-
Notifications
You must be signed in to change notification settings - Fork 1
/
prompts.py
1247 lines (886 loc) · 167 KB
/
prompts.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
def get_context(prompt_id):
if prompt_id == 1:
return [{"role": "system", "content": PROMPT_1}]
elif prompt_id == "I":
return [{"role": "system", "content": PROMPT_I}]
elif prompt_id == "II":
return [{"role": "system", "content": PROMPT_II}]
elif prompt_id == "III":
return [{"role": "system", "content": PROMPT_III}]
elif prompt_id == "Ia":
return [{"role": "system", "content": PROMPT_Ia}]
elif prompt_id == "IIa":
return [{"role": "system", "content": PROMPT_IIa}]
elif prompt_id == "IIIa":
return [{"role": "system", "content": PROMPT_IIIa}]
elif prompt_id == "IV":
return [{"role": "system", "content": PROMPT_IV}]
elif prompt_id == "IVa":
return [{"role": "system", "content": PROMPT_IVa}]
elif prompt_id == "Va":
return [{"role": "system", "content": PROMPT_Va}]
elif prompt_id == "VIa":
return [{"role": "system", "content": PROMPT_VIa}]
elif prompt_id == "VIIa":
return [{"role": "system", "content": PROMPT_VIIa}]
elif prompt_id == "VIIIa":
return [{"role": "system", "content": PROMPT_VIIIa}]
elif prompt_id == "IXa":
return [{"role": "system", "content": PROMPT_IXa}]
elif prompt_id == "Xa":
return [{"role": "system", "content": PROMPT_Xa}]
elif prompt_id == "XIa":
return [{"role": "system", "content": PROMPT_XIa}]
elif prompt_id == "XIIa":
return [{"role": "system", "content": PROMPT_XIIa}]
elif prompt_id == "XIIIa":
return [{"role": "system", "content": PROMPT_XIIIa}]
elif prompt_id == "COT1":
return [{"role": "system", "content": PROMPT_COT1}]
elif prompt_id == "COT2":
return [{"role": "system", "content": PROMPT_COT2}]
else:
raise NotImplementedError()
PROMPT_1 = """
Hi, can we do an exercise related to data privacy? Many websites have the "privacy policy", and a paper proposed that there are 10 categories of data practice in such privacy contents:
1. First Party Collection/Use: how and why a
service provider collects user information.
2. Third Party Sharing/Collection: how user information may be shared with or collected by
third parties.
3. User Choice/Control: choices and control
options available to users.
4. User Access, Edit, & Deletion: if and how
users may access, edit, or delete their information.
5. Data Retention: how long user information is
stored.
6. Data Security: how user information is protected.
7. Policy Change: if and how users will be informed about changes to the privacy policy.
8. Do Not Track: if and how Do Not Track signals3
for online tracking and advertising are
honored.
9. International & Specific Audiences: practices
that pertain only to a specific group of users
(e.g., children, Europeans, or California residents).
10. Other: additional sub-labels for introductory or general text, contact information, and
practices not covered by the other categories.
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Pleasy only respond with the category.
"""
# Prompt I: Data category title
PROMPT_I = """
Websites and digital products have privacy policies. Each sentence in these privacy policies can be annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use.
2. Third Party Sharing/Collection.
3. User Choice/Control.
4. User Access, Edit, and Deletion.
5. Data Retention.
6. Data Security.
7. Policy Change.
8. Do Not Track.
9. International and Specific Audiences.
10. Other.
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
# Data category title with OPP-115 description
PROMPT_II = """
Websites and digital products have privacy policies. Each sentence in these privacy policies can be annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use: how and why a service provider collects user information.
2. Third Party Sharing/Collection: how user information may be shared with or collected by
third parties.
3. User Choice/Control: choices and control options available to users.
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information.
5. Data Retention: how long user information is stored.
6. Data Security: how user information is protected.
7. Policy Change: if and how users will be informed about changes to the privacy policy.
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are
honored.
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents).
10. Other: additional sub-labels for introductory or general text, contact information, and
practices not covered by the other categories.
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
# Data category title with extended description
PROMPT_III = """
Websites and digital products have privacy policies. A data practice means how the data is used and processed by an organization. A sentence (policy segment) in a privacy policy can be annotated with one of the following nine data practice categories:
Category 1. First Party Collection/Use: This category is about how and why a service provider collects user information. In first party collection, the service provider that owns or operates the website/platform/service directly collects data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to a customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc. The following three policy segments are example segments classified as First Party Collection/Use.
Category 2. Third Party Sharing/Collection: This category is about how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc. The following five policy segments are example segments classified as Third Party Sharing/Collection.
