An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR

.lusoftware veriﬁcation & validation
VVS
An AI-assisted Approach
for Checking the Completeness of
Privacy Policies Against GDPR
Zurich, September 3rd, 2020
Damiano Torre1, Sallam Abualhaija1,
Mehrdad Sabetzadeh2,1, Lionel Briand1,2
{damiano.torre, sallam.abualhaija}@uni.lu
{msabetza, lbriand}@uottawa.ca
1 University of Luxembourg, Luxembourg
2 University of Ottawa, Canada
Katrien Baetens, Peter Goes,
Sylvie Forastier
{katrien.baetens, peter.goes,
sylvie.forastier}@linklaters.com
Linklaters, Luxembourg

General Data Protection Regulation
• A complex EU regulation to harmonize data protection and
privacy in the European Union and the European Economic Area
• Every organization, EU-based or not, must comply with GDPR as
long as it collects and processes personal data of EU citizens and
residents
• Failure to comply with GDPR may result in fines of up to €20m or
4% of an organization's global turnover for specific breaches
3

Industrial Motivation
• Linklaters is a global law firm,
headquartered in London with a
base in Luxembourg
• Most of GDPR compliance checking
procedures are carried out manually
• Manual checking is time consuming
• Effective automated compliance
checking is needed
4
https://www.linklaters.com

Privacy Policy
Document stating how an organization handles personal data
5
How many privacy policies have you
read so far before clicking on “I agree”?
Twitter @bertsesame

Example of Checking
To comply with the regulation,
the privacy policy should include:
6
Article 13.2. (b) the existence
of the right to request from
the controller access to and
rectiﬁcation or erasure of
personal data or restriction of
processing concerning the
data subject […].
CompletenessCompliance

Research Questions
RQ1: What are the metadata types required for checking the completeness
of a privacy policy according to GDPR?
Ø Building a conceptual model of GDPR privacy-related requirements
RQ2: How can the metadata required for completeness checking of a
privacy policy be extracted automatically?
Ø Developing automated metadata identification approach using NLP & ML
RQ3: How accurately can we extract metadata from privacy policies?
Ø Evaluating our metadata identification approach
RQ4: How accurately can we check the completeness of privacy policies?
Ø Evaluating our completeness checking approach
7

Approach
(RQ1) Building a Conceptual Model
of Privacy Policies Metadata

Analyzing GDPR Privacy-Related
Articles
9

From GDPR to Metadata Model
10
(b) the existence of the right to request from the controller access to and rectiﬁcation or
erasure of personal data or restriction of processing concerning the data subject […].
Article 13.2. The controller shall, at the time when personal data are obtained, provide the
data subject with the following further information to ensure fair and transparent processing:
DATA_SUBJECT_RIGHT
ACCESS RECTIFICATIONRESTRICTIONERASURE

DATA SUBJECT
RIGHT
11
RQ1: What are the metadata types required for checking
the completeness of a privacy policy according to GDPR?
RESTRICTION
COMPLAINT
ERASURE
OBJECT
PORTABILITY
WITHDRAW
CONSENT
ACCESS
RECTIFICATION
SA
DIRECT
INDIRECT PD ORIGIN
PUBLICLY
COOKIE
THIRD-PARTY

12
Glossary
Completeness
Criteria
PD ORIGIN
INDIRECT
not needed
INDIRECT
THIRD-PARTY
found
INDIRECT
PUBLICLY found
2
Is PD ORIGIN
INDIRECT
found?
PD ORIGIN
INDIRECT
not found
PD ORIGIN
INDIRECT
partially found
3
Is INDIRECT
THIRD-PARTY
found?
4
Is INDIRECT
PUBLICLY
found?
Start
Final
No
Yes
1
Will data be
collected
indirectly?
No Yes Yes
Yes No No

Approach
(RQ2) Identifying Metadata in
Privacy Policies

14
Keywords
Training Data
Pre-
processing
1
Pre-trained Classifiers
Identified
Metadata
Pre-trained
Word Embeddings
Prediction
7
Similarity-based
Classification
5
Vectorization
3
KW-based
Classification
6
ML-based
Classification
4
Pre-
processing
1
Post-
processing
8
Text
Generalization
2
Privacy Policy
RQ2: How can the metadata required for completeness
checking of a privacy policy be extracted automatically?

