Automating the Evaluation of Privacy Policies using Artificial Intelligence

Researchers from the European University Institute in Florence, in collaboration with The European Consumer Organisation (BEUC), created ‘Claudette’, a research project aiming at the automation of personal data and consumer law enforcement using artificial intelligence (AI). The program examined privacy policies of 14 major tech-businesses: Google, Facebook, Instagram, Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, AirBnB,, Skyscanner, Netflix, Steam, and Epic Games. The preliminary results showed that a third of world’s largest technology companies’ clauses were ‘potentially problematic’ or contained ‘insufficient information’. 11 % of the policy’s sentences had unclear language. The research outlined that privacy policies should meet: comprehensive information, clear language, fair processing, as well as the ways in which these documents can be unlawful and indicated whether the required information is insufficient, the language unclear, or showed potentially unfair processing. The Director General of BEUC, Monique Goyens said that the research was ‘very concerning’ as many privacy policies ‘may not meet the standard of the law’. The spokesperson from Alphabet’s Google stated that the firm has updated its privacy policy and uses clear and plain language. Amazon’s spokesperson said that its policies are compliant with the GDPR, and that users of its Alexa service are in control of their data. Facebook did not respond in time for publication.