Category 3. User Choice/Control: This category is about choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc. The following three policy segments are example segments classified as User Choice/Control.
Category 4. User Access, Edit, and Deletion: This category is about if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc. The following three policy segments are example segments classified as User Access, Edit, and deletion.
Category 5. Data Retention: This category is about how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc. The following three policy segments are example segments classified as Data Retention.
Category 6. Data Security: This category is about how user information is protected. In particular, it means the security measures that ensure security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc. The following three policy segments are example segments classified as Data Security.
Category 7. Policy Change: This category is about if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc. The following three policy segments are example segments classified as Policy Change.
Category 8. Do Not Track: This category is about if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc. The following three policy segments are example segments classified as DO Not Track.
Category 9. International and Specific Audiences: This category is about practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). It outlines specific provisions that apply exclusively to certain categories of users, such as children, residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc. The following three policy segments are example segments classified as International and Specific Audiences.
I have a specific task for you: I will give you a sentence from a privacy policy, and you will classify the sentence with one of these nine data practice categories. Please respond only with one of the nine categories for each sentence.
"""
# Prompt I: Data category title without Other category
PROMPT_Ia = """
Websites and digital products have privacy policies. Each sentence in these privacy policies can be annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use.
2. Third Party Sharing/Collection.
3. User Choice/Control.
4. User Access, Edit, and Deletion.
5. Data Retention.
6. Data Security.
7. Policy Change.
8. Do Not Track.
9. International and Specific Audiences.
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
# Data category title with OPP-115 description without Other category
PROMPT_IIa = """
Websites and digital products have privacy policies. Each sentence in these privacy policies can be annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use: how and why a service provider collects user information.
2. Third Party Sharing/Collection: how user information may be shared with or collected by
third parties.
3. User Choice/Control: choices and control options available to users.
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information.
5. Data Retention: how long user information is stored.
6. Data Security: how user information is protected.
7. Policy Change: if and how users will be informed about changes to the privacy policy.
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are
honored.
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents).
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
# Data category title with extended description without Other category
PROMPT_IIIa = """
Websites and digital products have privacy policies. Each sentence in these privacy policies can be annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals.
2. Third Party Sharing/Collection: how user information may be shared with or collected by
third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, analytic companies, or partner services that have their own data collection and privacy practices.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data.
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information.
5. Data Retention: how long user information is stored. All data should have retention period associated with it, retention period means maximum period the data will be stored.
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers.
7. Policy Change: if and how users will be informed about changes to the privacy policy.
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are
honored.
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents).
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
# Data category title with extended description and examples
PROMPT_IV = """
Websites and digital products have privacy policies. I will give you a dataset of privacy policies, where privacy policies are divided into paragraph length segments and each segment is annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals. For instance, when a customer engages with the services of Amazon.com, Amazon collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When Amazon makes a product recommendation to customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first-party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc.
2. Third Party Sharing/Collection: how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc.
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc.
5. Data Retention: how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc.
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc.
7. Policy Change: if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc.
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc.
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). This category outlines specific provisions that apply exclusively to certain categories of users, such as children, or residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc.
10. Other: additional sub-labels for introductory or general text, contact information, and practices not covered by the other categories.
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
# Data category title with extended description and examples without Other category
PROMPT_IVa = """
Websites and digital products have privacy policies. I will give you a dataset of privacy policies, where privacy policies are divided into paragraph length segments and each segment is annotated with one or more data practice. A data practice means how the data is used and processed by an organization. In current context, a data practice belongs to one of the following data practice categories.
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals. For instance, when a customer engages with the services of Amazon.com, Amazon collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When Amazon makes a product recommendation to customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first-party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc.
2. Third Party Sharing/Collection: how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc.
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc.
5. Data Retention: how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc.
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc.
7. Policy Change: if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc.
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc.
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). This category outlines specific provisions that apply exclusively to certain categories of users, such as children, or residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc.
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
PROMPT_Va = """
Websites and digital products have privacy policies. A data practice means how the data is used and processed by an organization. A sentence (policy segment) in a privacy policy can be annotated with one of the following nine data practice categories:
Category 1. First Party Collection/Use: This category is about how and why a service provider collects user information. In first party collection, the service provider that owns or operates the website/platform/service directly collects data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to a customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc. The following three policy segments are example segments classified as First Party Collection/Use.
Example Policy Segment 1: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
Example Policy Segment 2: “In order to provide personalized services, we process information including your usage data and preferences.”