Applying the NLP pipeline
Unit of Analysis: Sentence
DATA PROTECTION NOTICE
The protection of your personal data is important to the BNP Paribas Group in France,
which has adopted strong principles in that respect for the entire Group.
This data protection notice provides you with detailed information relating to the
protection of your personal data by the BNP Paribas Asset Management entities listed
in the appendix, which are all subject to this data protection notice (hereunder referred
to as “we”). We are responsible, as a controller, for collecting and processing your
personal data in relation to our activities.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
• To access: you can obtain information relating to the processing of your personal
data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete,
you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted
by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds
relating to your particular situation. You have the absolute right to object to the
processing of your personal data for direct marketing purposes, which includes
profiling related to such direct marketing.
• To withdraw your consent: where you have given your consent for the processing
of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal
data you have provided to us be returned to you or, where technically feasible,
transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following
address data protection officer BNP Paribas Asset Management, 14 rue Bergere 75009
PARIS, FRANCE or an email using dataprotection@bnpparibas.com.
In accordance with applicable regulation, in addition to your rights above, you are also
entitled to lodge a complaint with the competent supervisory authority.
Pre-processing
15
Stopwords Removal
The protection of your personal data is important to the
BNP Paribas Group in France, which has adopted
strong principles in that respect for the entire Group.
protection personal data important BNP Paribas Group
France, adopt strong principle respect entire Group.
Lemmatization

Text Generalization
Replacing specific textual entities with more general ones
Ø Locations, organizations, websites, telephone numbers, e-mail and addresses
16
by law.
protection personal data important BNP Paribas Group
France adopt strong principle respect entire Group.
protection personal data important
ORGANIZATION LOCATION
adopt strong principle respect
entire Group.
exercise right list please send letter
following address data protection
oﬃcer ORGANIZATION ADDRESS
email use EMAIL.

