Regulators, policy makers, and consumers are interested in proactively identifying services with acceptable or compliant data use policies, privacy policies, and terms of service. Academic requirements engineering researchers and legal scholars have developed qualitative, manual approaches to conducting requirements analysis of policy documents to identify concerns and compare services against preferences or standards. In this research, we develop and present an approach to conducting large-scale, qualitative, prospective analyses of policy documents with respect to the wide-variety of normative concerns found in policy documents. Our approach uses techniques from natural language processing, including topic modeling and summarization. We evaluate our approach in an exploratory case study that attempts to replicate a manual legal analysis of roughly 200 privacy policies from seven domains in a semi-automated fashion at a larger scale. Our findings suggest that this approach is promising for some concerns.
54th Hawaii International Conference on System Sciences, HICSS 2021
and Massey, A.
Requirements Analysis of Large Policy Corpora, 54th Hawaii International Conference on System Sciences, HICSS 2021, Kauai, HI, US, [online], https://doi.org/10.24251/HICSS.2021.563, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929613
(Accessed June 6, 2023)