Classification: First Party Collection/Use
Example Policy Segment 3: “We may also collect sensitive personal information such as information about your racial or ethnic origin, health, precise geolocation, social security number.”
Classification: First Party Collection/Use
Category 2. Third Party Sharing/Collection: This category is about how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc. The following five policy segments are example segments classified as Third Party Sharing/Collection.
Example Policy Segment 1: “Our website uses third-party analytics services to help understand your usage of our services.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 2: “We collect personal Information from third parties whose services you use to access, pay for, or interact with our service.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 3: “We may collect personal information about you from other sources or service providers vendors, agents, and contractors that collect or provide personal information to us in connection with services they perform on our behalf.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 4: “Cookies from third-party advertisers are used on our platform to deliver targeted advertisements based on your browsing history.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 5: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
Category 3. User Choice/Control: This category is about choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc. The following three policy segments are example segments classified as User Choice/Control.
Example Policy Segment 1: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User Choice/Control
Example Policy Segment 2: “If you wish to withdraw your consent at any time for any data processing we perform, you can do so through our user settings page under privacy control.”
Classification: User Choice/Control
Example Policy Segment 3: “You may choose to opt out of receiving behavioral advertisements, you will still see Advertisements, but they will not be behavioral advertisements.”
Classification: User Choice/Control
Category 4. User Access, Edit, and Deletion: This category is about if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc. The following three policy segments are example segments classified as User Access, Edit, and deletion.
Example Policy Segment 1: “You can request a copy of your personal information or download your data directly from your account settings.”
Classification: User Access, Edit, and Deletion
Example Policy Segment 2: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User Access, Edit, and Deletion
Example Policy Segment 3: “You can delete your personal information that we have collected from or about you.”
Classification: User Access, Edit, and Deletion
Category 5. Data Retention: This category is about how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc. The following three policy segments are example segments classified as Data Retention.
Example Policy Segment 1: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: Data Retention
Example Policy Segment 2: “Storage of personal information is based on many factors such as the nature of the personal information, and the need to defend or resolve current or anticipated legal claims.”
Classification: Data Retention
Example Policy Segment 3: “We keep your personal information, including sensitive personal information, as long as we need it to provide our products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”
Classification: Data Retention
Category 6. Data Security: This category is about how user information is protected. In particular, it means the security measures that ensure security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc. The following three policy segments are example segments classified as Data Security.
Example Policy Segment 1: “We will share your personal information if the disclosure of information is reasonably necessary to Detect, prevent, or otherwise address fraud, security, or technical issues.”
Classification: Data Security
Example Policy Segment 2: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data Security
Example Policy Segment 3: “We follow appropriate technical and organizational measures to safeguard personal information, including regular security reviews and updates to our data breach procedures.”
Classification: Data Security
Category 7. Policy Change: This category is about if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc. The following three policy segments are example segments classified as Policy Change.
Example Policy Segment 1: “We use your information, like your email address, to notify you about upcoming changes to your subscription.”
Classification: Policy Change
Example Policy Segment 2: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
Example Policy Segment 3: “In the event of significant changes in privacy policy, we will provide a more prominent notice via email notification.”
Classification: Policy Change
Category 8. Do Not Track: This category is about if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc. The following three policy segments are example segments classified as DO Not Track.
Example Policy Segment 1: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
Example Policy Segment 2: “We do not currently respond to web browser “do not track" signals.”
Classification: Do Not Track
Example Policy Segment 3: “You have right to opt-out of Targeted Advertising or location tracking.”
Classification: Do Not Track
Category 9. International and Specific Audiences: This category is about practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). It outlines specific provisions that apply exclusively to certain categories of users, such as children, residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc. The following three policy segments are example segments classified as International and Specific Audiences.
Example Policy Segment 1: “Our services comply with the Data Protection Directive (also know as Directive 95/46/EC) to protect the privacy of our European users.”
Classification: International and Specific Audiences
Example Policy Segment 2: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
Example Policy Segment 3: “We may collect sensitive or personal information, as defined in U.S. Privacy Laws.”
Classification: International and Specific Audiences
I have a specific task for you: I will give you a sentence from a privacy policy, and you will classify the sentence with one of these nine data practice categories. Please respond only with one of the nine categories for each sentence.
"""
PROMPT_VIa = """
1. First Party Collection/Use.
Policy segment: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
Policy segment: “In order to provide personalized services, we process information including your usage data and preferences.”
Classification: First Party Collection/Use
Policy segment: “We may also collect sensitive personal information such as information about your racial or ethnic origin, health, precise geolocation, social security number. ”
Classification: First Party Collection/Use
2. Third Party Sharing/Collection.
Policy segment: “Our website uses third-party analytics services to help understand your usage of our services.”