Transforming the sentences into 100-dimentional vectors
Ø Using GloVe pre-trained models
Vectorization
17
by law.
data protection noticePre-processed sentence
protection
data
notice
[ -0.4710, 0.6158, 0.6897, -0.1815, 0.3078, -0.8415, -0.4187, -0.2001, 0.2818, -0.3401, 0.7729, -0.2277, 0.0599, -0.2414,
0.8778, 0.7204, 0.6429, 0.3625, 0.4162, 0.1300, -0.4707, -0.4466, 0.4736, 0.4076, -1.0341, -1.1422, 0.3744, 0.2463, -0.6729,
0.4918, 0.4651, 0.1361, -0.9380, 0.5189, 0.5155, -0.2651, -0.1455, 0.2252, 0.3524, -0.7965, -0.4225, -0.9059, -0.8400, 0.4536,
-0.7249, -0.1259, 0.4366, -0.5366, 0.0205, -0.7461, 1.1925, 0.1572, 0.2932, 0.9266, 0.4824, -1.8290, -0.0127, -0.3703, 2.3618,
0.3359, -0.1544, 0.1466, -0.1131, -0.0249, 0.3193, 0.2882, -0.2963, -0.3303, 1.4774, 0.2374, -0.2531, 0.6137, 0.5681, -0.5699,
0.4880, 0.0654, 0.2826, -0.1354, -1.1096, -0.3597, 0.8531, 0.4630, -1.1223, 0.0072, -1.7636, -0.4455, 1.2478, -0.3754, -0.2163,
0.4594, -0.1139, 0.7558, -0.2442, -0.0565, 0.5479, -0.3093, 0.2592, -0.5961, 0.2760, 0.0880]
[ 0.0330, -0.2653, 0.2386, -0.1449, 0.4572, -0.2129, -0.6080, -0.4135, 0.0960, -0.2114, -0.0625, -0.1854, 0.0909, -0.2509,
0.0931, -0.2927, 0.9347, -0.1482, -0.9635, 0.0151, -0.3910, -0.2225, -0.1056, 0.4497, 0.0575, 0.3878, -0.2755, -0.5580, -0.9241,
-0.4803, 0.3122, -0.0470, -0.0105, 0.4453, 0.3733, -0.2642, -0.0194, 0.0778, -0.0885, 0.0392, -0.1973, -0.3003, 0.2938, -0.2649,
0.5680, -0.2838, -0.4947, 0.3432, -0.4117, -0.9482, 0.5263, 0.1430, -0.7211, 1.2293, 0.4163, -0.9417, 0.8058, -1.0777, 2.4755,
0.3097, 0.1849, 0.3422, -0.2709, 0.2793, 1.0019, 0.0157, -0.4184, -0.1016, 0.8306, -0.3263, 0.1229, -0.4821, 0.3061, -0.1621,
0.7334, -0.1168, -0.3701, 0.1795, -1.1684, 0.1200, 0.8329, -0.1387, 0.0737, 0.5353, -1.1984, 0.7402, 0.1241, 0.0189, 0.2222,
-0.0001, 1.0163, -1.2003, 0.0576, 0.1005, 0.3886, 0.6566, -0.2975, -0.0867, 0.5531, -0.3809]
[ 0.1377, -0.5041, -0.1082, -0.2499, -0.2414, 0.3749, -0.5977, 0.4089, 0.3198, -0.4266, 0.2197, 0.0467, -0.0241, -0.3295,
0.1505, -0.0197, -0.0795, 0.3808, -0.0841, 0.0600, -0.2723, 0.3564, -0.5089, -0.5272, 0.1763, 0.0837, -0.0244, -0.0261, 0.2384,
-0.6271, 0.4758, 0.0080, 0.1979, -0.2095, -0.4243, 0.5012, -0.2161, -0.7097, -0.0681, -0.1287, -0.2156, 0.6505, 0.3222, -0.4843,
0.1309, -0.2888, -0.0246, -0.1711, 0.2656, -1.0098, 1.1561, -0.2706, -0.1719, 0.4489, 0.0501, -1.2639, -0.0260, -0.6504, 1.7581,
0.1059, -0.3542, 0.8539, -0.5211, 0.0547, 0.8483, -0.1820, -0.2561, 0.1676, -0.2452, -0.0495, -0.4471, -0.2160, 0.2036, -0.5234,
0.3364, 0.9539, -0.0427, -0.3200, -0.9549, -0.4273, 0.1453, -1.0337, -0.5458, -0.2693, -1.0983, -0.4366, 0.3313, -0.0407, 0.1030,
0.1724, 0.0570, -0.2919, 0.0124, -0.3216, 0.0375, 0.6194, -0.0108, 0.0652, -0.3073, 0.1408]
Corresponding
100-D vector
[ -0.1001, -0.0512, 0.2734, -0.1921, 0.1745, -0.2265, -0.5415, -0.0682, 0.2326, -0.3260, 0.3100,
-0.1221, 0.0422, -0.2739, 0.3738, 0.1360, 0.4994, 0.1984, -0.2105, 0.0684, -0.3780, -0.1042, -0.0470,
0.1100, -0.2668, -0.2236, 0.0248, -0.1126, -0.4529, -0.2052, 0.4177, 0.0324, -0.2502, 0.2516, 0.1548,
-0.0094, -0.1270, -0.1356, 0.0653, -0.2953, -0.2785, -0.1852, -0.0747, -0.0985, -0.0087, -0.2328, -0.0276,
-0.1215, -0.0419, -0.9014, 0.9583, 0.0099, -0.1999, 0.8683, 0.3162, -1.3449, 0.2557, -0.6995, 2.1985,
0.2505, -0.1079, 0.4475, -0.3017, 0.1030, 0.7232, 0.0406, -0.3236, -0.0881, 0.6876, -0.0461, -0.1925,
-0.0281, 0.3593, -0.4185, 0.5193, 0.3008, -0.0434, -0.0920, -1.0776, -0.2223, 0.6105, -0.2365, -0.5315,
0.0911, -1.3534, -0.0473, 0.5677, -0.1324, 0.0363, 0.2106, 0.3198, -0.2455, -0.0581, -0.0925, 0.3247,
0.3222, -0.0164, -0.2059, 0.1739, -0.0507]

