There’s an international push towards stronger online privacy laws, from Europe to California, but there’s also a big barrier when it comes to tackling the issue: companies’ privacy policies, which are often impenetrable to people who don’t speak fluent legalese. Few regular people read these policies, so how can they check that the companies are respecting the rights that the new laws give consumers?
Artificial intelligence may be the answer. Meet Claudette, an “automated evaluator of privacy policies” that was unveiled Thursday by the European Consumer Organisation (BEUC) and researchers at the European University Institute in Florence, Italy.
The researchers have been training the AI on the privacy policies of over a dozen major companies, such as Google, Facebook and Apple. After comparing those policies to the rules set out in the EU’s General Data Protection Regulation (GDPR) and the guidelines given by national privacy watchdogs, the researchers found that none of the policies were fully compliant.
The problems range from not properly telling users where their data is being shared, to using “vague and unclear language” that makes the policy hard to understand, to inserting clauses that state users agree to the policy simply by using the company’s website—a common tactic that does not get meaningful consent from people.
By showing Claudette what sort of content is problematic, the hope is that “she” will be able to spot such legal issues on her own.
“This innovative research demonstrates that just as artificial intelligence and automated decision-making will be the future for companies from all kinds of sectors, AI can also be used to keep companies in check and ensure people’s rights are respected,” said Monique Goyens, BEUC’s director general.
“In the future, artificial intelligence will help identify infringements quickly and on a massive scale, making it easier to start legal actions as a result.”
With the GDPR allowing fines of up to 4% of global annual revenues, for serious transgressions, companies might want to take notice of this new development.
Here’s the full list of the companies whose privacy policies allegedly still don’t match up to the GDPR’s requirements: Google, Facebook (and Instagram,) Amazon, Apple, Microsoft, WhatsApp, Twitter, Uber, AirBnB, Booking.com, Skyscanner, Netflix, Steam and Epic Games.