基于知识库增强深度学习模型的隐私政策合规性研究——从完整性与语义冲突角度  被引量：5

作　　者：朱侯 罗颖嘉 陈梦蕾 欧阳佳祥 肖颖[1] 蔡伊南 Zhu Hou;Luo Yingjia;Chen Menglei;Ouyang Jiaxiang;Xiao Ying;Cai Yinan(School of Information Management,Sun Yat-Sen University,Guangzhou 510006,China)

机构地区：[1]中山大学信息管理学院,广州510006

出　　处：《数据分析与知识发现》2024年第5期46-58,共13页Data Analysis and Knowledge Discovery

基　　金：教育部人文社会科学研究一般项目(项目编号:23YJC630270);广东省自然科学基金面上项目(项目编号:2021A1515011805)的研究成果之一。

摘　　要：【目的】通过融合法律法规知识,在语义层面对隐私政策的合规性进行智能检测。【方法】依据《信息安全技术个人信息安全规范》(GB/T 35273-2020)从完整性和语义冲突角度构建合规性评价指标体系,标注语料。基于嵌入知识图谱的K-BERT模型构建完整性评价模型,并构建用于检测语义冲突的一致性评价模型。最后运用完整性评价模型和一致性评价模型分析15个领域的APP隐私政策合规性。【结果】构建通过肯德尔W检验的中文隐私政策语料库,完整性和一致性评价模型的F1值分别达到0.92和0.87。分析1762篇APP隐私政策发现,影音娱乐、购买比价、金融理财、运动健康和汽车领域的APP隐私政策完整性表现较好,社交通讯和购买比价领域的APP隐私政策在语义层面较符合法律法规的要求。【局限】忽略了少数隐私政策中可能出现的超链接所包含的内容,导致对部分隐私政策合规性的检验可能存在偏差。【结论】本文模型实现了自动化分析各领域隐私政策合规性的目标,对于提升国家对移动APP平台处理用户隐私数据的监管能力具有重要意义。[Objective]The paper aims to detect the compliance of privacy policies at the semantic level by integrating legal and regulatory knowledge.[Methods]We constructed a compliance evaluation index system from the integrity and semantic conflict perspective based on the Information Security Technology—Personal Information Security Specification(GB/T 35273-2020)and annotated the corpus.Then,we used the K-BERT model embedded with a knowledge graph to build an integrity evaluation model and a consistency evaluation model to detect semantic conflicts.Finally,we analyzed the compliance of app privacy policies in 15 fields with the integrity and consistency evaluation models.[Results]We constructed a Chinese privacy policy corpus that passed the Kendall's W test,and the F1 Score of the integrity and consistency evaluation models reached 0.92 and 0.87,respectively.We analyzed 1762 app privacy policies and found that policies in the fields of Audio-Video Entertainment,Purchase Comparison,Financial Planning,Sports and Health,and Automotive are better in integrity,while those in the fields of Social Communication and Purchase Comparison are more semantically compliant with legal and regulatory requirements.[Limitations]The content in hyperlinks that may appear in a few privacy policies is ignored,which may cause bias in the compliance testy of some privacy policies.[Conclusions]The proposed model achieves the goal of automated analysis of privacy policy compliance in various fields,which is significant for China in enhancing the regulatory capacity for mobile apps handling user privacy data.

关 键 词：隐私政策 合规性 语义冲突 K-BERT TF-IDF 

分 类 号：TP391[自动化与计算机技术—计算机应用技术] G203[自动化与计算机技术—计算机科学与技术]