Prediction
18
Keywords
Training Data
Pre-
processing
1
Identified
Metadata
Pre-trained
Word Embeddings
Prediction
7
Similarity-based
Classification
5
Vectorization
3
KW-based
Classification
6
ML-based
Classification
4
Pre-
processing
1
Post-
processing
8
Text
Generalization
2
Privacy Policy

Hierarchical Model
19
MLML + Sim + KWKW+NER

ML-based Classification
• A binary classifier for each metadata type (levels 1&2)
20
DATA SUBJECT RIGHT
Not DATA SUBJECT RIGHT
This data protection notice enables you to obtain detailed information relating to the

Checking semantic similarity between a sentence and a set of
training examples of a metadata type (level 2)
-0.1983, 0.1698, 0.3051, -0.0343, 0.2145, 0.0277, -0.3181, -0.1116, 0.1986, -0.2342, 0.2577,
-0.1901, 0.3291, -0.1272, 0.1686, 0.0948, 0.4405, 0.2328, -0.2926, 0.1354, -0.3191, -0.1708, -0.0148,
0.0395, -0.2850, -0.3252, 0.0696, -0.1286, -0.2628, -0.0727, 0.2690, 0.0940, -0.2561, 0.0484, 0.0598,
0.1618, -0.0639, 0.0702, -0.1344, -0.0973, -0.1914, -0.0648, 0.0528, -0.1219, -0.1378, -0.1070, -0.0277,
-0.0734, -0.1583, -0.6287, 0.7184, 0.2003, 0.0483, 0.7144, 0.0752, -1.2867, 0.3194, -0.4712, 1.7194,
0.3681, -0.1071, 0.4806, -0.2039, -0.0508, 0.8415, -0.0838, -0.0044, 0.0302, 0.4905, -0.0457, -0.1050,
-0.1170, 0.2246, -0.2939, 0.3821, 0.1018, -0.1512, -0.1171, -0.8723, -0.2130, 0.4374, -0.0327, -0.2389,
0.0673, -1.2155, 0.0636, 0.2182, -0.1731, -0.0059, 0.0620, -0.0136, -0.0645, 0.0555, -0.1652, 0.1210,
0.1492, -0.1160, -0.3832, 0.2884, 0.0442"
Similarity-based Classification
21
[ -0.2282, -0.1558, 0.0652, 0.0991, 0.1608, -0.1088, -0.2718, -0.0173, 0.1660, 0.1387,
0.1073, -0.1066, 0.2735, -0.0381, 0.1411, 0.0162, 0.1138, 0.2237, 0.0039, 0.3900,
-0.2075, -0.3058, 0.1522, -0.1538, -0.3828, -0.2691, -0.0107, -0.0786, -0.0987, -0.0090,
0.1191, 0.3814, -0.2909, 0.0209, 0.0454, -0.1930, 0.0577, 0.0796, 0.1150, -0.2799,
-0.2460, -0.3236, 0.1911, -0.0752, -0.3893, -0.0191, -0.0130, -0.2376, -0.1571, -0.6903,
0.5475, 0.0387, 0.0706, 0.9536, 0.1957, -1.3846, 0.0126, -0.2413, 1.5954, 0.3453,
-0.0842, 0.3065, -0.0789, -0.0849, 0.6592, -0.0325, 0.0970, -0.0936, 0.7144, 0.0332,
-0.0842, -0.1491, 0.2932, -0.2050, 0.2586, -0.0586, -0.0516, -0.0666, -0.7936, 0.0595,
0.4763, 0.3987, -0.4171, 0.1743, -1.2655, 0.1015, 0.3702, -0.1000, -0.0591, -0.3456,
-0.2736, 0.2876, 0.0137, 0.0495, 0.3142, -0.0320, 0.0510, -0.5056, 0.5006, -0.1134]
[ -0.2111, -0.0454, 0.3794, 0.1048, -0.1989, -0.0568, -0.3195, -0.1061, 0.3210, 0.0961,
0.1302, -0.0328, 0.1682, -0.2576, 0.1328, 0.0617, 0.2283, 0.3493, -0.0362, 0.2115,
-0.1524, -0.3676, 0.2312, 0.1922, -0.4278, -0.5339, -0.2137, -0.0735, -0.2329, 0.1074,
0.3383, 0.2820, -0.5242, -0.0686, -0.0450, 0.1989, -0.1216, -0.1705, -0.2182, -0.1445,
-0.1320, -0.1095, -0.1330, -0.0862, -0.6284, -0.2005, 0.2613, -0.1753, -0.2242, -0.7376,
0.7149, 0.1868, 0.2578, 0.5627, 0.0887, -1.1176, 0.5187, -0.2217, 1.3552, 0.0823,
-0.2786, 0.2048, -0.1019, 0.1011, 0.6854, -0.2996, 0.1295, -0.0006, 0.2986, -0.2940,
-0.1595, 0.1385, 0.3246, -0.3247, 0.3632, 0.1793, -0.2596, 0.1123, -0.7059, -0.2170,
0.4344, 0.1247, -0.4316, -0.0446, -1.1833, -0.0789, 0.4744, -0.1370, -0.4004, -0.1094,
-0.2521, 0.2583, -0.0554, -0.2261, 0.1829, -0.1604, -0.0274, -0.4844, 0.3389, 0.0507]
0.46
0.93 Represented by an average vector
Training examples
on “ACCESS”

