A systematic mapping study on automated analysis of privacy policies Articles uri icon

publication date

  • May 2022

start page

  • 2053

end page

  • 2076


  • 104

International Standard Serial Number (ISSN)

  • 0010-485X

Electronic International Standard Serial Number (EISSN)

  • 1436-5057


  • A privacy policy describes the operations an organization carries out on its users personal data and how it applies data protection principles. The automated analysis of privacy policies is a multidisciplinary research topic producing a growing but scattered body of knowledge. We address this gap by conducting a systematic mapping study which provides an overview of the field, identifies research opportunities, and suggests future research lines. Our study analyzed 39 papers from the 1097 publications found on the topic, to find what information can be automatically extracted from policies presented as textual documents, what this information is applied to, and what analysis techniques are being used. We observe that the techniques found can identify individual pieces of information from the policies with good results. However, further advances are needed to put them in context and provide valuable insight to end-users, organizations dealing with data protection laws and data protection authorities.


  • Computer Science


  • privacy policy; natural language processing; data protection; privacy