An organization’s privacy policy states how it collects, stores, processes, and shares its users’ personal information. The growing number of data protection laws and regulations as well as the numerous sectors where the organizations are collecting user information, has led to the investigation of privacy policies with regards to their accessibility, readability, completeness, comparison with organization’s actual data practices, use of machine learning/natural language processing for automated analysis, and comprehension/perception/concerns of end-users via summarization/visualization tools and user studies. However, there is limited work on systematically reviewing the existing research on this topic. We address this gap by conducting a systematic review of the existing privacy policy literature. To this end, we compiled and analyzed 202 papers (published till 31 st December 2023) that investigated privacy policies. Our work advances the field of privacy policies by summarizing the analysis techniques that have been used to study them, the data protection laws/regulations explored, and the sectors to which these policies pertain. We provide actionable insights for organizations to achieve better end-user privacy.

中文翻译：

---

隐私政策文献的系统回顾


组织的隐私政策规定了其如何收集、存储、处理和共享其用户的个人信息。越来越多的数据保护法律法规以及组织收集用户信息的众多部门，导致对隐私政策的可访问性、可读性、完整性、与组织实际数据实践的比较、使用机器学习/自然语言处理，用于通过摘要/可视化工具和用户研究进行自动分析以及最终用户的理解/感知/关注。然而，系统回顾该主题现有研究的工作有限。我们通过对现有隐私政策文献进行系统审查来解决这一差距。为此，我们整理并分析了 202 篇调查隐私政策的论文（截至 2023 年 12 月 31 日）。我们的工作通过总结用于研究隐私政策的分析技术、探索的数据保护法律/法规以及这些政策所属的部门来推进隐私政策领域的发展。我们为组织提供可行的见解，以实现更好的最终用户隐私。