Looking for the keywords of a metadata type that are present in the
sentence
by law.
Keyword-based Classification
22
data protection notice enable obtain
detail information relate protection
personal data ORGANIZATION entity
list appendix all subject data
protection notice hereunder refer
access obtain information
relate processing personal data
copy personal data
Keywords of “ACCESS”

Combining the results
by law.
Prediction
23
Keywords
Training Data
Pre-
processing
1
Identified
Metadata
Pre-trained
Word Embeddings
Prediction
7
Similarity-based
Classification
5
Vectorization
3
KW-based
Classification
6
ML-based
Classification
4
Pre-
processing
1
Post-
processing
8
Text
Generalization
2
Privacy Policy
DATA SUBJECT
RIGHT
COMPLAINT SA
DATA SUBJECT
RIGHT
ACCESS

Considering the contextual information
Post-processing
24
DATA SUBJECT RIGHTDATA SUBJECT RIGHT

Case Study
DATA SUBJECT RIGHT and LEGAL BASIS
26
TO ENTER
CONTRACT
CONTRACTUAL
STATUTORY
CONSENT
PUBLIC
FUNCTION
LEGITIMATE
INTEREST
VITAL INTEREST
CONTRACT
LEGAL
OBLIGATION
LEGAL BASIS
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ERASURE
OBJECT
PORTABILITY
WITHDRAW
CONSENT
SA
ACCESS
RECTIFICATION

Document Collection
A total of 234 privacy policies, fully annotated
Ø 90% training-set and 10% testset
27
DATA SUBJECT RIGHT # of Sentences
ACCESS 228
COMPLAINT 196
SA 183
ERASURE 219
OBJECT 298
PORTABILITY 171
RECTIFICATION 215
RESTRICTION 179
WITHDRAW CONSENT 204
TOTAL 1710
LEGAL BASIS # of Sentences
CONSENT 272
CONTRACT 265
TO ENTER CONTRACT 69
CONTRACTUAL 164
STATUTORY 16
LEGAL OBLIGATION 351
LEGITIMATE INTEREST 507
PUBLIC FUNCTION 71
VITAL INTEREST 13
TOTAL 1479

Empirical Evaluation
(RQ3) Metadata Identification
Approach

Evaluation Metrics
• Precision (P): percentage of correctly identified metadata types
by the approach – TP/(TP+FP)
• Recall (R): percentage of correctly identified metadata types from
the ones actually present in the privacy policies – TP/(TP+FN)
29
True Positive
(TP)
Metadata type is present in the privacy policy and is
identified by the approach
False Positive
(FP)
Metadata type is NOT present in the privacy policy
but is identified by the approach
False Negative
(FN)
Metadata type is present in the privacy policy but is
NOT identified by the approach

RQ3: How accurately can we extract metadata from a
given privacy policy?
30
DATA SUBJECT RIGHT P(%) R(%)
ACCESS 100 91
COMPLAINT 100 100
SA 100 100
ERASURE 100 89
OBJECT 94 94
PORTABILITY 100 100
RECTIFICATION 100 95
RESTRICTION 100 94
WITHDRAW CONSENT 100 94
LEGAL BASIS P(%) R(%)
CONSENT 95 100
CONTRACT 90 95
TO ENTER CONTRACT 100 87
CONTRACTUAL 94 100
STATUTORY 83 100
LEGAL OBLIGATION 100 96
LEGITIMATE INTEREST 100 81
PUBLIC FUNCTION 75 60
VITAL INTEREST 100 80

Empirical Evaluation
(RQ4) Completeness Checking
Approach

Case Study Completeness Criteria
32
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ACCESS
RECTIFICATION
C1: Must always be present C2:
C4:C3:
DATA SUBJECT
RIGHT
ERASURE
OBJECT
PORTABILITY
WITHDRAW
CONSENT
CONSENT
LEGAL BASISIF THEN
DATA SUBJECT
RIGHT
PORTABILITY
CONTRACT
LEGAL BASIS
IF THEN
DATA SUBJECT
RIGHT
OBJECT
PUBLIC
FUNCTION
LEGITIMATE
INTEREST
LEGAL BASIS
IF THEN
https://www.clipartkey.co
m/view/hJTTiw_muppet-
wiki-sesame-street-bert/
If you give your consent for sharing
your data, can you withdraw it?

Example of Incompleteness Issue
33
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ACCESS
RECTIFICATION
C1: Must always be present
C3:
DATA SUBJECT
RIGHT
PORTABILITY
CONTRACT
LEGAL BASIS
IF THEN
DATA SUBJECT
RIGHT
RESTRICTION
COMPLAINT
ACCESS
RECTIFICATION
DATA SUBJECT
RIGHT
PORTABILITY
CONTRACT
LEGAL BASIS
IF THEN
The protection of your personal data is important […]
• To access: you can obtain information relating to the processing of your
personal data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or
incomplete, you can require that such personal data be modiﬁed
accordingly.
[…]
In accordance with applicable regulation, in addition to your rights above,
you are also entitled to lodge a complaint with the competent supervisory
authority.
WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?
a) To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, […]
b) To perform a contract with you or to take steps at your request
before entering into a contract
We use your personal data to enter into and perform our contracts to provide you with
information regarding our products and services.

Evaluation Metrics
• Precision (P): percentage of correctly identified incompleteness
by the approach – TP/(TP+FP)
• Recall (R): percentage of correctly identified incompleteness from
what actually is in the privacy policies – TP/(TP+FN)
34
True Positive
(TP)
Incompleteness issue exists in the privacy policy and
is identified by the approach
False Positive
(FP)
Incompleteness issue does NOT exist in the privacy
policy but is identified by the approach
False Negative
(FN)
Incompleteness issue exists in the privacy policy but
is NOT identified by the approach

RQ4: How accurately can we check the completeness
of a given privacy policy?
On our test set (24 privacy policies):
Ø45 out of 47 incompleteness issues are correctly identified
ØFalse alarm on eight occasions
35
Criterion TPs FPs FNs P(%) R(%)
C1 16 4 0 80 100
C2 5 1 0 83 100
C3 3 0 2 100 60
C4 21 3 0 88 100
Summary 45 8 2 85 96

Thanks for listening! Time for questions.
Participate in BERT’s quiz at this link:
https://shorturl.at/ditES
37
https://tenor.com/search/bert-gifs

An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR

Similar to An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR (20)

More from Lionel Briand

More from Lionel Briand (20)

Recently uploaded

Recently uploaded (20)

An AI-assisted Approach for Checking the Completeness of Privacy Policies Against GDPR