Mind the Gap - Uncovering Privacy Policy Drift and Misalignment in IoT, Web, and Mobile Applications for Children and Health
Faculty Mentor Name
Catalina Aranzazu-Suescun, Preethi Santhanam
Format Preference
Poster
Abstract
The rapid growth of mobile and web applications has significantly transformed the way individuals interact with technology, offering different levels of convenience, on-demand access to a wide range of services, and highly personalized user experiences. However, this growth has also brought challenges, particularly in the areas of data security and user privacy. These concerns are especially critical when applications handle sensitive and personal user data, including health information and data related to children. In response, this project focuses on identifying whether mobile, web applications, IoT toys that target children and health data adequately address regulatory requirements such as the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA).
To achieve this, we use advanced machine learning techniques, specifically transformer-based natural language processing (NLP). The models are fine-tuned to classify privacy policy statements at the sentence level, enabling detection of compliance with COPPA and HIPAA requirements. Beyond static evaluation, the project introduces a longitudinal perspective by analyzing policy drift, how policies evolve, and whether revisions strengthen or weaken compliance.
To validate these results, we complement text analysis with network traffic monitoring of applications, comparing stated commitments with observed network behaviors. Ultimately, we hope our work supports a more trustworthy application ecosystem.
Mind the Gap - Uncovering Privacy Policy Drift and Misalignment in IoT, Web, and Mobile Applications for Children and Health
The rapid growth of mobile and web applications has significantly transformed the way individuals interact with technology, offering different levels of convenience, on-demand access to a wide range of services, and highly personalized user experiences. However, this growth has also brought challenges, particularly in the areas of data security and user privacy. These concerns are especially critical when applications handle sensitive and personal user data, including health information and data related to children. In response, this project focuses on identifying whether mobile, web applications, IoT toys that target children and health data adequately address regulatory requirements such as the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA).
To achieve this, we use advanced machine learning techniques, specifically transformer-based natural language processing (NLP). The models are fine-tuned to classify privacy policy statements at the sentence level, enabling detection of compliance with COPPA and HIPAA requirements. Beyond static evaluation, the project introduces a longitudinal perspective by analyzing policy drift, how policies evolve, and whether revisions strengthen or weaken compliance.
To validate these results, we complement text analysis with network traffic monitoring of applications, comparing stated commitments with observed network behaviors. Ultimately, we hope our work supports a more trustworthy application ecosystem.