Classification: Third Party Sharing/Collection.
Policy segment: “We collect personal Information from third parties whose services you use to access, pay for, or interact with our service.”
Classification: Third Party Sharing/Collection.
Policy segment: “We may collect personal information about you from other sources or service providers vendors, agents, and contractors that collect or provide personal information to us in connection with services they perform on our behalf.”
Classification: Third Party Sharing/Collection.
Policy segment: “Cookies from third-party advertisers are used on our platform to deliver targeted advertisements based on your browsing history.”
Classification: Third Party Sharing/Collection.
Policy segment: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
3. User Choice/Control.
Policy segment: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User choice/control
Policy segment: “If you wish to withdraw your consent at any time for any data processing we perform, you can do so through our user settings page under ´privacy control´.”
Classification: User choice/control
Policy segment: “You may choose to opt out of receiving behavioral advertisements, you will still see Advertisements, but they will not be behavioral advertisements.”
Classification: User choice/control
4. User Access, Edit, and Deletion.
Policy segment: “You can request a copy of your personal information or download your data directly from your account settings.”
Classification: User access, edit, and deletion
Policy segment: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User access, edit, and deletion
Policy segment: “You can delete your personal information that we have collected from or about you.”
Classification: User access, edit, and deletion
5. Data Retention.
Policy segment: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: data retention
Policy segment: “Storage of personal information is based on many factors such as the nature of the personal information, and the need to defend or resolve current or anticipated legal claims.”
Classification: data retention
Policy segment: “We keep your personal information, including sensitive personal information, as long as we need it to provide our products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”
Classification: data retention
6. Data Security.
Policy segment: “We will share your personal information if the disclosure of information is reasonably necessary to Detect, prevent, or otherwise address fraud, security, or technical issues.”
Classification: Data security
Policy segment: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data security
Policy segment: “We follow appropriate technical and organizational measures to safeguard personal information, including regular security reviews and updates to our data breach procedures.”
Classification: Data security
7. Policy Change.
Policy segment: “We use your information, like your email address, to notify you about upcoming changes to your subscription.”
Classification: Policy Change
Policy segment: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
Policy segment: “In the event of significant changes in privacy policy, we will provide a more prominent notice via email notification.”
Classification: Policy Change
8. Do Not Track.
Policy segment: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
Policy segment: “We do not currently respond to web browser “do not track" signals.”
Classification: Do Not Track
Policy segment: “You have right to opt-out of Targeted Advertising or location tracking.”
Classification: Do Not Track
9. International and Specific Audiences.
Policy segment: “Our services comply with the Data Protection Directive (also know as Directive 95/46/EC) to protect the privacy of our European users.”
Classification: International and Specific Audiences
Policy segment: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
Policy segment: “We may collect sensitive or personal information, as defined in U.S. Privacy Laws.”
Classification: International and Specific Audiences
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
PROMPT_VIIa = """
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first-party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc.
Policy segment: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
Policy segment: “In order to provide personalized services, we process information including your usage data and preferences.”
Classification: First Party Collection/Use
Policy segment: “We may also collect sensitive personal information such as information about your racial or ethnic origin, health, precise geolocation, social security number. ”
Classification: First Party Collection/Use
2. Third Party Sharing/Collection: how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc.
Policy segment: “Our website uses third-party analytics services to help understand your usage of our services.”
Classification: Third Party Sharing/Collection.
Policy segment: “We collect personal Information from third parties whose services you use to access, pay for, or interact with our service.”
Classification: Third Party Sharing/Collection.
Policy segment: “We may collect personal information about you from other sources or service providers vendors, agents, and contractors that collect or provide personal information to us in connection with services they perform on our behalf.”
Classification: Third Party Sharing/Collection.
Policy segment: “Cookies from third-party advertisers are used on our platform to deliver targeted advertisements based on your browsing history.”
Classification: Third Party Sharing/Collection.
Policy segment: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc.
Policy segment: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User choice/control
Policy segment: “If you wish to withdraw your consent at any time for any data processing we perform, you can do so through our user settings page under ´privacy control´.”
Classification: User choice/control
Policy segment: “You may choose to opt out of receiving behavioral advertisements, you will still see Advertisements, but they will not be behavioral advertisements.”
Classification: User choice/control
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc.
Policy segment: “You can request a copy of your personal information or download your data directly from your account settings.”
Classification: User access, edit, and deletion
Policy segment: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User access, edit, and deletion
Policy segment: “You can delete your personal information that we have collected from or about you.”
