Paper on privacy policies and IoT published on arXiv

Our paper on privacy policies of IoT devices has been published on arXiv. More information at the arxiv

PrivacyLens: A Framework to Collect and Analyze the Landscape of Past, Present, and Future Smart Device Privacy Policies

Aamir Hamid(University of Maryland, Baltimore County, USA); Hemanth Reddy Samidi (University of Maryland, Baltimore County, USA) Tim Finin (University of Maryland, Baltimore County, USA); Primal Pappachan (Portland State University, Portland, USA); Roberto Yus (University of Maryland, Baltimore County, USA);

As the adoption of smart devices continues to permeate all aspects of our lives, concerns surrounding user privacy have become more pertinent than ever before. While privacy policies define the data management practices of their manufacturers, previous work has shown that they are rarely read and understood by users. Hence, automatic analysis of privacy policies has been shown to help provide users with appropriate insights. Previous research has extensively analyzed privacy policies of websites, e-commerce, and mobile applications, but privacy policies of smart devices, present some differences and specific challenges such as the difficulty to find and collect them. We present PrivacyLens, a novel framework for discovering and collecting past, present, and future smart device privacy policies and harnessing NLP and ML algorithms to analyze them. PrivacyLens is currently deployed, collecting, analyzing, and publishing insights about privacy policies to assist different stakeholders of smart devices, such as users, policy authors, and regulators. We show several examples of analytical tasks enabled by PrivacyLens, including comparisons of devices per type and manufacturing country, categorization of privacy policies, and impact of data regulations on data practices. At the time of submitting this paper, PrivacyLens had collected and analyzed more than 1,200 privacy policies for 7,300 smart devices.