Skip to content

Article on Automating Accountability posted

We first started looking at automating the analysis of privacy policies in 2018. This led to several important legal insights, summarized in our paper, published in the University of Toronto Law Review. Initially, like many others, we strove to automate the processing, understanding and analysis of privacy policies, for many of the same reasons: there are too many privacy policies to read and they can be difficult for many people to understand. However, as often happens, our empirical analysis on privacy policies for Android Applications actually yielded an unexpected insight — that many apps actually do not comply with their own privacy policy. Further analysis showed that this was actually due to lack of transparency of third-party libraries, whose privacy policies, ironically, many app developers apparently also had trouble understanding, or neglected to read. This led to our final insight — the need automated privacy policy analysis goes beyond just consumer protection, but as a mechanism for accountability in the digital world. As a result it may be needed by many other parties, not only app developers, but possibly regulators and large tech companies such as Facebook, Apple or Google, who wish to enforce compliance from their app developers to avoid repeats of events such as those involving Cambridge Analytica and Facebook.