A New AI Evaluates the GDPR Compliance of Top Tech Companies
Stipulations in the EU’s newly enforced General Data Protection Regulation (GDPR) require enterprises to install more stringent data protection and privacy solutions. The regulation was approved in April 2016 to give organizations enough time to upgrade their systems, but many are still caught up in improvements. In an effort to evaluate the progress of these GDPR preparations, the European Consumer Organisation (also called Bureau Européen des Unions de Consommateurs or BEUC) and researchers at the European University Institute introduced an artificial intelligence (AI) tool that has assessed the new privacy policies of 14 top tech companies. The initial results, which cover the policies of social media companies, gaming sites, travel sites and more, show that many are still struggling with GDPR compliance.
The cutting-edge AI tool is part of a research project hosted at the Law Department of the European University Institute. The project is headed by Giovanni Sartor and Hans-W. Micklitz; who are working with engineers from University of Bologna and University of Modena and Reggio Emilia. The “automated clause detector” tool, also called Claudette, is a web crawler that assesses the privacy policies of 14 different online services. Claudette scans and collects information, then compares the data against a predefined GDPR “gold standard” using supervised machine learning techniques.
The tool can recognize if certain clauses in the policies are lacking. It evaluates if the companies did not provide all the information required under the GDPR, if the processing of data is problematic, or if the policies use unclear language (which is against GDPR rules).
The GDPR report card
Still a work in progress
So far, as the research team has stated in a Q&A, Claudette has only been trained with a few data policies and is not ready to analyze policies by itself. For this particular study, the results of the automated scanning still had to be manually checked. But this experiment does show the range of possibilities for artificial intelligence tools and how they can be utilized in different fields. Further refinement of the tool could potentially help lighten the load of lawyers or administrators analyzing numerous privacy policies.
This experiment also shows how companies are progressing with their GDPR compliance. We see that some of the most popular multinational tech companies still need to improve their privacy policies and strengthen their data protection according to GDPR standards. Visit our GDPR resource page to learn more about GDPR compliance and how to strengthen security in accordance with its guidelines.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases