Privacy policies play a crucial role in disclosing organizational data practices; however, their lengthy and complex nature hinders user understanding and regulatory auditing, particularly in e-commerce. To address these challenges, we introduce the Data Protection Regulation analysis (GraphDPR) framework, which leverages graph-based semantic analysis for auditing privacy policies. GraphDPR employs transformer-based text processing, knowledge graph creation, and unsupervised topic modeling to generate structured representations of policy content. It converts privacy policies into entity–category–data point triples, normalizes them with Sentence-BERT embeddings, and enhances them into company-specific knowledge graphs using Neo4j. These graphs are then analyzed with Latent Dirichlet Allocation (LDA) to identify thematic patterns in the data collection. GraphDPR facilitates both static and comparative audits by aligning policy content with regulatory standards, yielding interpretable insights into compliance. Experimental results indicate that it provides better regulatory coverage and topic clarity than existing systems, like PolicyGPT and Poligraph. By integrating graph mining and semantic modeling, GraphDPR enhances automated privacy policy auditing and supports scalable compliance monitoring.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling

  • Himadri Chowdhury,
  • Md Istiak Morsalin,
  • Rafe Sumnan Azade,
  • Vijayalakshmi Ramasamy,
  • Gokila Dorai

摘要

Privacy policies play a crucial role in disclosing organizational data practices; however, their lengthy and complex nature hinders user understanding and regulatory auditing, particularly in e-commerce. To address these challenges, we introduce the Data Protection Regulation analysis (GraphDPR) framework, which leverages graph-based semantic analysis for auditing privacy policies. GraphDPR employs transformer-based text processing, knowledge graph creation, and unsupervised topic modeling to generate structured representations of policy content. It converts privacy policies into entity–category–data point triples, normalizes them with Sentence-BERT embeddings, and enhances them into company-specific knowledge graphs using Neo4j. These graphs are then analyzed with Latent Dirichlet Allocation (LDA) to identify thematic patterns in the data collection. GraphDPR facilitates both static and comparative audits by aligning policy content with regulatory standards, yielding interpretable insights into compliance. Experimental results indicate that it provides better regulatory coverage and topic clarity than existing systems, like PolicyGPT and Poligraph. By integrating graph mining and semantic modeling, GraphDPR enhances automated privacy policy auditing and supports scalable compliance monitoring.