Classification: User access, edit, and deletion
5. Data Retention: how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc.
Policy segment: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: data retention
Policy segment: “Storage of personal information is based on many factors such as the nature of the personal information, and the need to defend or resolve current or anticipated legal claims.”
Classification: data retention
Policy segment: “We keep your personal information, including sensitive personal information, as long as we need it to provide our products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”
Classification: data retention
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc.
Policy segment: “We will share your personal information if the disclosure of information is reasonably necessary to Detect, prevent, or otherwise address fraud, security, or technical issues.”
Classification: Data security
Policy segment: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data security
Policy segment: “We follow appropriate technical and organizational measures to safeguard personal information, including regular security reviews and updates to our data breach procedures.”
Classification: Data security
7. Policy Change: if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc.
Policy segment: “We use your information, like your email address, to notify you about upcoming changes to your subscription.”
Classification: Policy Change
Policy segment: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
Policy segment: “In the event of significant changes in privacy policy, we will provide a more prominent notice via email notification.”
Classification: Policy Change
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc.
Policy segment: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
Policy segment: “We do not currently respond to web browser “do not track" signals.”
Classification: Do Not Track
Policy segment: “You have right to opt-out of Targeted Advertising or location tracking.”
Classification: Do Not Track
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). This category outlines specific provisions that apply exclusively to certain categories of users, such as children, or residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc.
Policy segment: “Our services comply with the Data Protection Directive (also know as Directive 95/46/EC) to protect the privacy of our European users.”
Classification: International and Specific Audiences
Policy segment: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
Policy segment: “We may collect sensitive or personal information, as defined in U.S. Privacy Laws.”
Classification: International and Specific Audiences
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
PROMPT_VIIIa = """
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first-party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc.
Policy segment: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
Policy segment: “In order to provide personalized services, we process information including your usage data and preferences.”
Classification: First Party Collection/Use
Policy segment: “We may also collect sensitive personal information such as information about your racial or ethnic origin, health, precise geolocation, social security number. ”
Classification: First Party Collection/Use
2. Third Party Sharing/Collection: how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc.
Policy segment: “Our website uses third-party analytics services to help understand your usage of our services.”
Classification: Third Party Sharing/Collection.
Policy segment: “We collect personal Information from third parties whose services you use to access, pay for, or interact with our service.”
Classification: Third Party Sharing/Collection.
Policy segment: “We may collect personal information about you from other sources or service providers vendors, agents, and contractors that collect or provide personal information to us in connection with services they perform on our behalf.”
Classification: Third Party Sharing/Collection.
Policy segment: “Cookies from third-party advertisers are used on our platform to deliver targeted advertisements based on your browsing history.”
Classification: Third Party Sharing/Collection.
Policy segment: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc.
Policy segment: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User choice/control
Policy segment: “If you wish to withdraw your consent at any time for any data processing we perform, you can do so through our user settings page under ´privacy control´.”
Classification: User choice/control
Policy segment: “You may choose to opt out of receiving behavioral advertisements, you will still see Advertisements, but they will not be behavioral advertisements.”
Classification: User choice/control
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc.
Policy segment: “You can request a copy of your personal information or download your data directly from your account settings.”
Classification: User access, edit, and deletion
Policy segment: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User access, edit, and deletion
Policy segment: “You can delete your personal information that we have collected from or about you.”
Classification: User access, edit, and deletion
5. Data Retention: that user information is stored. Data retention relates to storing personal data over time. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc.
Policy segment: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: data retention
Policy segment: “Storage of personal information is based on many factors such as the nature of the personal information, and the need to defend or resolve current or anticipated legal claims.”
Classification: data retention
Policy segment: “We keep your personal information, including sensitive personal information, to improve our products, comply with legal obligations or protect our or other’s interests.”
Classification: data retention
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc.
Policy segment: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data security
Policy segment: “We follow appropriate technical and organizational measures to safeguard personal information, including regular security reviews and updates to our data breach procedures.”
Classification: Data security
7. Policy Change: if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc.
Policy segment: “We use your information, like your email address, to notify you about upcoming changes to your subscription.”
Classification: Policy Change
Policy segment: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
Policy segment: “In the event of significant changes in privacy policy, we will provide a more prominent notice via email notification.”
Classification: Policy Change
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc.
Policy segment: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
Policy segment: “We do not currently respond to web browser “do not track" signals.”
Classification: Do Not Track
Policy segment: “You have right to opt-out of Targeted Advertising or location tracking.”
Classification: Do Not Track
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). This category outlines specific provisions that apply exclusively to certain categories of users, such as children, or residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc.
