The Usable Privacy Policy Project

Towards Effective Web Privacy Notice and Choice

Natural language privacy policies have become the de facto standard to address expectations of “notice and choice” on the Web. However, users generally do not read these policies and those who do struggle to understand them. Initiatives, such as P3P and Do Not Track aimed to address this problem by developing machine-readable formats to convey a website's data practices. However, many website operators are reluctant to embrace such approaches.
In the Usable Privacy Policy Project, we build on recent advances in natural language processing (NLP), privacy preference modeling, crowdsourcing, and privacy interface design in order to develop a practical framework based on a website's existing natural language privacy policy that empowers users to more meaningfully control their privacy, without requiring additional cooperation from website operators.Learn More

Bank Privacy Website

We automatically collected and analyzed 6,324 standardized privacy notices from financial institutions. See how your bank stacks up.

Privacy Day 2015

International Data Privacy Day at CMU features many events, including a keynote by FTC Commissioner Julie Brill. View the videos.

FOPNAC workshop

We organized the Workshop on the Future of Privacy Notice and Choice at CMU in June 2014. View the videos.

ACL/COLING 2014 Dataset

We created a corpus of 1,010 privacy policies from the top websites ranked on Get the dataset.

This project is funded by the National Science Foundation under its Secure and Trustworthy Computing initiative (CNS-1330596).