Document Type

Article

Publication Title

ACM Computing Surveys

Publication Date

11-2024

Keywords

security and privacy, usability in security and privacy, privacy policy, systematic literature review, survey, data protection, personal information

Abstract

An organization’s privacy policy states how it collects, stores, processes, and shares its users’ personal information. The growing number of data protection laws and regulations, as well as the numerous sectors where the organizations are collecting user information, has led to the investigation of privacy policies with regards to their accessibility, readability, completeness, comparison with organization’s actual data practices, use of machine learning/natural language processing for automated analysis, and comprehension/perception/concerns of end-users via summarization/visualization tools and user studies. However, there is limited work on systematically reviewing the existing research on this topic. We address this gap by conducting a systematic review of the existing privacy policy literature. To this end, we compiled and analyzed 202 papers (published till 31st December, 2023) that investigated privacy policies. Our work advances the field of privacy policies by summarizing the analysis techniques that have been used to study them, the data protection laws/regulations explored, and the sectors to which these policies pertain. We provide actionable insights for organizations to achieve better end-user privacy.

Funding Source

This article was published Open Access thanks to a transformative agreement between Milner Library and ACM.

Comments

First published in ACM Computing Surveys (2024): https://doi.org/10.1145/3698393

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

DOI

10.1145/3698393

Download

Share

COinS