Understanding Privacy Norms through Web Forms

• URL: http://arxiv.org/abs/2408.16304v1
• Date: Thu, 29 Aug 2024 07:11:09 GMT
• Title: Understanding Privacy Norms through Web Forms
• Authors: Hao Cui, Rahmadi Trimananda, Athina Markopoulou,
• Abstract summary: We build a specialized crawler to discover web forms on 11,500 popular websites. We run it on 11,500 popular websites, and we create a dataset of 293K web forms. By analyzing the annotated dataset, we reveal common patterns of data collection practices.
• Score: 5.972457400484541
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Web forms are one of the primary ways to collect personal information online, yet they are relatively under-studied. Unlike web tracking, data collection through web forms is explicit and contextualized. Users (i) are asked to input specific personal information types, and (ii) know the specific context (i.e., on which website and for what purpose). For web forms to be trusted by users, they must meet the common sense standards of appropriate data collection practices within a particular context (i.e., privacy norms). In this paper, we extract the privacy norms embedded within web forms through a measurement study. First, we build a specialized crawler to discover web forms on websites. We run it on 11,500 popular websites, and we create a dataset of 293K web forms. Second, to process data of this scale, we develop a cost-efficient way to annotate web forms with form types and personal information types, using text classifiers trained with assistance of large language models (LLMs). Third, by analyzing the annotated dataset, we reveal common patterns of data collection practices. We find that (i) these patterns are explained by functional necessities and legal obligations, thus reflecting privacy norms, and that (ii) deviations from the observed norms often signal unnecessary data collection. In addition, we analyze the privacy policies that accompany web forms. We show that, despite their wide adoption and use, there is a disconnect between privacy policy disclosures and the observed privacy norms.

Related papers

• Towards Split Learning-based Privacy-Preserving Record Linkage [49.1574468325115]
  Split Learning has been introduced to facilitate applications where user data privacy is a requirement. In this paper, we investigate the potentials of Split Learning for Privacy-Preserving Record Matching.
  arXiv  Detail & Related papers  (2024-09-02T09:17:05Z)
• Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
  Security measures such as anonymization are needed to protect individuals' privacy. Within our study, we conducted expert interviews to gain insights into practices in the field. We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
  arXiv  Detail & Related papers  (2024-07-04T08:29:27Z)
• DiffAudit: Auditing Privacy Practices of Online Services for Children and Adolescents [5.609870736739224]
  Children's and adolescents' online data privacy are regulated by laws such as the Children's Online Privacy Protection Act (COPPA) Online services directed towards children, adolescents, and adults must comply with these laws. We present DiffAudit, a platform-agnostic privacy auditing methodology for general audience services.
  arXiv  Detail & Related papers  (2024-06-10T17:14:53Z)
• PrivacyMind: Large Language Models Can Be Contextual Privacy Protection Learners [81.571305826793]
  We introduce Contextual Privacy Protection Language Models (PrivacyMind) Our work offers a theoretical analysis for model design and benchmarks various techniques. In particular, instruction tuning with both positive and negative examples stands out as a promising method.
  arXiv  Detail & Related papers  (2023-10-03T22:37:01Z)
• A Unified View of Differentially Private Deep Generative Modeling [60.72161965018005]
  Data with privacy concerns comes with stringent regulations that frequently prohibited data access and data sharing. Overcoming these obstacles is key for technological progress in many real-world application scenarios that involve privacy sensitive data. Differentially private (DP) data publishing provides a compelling solution, where only a sanitized form of the data is publicly released.
  arXiv  Detail & Related papers  (2023-09-27T14:38:16Z)
• PolicyGPT: Automated Analysis of Privacy Policies with Large Language Models [41.969546784168905]
  In practical use, users tend to click the Agree button directly rather than reading them carefully. This practice exposes users to risks of privacy leakage and legal issues. Recently, the advent of Large Language Models (LLM) such as ChatGPT and GPT-4 has opened new possibilities for text analysis.
  arXiv  Detail & Related papers  (2023-09-19T01:22:42Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining [75.25943383604266]
  We question whether the use of large Web-scraped datasets should be viewed as differential-privacy-preserving. We caution that publicizing these models pretrained on Web data as "private" could lead to harm and erode the public's trust in differential privacy as a meaningful definition of privacy. We conclude by discussing potential paths forward for the field of private learning, as public pretraining becomes more popular and powerful.
  arXiv  Detail & Related papers  (2022-12-13T10:41:12Z)
• Privacy-Preserving Graph Convolutional Networks for Text Classification [3.5503507997334958]
  Graphal convolution networks (GCNs) are a powerful architecture for representation learning and making predictions on documents that naturally occur as graphs. Data containing sensitive personal information, such as documents with people's profiles or relationships as edges, are prone to privacy leaks from GCNs. We show that privacy-preserving GCNs perform up to 90% of their non-private variants, while formally guaranteeing strong privacy measures.
  arXiv  Detail & Related papers  (2021-02-10T15:27:38Z)
• A Comparative Study of Sequence Classification Models for Privacy Policy Coverage Analysis [0.0]
  Privacy policies are legal documents that describe how a website will collect, use, and distribute a user's data. Our solution is to provide users with a coverage analysis of a given website's privacy policy using a wide range of classical machine learning and deep learning techniques.
  arXiv  Detail & Related papers  (2020-02-12T21:46:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.