SoK: Three Facets of Privacy Policies


Privacy policies are the main way to obtain information related to personal data collection and processing. Originally, privacy policies were presented as textual documents. However, the unsuitability of this format for the needs of today’s society gave birth to others means of expression. In this report, we systematically study the different means of expression of privacy policies. In doing so, we have identified three main categories, which we call dimensions, i.e., natural language, graphical and machine-readable privacy policies. Each of these dimensions focus on the particular needs of the communities they come from, i.e., law experts, organizations and privacy advocates, and academics, respectively. We then analyze the benefits and limitations of each dimension, and explain why solutions based on a single dimension do not cover the needs of other communities. Finally, we propose a new approach to expressing privacy policies which brings together the benefits of each dimension as an attempt to overcome their limitations.

WPES 2020