Carolyn Brodie, Clare-Marie Karat, and John Karat: An Empirical Study of Natural Language Parsing of Privacy Policy Rules Using SPARCLE
July 13, 2006 by PingThe authors believe that better tools for communicating privacy policies will lead to better privacy protection and privacy-preserving use of personal information. Their tool, SPARCLE, helps organizations analyze and construct clearer privacy policies, and helps them implement policies and check for compliance.
The policy-writing part of SPARCLE lets users construct privacy rules using structured lists (an example of a rule would be “Pharmacists can use social security number to confirm identity if the customer registers,” where each underlined part is a blank that can be filled in by choosing an item from a list). The natural language feature parses an existing privacy rule to fit it into this structure.
In the empirical study of SPARCLE, the natural language parser was not given the raw text of the privacy policy. Humans spent about 60 minutes per policy, picking out sentences that looked like privacy rules, rewriting them minimally, and entering them into SPARCLE. (This task was done by SPARCLE team members who hadn’t been involved in designing the rule grammar.)
The detailed results are in the paper, but on the whole it looks like their efforts have been pretty successful. Their participants rated the value of SPARCLE’s features quite highly, including the natural language parsing features.