Thai Privacy Notice Analysis Based On Named-Entity Recognition Technique

Abstract

With the spread of global technology and the rising value of personal data, privacy has become a major problem. Many countries have enacted privacy laws to protect their citizens' privacy. Thailand has a similar law known as the Personal Data Protection Act (PDPA). According to the PDPA, the data controllers must provide data subjects with information about handling of personal data which is generally referred to as privacy notices. A privacy notice is typically a comprehensive document that uses formal language. As a result, many customers find it difficult to comprehend essential information in a short time. One of Natural Language Processing (NLP) methods, Named-Entity Recognition (NER), is a technique that can be used to capture the main contents of a document. The feasibility of NLP techniques for extracting significant privacy practices regarding the PDPA requirements for Thai privacy notices, however, has not yet been explored. Therefore, this study explores this feasibility and proposes a dataset of Thai privacy notices and a privacy annotation scheme based on PDPA requirements. The effectiveness of NLP approaches in extracting Thai privacy practice information is also evaluated in this study. The privacy notices comprehension has been formulated into the problem of Thai privacy information extraction, Thai privacy NER. The results show that the pre-trained transformer model outperforms the traditional method, and the increasing training dataset can affect higher performance value.