Policy segment: “Our services comply with the Data Protection Directive (also know as Directive 95/46/EC) to protect the privacy of our European users.”
Classification: International and Specific Audiences
Policy segment: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
Policy segment: “We may collect sensitive or personal information, as defined in U.S. Privacy Laws.”
Classification: International and Specific Audiences
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
PROMPT_IXa = """
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first-party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc.
Policy segment: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
Policy segment: “In order to provide personalized services, we process information including your usage data and preferences.”
Classification: First Party Collection/Use
Policy segment: “We may also collect sensitive personal information such as information about your racial or ethnic origin, health, precise geolocation, social security number. ”
Classification: First Party Collection/Use
2. Third Party Sharing/Collection: how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc.
Policy segment: “We may collect personal information about you from other sources or service providers vendors, agents, and contractors that collect or provide personal information to us in connection with services they perform on our behalf.”
Classification: Third Party Sharing/Collection.
Policy segment: “Cookies from third-party advertisers are used on our platform to deliver targeted advertisements based on your browsing history.”
Classification: Third Party Sharing/Collection.
Policy segment: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc.
Policy segment: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User choice/control
Policy segment: “If you wish to withdraw your consent at any time for any data processing we perform, you can do so through our user settings page under ´privacy control´.”
Classification: User choice/control
Policy segment: “You may choose to opt out of receiving behavioral advertisements, you will still see Advertisements, but they will not be behavioral advertisements.”
Classification: User choice/control
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc.
Policy segment: “You can request a copy of your personal information or download your data directly from your account settings.”
Classification: User access, edit, and deletion
Policy segment: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User access, edit, and deletion
Policy segment: “You can delete your personal information that we have collected from or about you.”
Classification: User access, edit, and deletion
5. Data Retention: how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc.
Policy segment: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: data retention
Policy segment: “Storage of personal information is based on many factors such as the nature of the personal information, and the need to defend or resolve current or anticipated legal claims.”
Classification: data retention
Policy segment: “We keep your personal information, including sensitive personal information, to improve our products, comply with legal obligations or protect our or other’s interests.”
Classification: data retention
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc.
Policy segment: “Protecting the privacy and security of your information is our priority.”
Classification: Data security
Policy segment: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data security
Policy segment: “We follow appropriate technical and organizational measures to safeguard personal information, including regular security reviews and updates to our data breach procedures.”
Classification: Data security
7. Policy Change: if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc.
Policy segment: “We use your information, like your email address, to notify you about upcoming changes to your subscription.”
Classification: Policy Change
Policy segment: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
Policy segment: “In the event of significant changes in privacy policy, we will provide a more prominent notice via email notification.”
Classification: Policy Change
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc.
Policy segment: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
Policy segment: “We do not currently respond to web browser “do not track" signals.”
Classification: Do Not Track
Policy segment: “You have right to opt-out of Targeted Advertising or location tracking.”
Classification: Do Not Track
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). This category outlines specific provisions that apply exclusively to certain categories of users, such as children, or residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc.
Policy segment: “Our services comply with the Data Protection Directive (also know as Directive 95/46/EC) to protect the privacy of our European users.”
Classification: International and Specific Audiences
Policy segment: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
Policy segment: “We may collect sensitive or personal information, as defined in U.S. Privacy Laws.”
Classification: International and Specific Audiences
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
PROMPT_Xa = """
Websites and digital products have privacy policies. A data practice means how the data is used and processed by an organization. A sentence (policy segment) in a privacy policy can be annotated with one of the following nine data practice categories:
1. First Party Collection/Use: how and why a service provider collects user information. In first party collection the service provider that owns or operates the website/platform/service directly collect data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first-party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc.
Policy segment: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
2. Third Party Sharing/Collection: how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc.
Policy segment: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
3. User Choice/Control: choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc.
Policy segment: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User choice/control
4. User Access, Edit, and Deletion: if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc.
Policy segment: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User access, edit, and deletion
5. Data Retention: how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc.
Policy segment: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: data retention
6. Data Security: how user information is protected. In particular, it means the security measures that ensures security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc.
Policy segment: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data security
7. Policy Change: if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc.
Policy segment: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
8. Do Not Track: if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc.
Policy segment: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
9. International and Specific Audiences: practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). This category outlines specific provisions that apply exclusively to certain categories of users, such as children, or residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc.
Policy segment: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
I have a specific task for you: The user will give you a sentence from some privacy contents, and you tell them which category of practices this sentence may contain. Please only respond with the category.
