Classifying Potentially Non-compliant Portuguese Language Sentences Concerning Privacy Policies

Resumo

Privacy policies (PPol) are extensive and contain complex sentences that are difficult to understand. They detail what happens with a person’s personal data and must comply with specific legislation. One way to assess the compliance of PPol with legislation is through machine learning models. There are some studies already carried out, aiming to detect compliance with the GDPR, basically analyzing PPol in English. In this work, we present a mapping of Brazilian data protection legislation into 27 categories, divided into 3 blocks, and 3 levels of potential compliance. We also introduced a corpus in Portuguese, with PPol sentences annotated through mapping of Brazilian legislation. We evaluated some classifier models in a task of detecting potentially non-compliant sentences and another task of categorizing potentially non-compliant sentences. We achieved performance close to the literature for studies in English and the GDPR. Our study points out ways to improve the automated assessment of PPol and highlights the complexity of the tasks that seek to ensure compliance with data protection legislation.