par Restrepo Amariles, David 
Référence Proceedings of the Eighteenth International Conference on Artificial Intelligence and Law Proceedings of the Eighteenth International Conference on Artificial Intelligence and Law, Association for Computing Machinery, page (40–49)
Publication Publié, 2021
Référence Proceedings of the Eighteenth International Conference on Artificial Intelligence and Law Proceedings of the Eighteenth International Conference on Artificial Intelligence and Law, Association for Computing Machinery, page (40–49)
Publication Publié, 2021
Publication dans des actes
| Résumé : | The General Data Protection Regulation (GDPR) requires data controllers to implement end-to-end compliance. Controllers must therefore ensure that the terms agreed with the data subject and their own obligations under GDPR are respected in the data flows from data subject to controllers, processors and sub processors (i.e. data supply chain). This paper seeks to contribute to bridge both ends of compliance checking through a two-pronged study. First, we conceptualize a framework to implement a document-centric approach to compliance checking in the data supply chain. Second, we develop specific methods to automate compliance checking of privacy policies. We test a two-modules system, where the first module relies on NLP to extract data practices from privacy policies. The second module encodes GDPR rules to check the presence of mandatory information. The results show that the text-to-text approach outperforms local classifiers and enables the extraction of both coarse-grained and fine-grained information with only one model. We implement full evaluation of our system on a dataset of 30 privacy policies annotated by legal experts. We conclude that this approach could be generalized to other documents in the data supply as a means to improve end-to-end compliance. |