"""
PROMPT_XIa = """
Websites and digital products have privacy policies. A data practice means how the data is used and processed by an organization. A sentence (policy segment) in a privacy policy can be annotated with one of the following nine data practice categories:
Category 1. First Party Collection/Use: This category is about how and why a service provider collects user information. In first party collection, the service provider that owns or operates the website/platform/service directly collects data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to a customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc. The following three policy segments are example segments classified as First Party Collection/Use.
Example Policy Segment 1: “We collect the following categories of personal information about you: name, email address, profile information, payment details and device IDs.”
Classification: First Party Collection/Use
Example Policy Segment 2: “In order to provide personalized services, we process information including your usage data and preferences.”
Classification: First Party Collection/Use
Example Policy Segment 3: “We may also collect sensitive personal information such as information about your racial or ethnic origin, health, precise geolocation, social security number.”
Classification: First Party Collection/Use
Category 2. Third Party Sharing/Collection: This category is about how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc. The following five policy segments are example segments classified as Third Party Sharing/Collection.
Example Policy Segment 1: “Our website uses third-party analytics services to help understand your usage of our services.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 2: “We collect personal Information from third parties whose services you use to access, pay for, or interact with our service.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 3: “We may collect personal information about you from other sources or service providers vendors, agents, and contractors that collect or provide personal information to us in connection with services they perform on our behalf.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 4: “Cookies from third-party advertisers are used on our platform to deliver targeted advertisements based on your browsing history.”
Classification: Third Party Sharing/Collection.
Example Policy Segment 5: “Data we share with external partners includes your user profile and preferences to enhance your experience across partnered services.”
Classification: Third Party Sharing/Collection.
Category 3. User Choice/Control: This category is about choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc. The following three policy segments are example segments classified as User Choice/Control.
Example Policy Segment 1: “You can control what information we use to show you advertisements by visiting your advertisement settings.”
Classification: User Choice/Control
Example Policy Segment 2: “If you wish to withdraw your consent at any time for any data processing we perform, you can do so through our user settings page under privacy control.”
Classification: User Choice/Control
Example Policy Segment 3: “You may choose to opt out of receiving behavioral advertisements, you will still see Advertisements, but they will not be behavioral advertisements.”
Classification: User Choice/Control
Category 4. User Access, Edit, and Deletion: This category is about if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc. The following three policy segments are example segments classified as User Access, Edit, and deletion.
Example Policy Segment 1: “You can request a copy of your personal information or download your data directly from your account settings.”
Classification: User Access, Edit, and Deletion
Example Policy Segment 2: “If you need to edit your information, you can do so by logging into your profile. For any modifications that are not available online, you may submit a request to our support team.”
Classification: User Access, Edit, and Deletion
Example Policy Segment 3: “You can delete your personal information that we have collected from or about you.”
Classification: User Access, Edit, and Deletion
Category 5. Data Retention: This category is about how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc. The following three policy segments are example segments classified as Data Retention.
Example Policy Segment 1: “We retain personal information for as long as necessary to provide our service; to administer and operate our business; to research, analyze, and improve our services; to operate our ad supported subscription plan; for safety, security, and fraud prevention; and/or to enforce our Terms of Use.”
Classification: Data Retention
Example Policy Segment 2: “Storage of personal information is based on many factors such as the nature of the personal information, and the need to defend or resolve current or anticipated legal claims.”
Classification: Data Retention
Example Policy Segment 3: “We keep your personal information, including sensitive personal information, as long as we need it to provide our products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”
Classification: Data Retention
Category 6. Data Security: This category is about how user information is protected. In particular, it means the security measures that ensure security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc. The following three policy segments are example segments classified as Data Security.
Example Policy Segment 1: “We will share your personal information if the disclosure of information is reasonably necessary to Detect, prevent, or otherwise address fraud, security, or technical issues.”
Classification: Data Security
Example Policy Segment 2: “For safety, security, and fraud prevention we process personal information such as personal details, payment details, profile information, usage information, advertising information.”
Classification: Data Security
Example Policy Segment 3: “We follow appropriate technical and organizational measures to safeguard personal information, including regular security reviews and updates to our data breach procedures.”
Classification: Data Security
Category 7. Policy Change: This category is about if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc. The following three policy segments are example segments classified as Policy Change.
Example Policy Segment 1: “We use your information, like your email address, to notify you about upcoming changes to your subscription.”
Classification: Policy Change
Example Policy Segment 2: “This privacy policy is subject to change from time to time. We will post revisions on our site and provide a policy update alert in our user interface.”
Classification: Policy Change
Example Policy Segment 3: “In the event of significant changes in privacy policy, we will provide a more prominent notice via email notification.”
