators. Constructing an empirically valid knowledge base (i.e., privacy policy ontology) is a challenging task since it should be both scalable and consistent with multi-user interpretations.

This work focuses on formal representation of privacy policy semantics by applying grounded theory, natural language patterns, and neural networks on terminology of privacy policies. Further, the application of formal ontologies in privacy misalignment detection frameworks is discussed.

Short Bio:

Mitra Bokaei Hosseini, P.h.D., is an Assistant Professor of Computer Science at St. Mary’s University. Bokaei received her Ph.D. degree in May 2019 from the Department of Computer Science at University of Texas at San Antonio (UTSA). Bokaei came to the U.S. from Tehran, Iran, where she received her M.Sc. degree in Information Technology from K. N. Toosi University of Technology in 2011. She also received her B.Sc. in Information Technology from Qazvin Azad University. She worked as a research intern at International Computer Science Institute, affiliated with UC Berkeley, collaborating with Dr. Serge Egelman and Institute of Software Research, Carnegie Mellon University, collaborating with Dr. Travis Breaux.

Bokaei has four years of experience in industry as Information Security auditor, where she was responsible for evaluating information systems and security controls in accordance with ISO/IEC 27001:2005.

Bokaei’s research spans on requirements engineering, privacy engineering, and natural language processing. Her goal is to capture and formalize the semantics of natural language privacy requirements into knowledge bases that can be applied to privacy misalignment detection tools, thus enabling policy authors and app developers to tailor the privacy policy and app code automatically. Application of such formal knowledge bases can actuate (1) transparent software implementation for users; and (2) shared understanding between policy authors, app developers, and regulators.

Google Meeting ID

Phone Numbers(‪US): ‪+1 347-696-8567

PIN: ‪695 808 602#