Classification: Policy Change
Category 8. Do Not Track: This category is about if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc. The following three policy segments are example segments classified as DO Not Track.
Example Policy Segment 1: “Our website respects 'Do Not Track' signals and does not track users who have set their browsers to decline tracking cookies.”
Classification: Do Not Track
Example Policy Segment 2: “We do not currently respond to web browser “do not track" signals.”
Classification: Do Not Track
Example Policy Segment 3: “You have right to opt-out of Targeted Advertising or location tracking.”
Classification: Do Not Track
Category 9. International and Specific Audiences: This category is about practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). It outlines specific provisions that apply exclusively to certain categories of users, such as children, residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc. The following three policy segments are example segments classified as International and Specific Audiences.
Example Policy Segment 1: “Our services comply with the Data Protection Directive (also know as Directive 95/46/EC) to protect the privacy of our European users.”
Classification: International and Specific Audiences
Example Policy Segment 2: “Parental consent is required before creating a kids profile on our platform, adhering to the Children's Online Privacy Protection Act (COPPA).”
Classification: International and Specific Audiences
Example Policy Segment 3: “We may collect sensitive or personal information, as defined in U.S. Privacy Laws.”
Classification: International and Specific Audiences
I have a specific task for you: I will give you a sentence from a privacy policy, and you will classify the sentence with one of these nine data practice categories. Please only respond with one of the nine categories for each sentence.
"""
PROMPT_XIIa = """
Websites and digital products have privacy policies. A data practice means how the data is used and processed by an organization. A sentence (policy segment) in a privacy policy can be annotated with one of the following nine data practice categories:
Category 1. First Party Collection/Use: This category is about how and why a service provider collects user information. In first party collection, the service provider that owns or operates the website/platform/service directly collects data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to a customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc. The following three policy segments are example segments classified as First Party Collection/Use.
Category 2. Third Party Sharing/Collection: This category is about how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc. The following five policy segments are example segments classified as Third Party Sharing/Collection.
Category 3. User Choice/Control: This category is about choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc. The following three policy segments are example segments classified as User Choice/Control.
Category 4. User Access, Edit, and Deletion: This category is about if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc. The following three policy segments are example segments classified as User Access, Edit, and deletion.
Category 5. Data Retention: This category is about how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc. The following three policy segments are example segments classified as Data Retention.
Category 6. Data Security: This category is about how user information is protected. In particular, it means the security measures that ensure security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc. The following three policy segments are example segments classified as Data Security.
Category 7. Policy Change: This category is about if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc. The following three policy segments are example segments classified as Policy Change.
Category 8. Do Not Track: This category is about if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc. The following three policy segments are example segments classified as DO Not Track.
Category 9. International and Specific Audiences: This category is about practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). It outlines specific provisions that apply exclusively to certain categories of users, such as children, residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc. The following three policy segments are example segments classified as International and Specific Audiences.
Task:
I will give you a sentence from a privacy policy, and you will classify the sentence into one of these nine data practice categories. Please only respond with one of the nine categories for each sentence. Please follow these steps:
Read the sentence carefully.
• Identify keywords and phrases that indicate a specific data practice.
• Match these indicators with the descriptions of the nine categories.
• Determine the most appropriate category for the sentence.
Let's work through a few examples to demonstrate this process:
Example Sentence 1: “We collect the following categories of personal information about you: name, email address, profile information, payment details, and device IDs.”
• Step 1: Read the sentence carefully.
• Step 2: Identify keywords such as "We collect," "personal information," and specific data types listed.
• Step 3: Match these indicators with the descriptions of the nine categories.
• Step 4: Determine that this sentence fits the First Party Collection/Use category.
Example Sentence 2: “Our website uses third-party analytics services to help understand your usage of our services.”
• Step 1: Read the sentence carefully.
• Step 2: Identify keywords such as "third-party analytics services."
• Step 3: Match these indicators with the descriptions of the nine categories.
• Step 4: Determine that this sentence fits the Third Party Sharing/Collection category.
Now, you try. Here is a sentence for you to classify:
"""
PROMPT_XIIIa = """
Websites and digital products have privacy policies. A data practice means how the data is used and processed by an organization. A sentence (policy segment) in a privacy policy can be annotated with one of the following nine data practice categories:
Category 1. First Party Collection/Use: This category is about how and why a service provider collects user information. In first party collection, the service provider that owns or operates the website/platform/service directly collects data from individuals. For instance, when a customer engages with the services of company A, company A collects data such as the products they have browsed, their purchasing choices, or their behavior patterns. When company A makes a product recommendation to a customer based on this data, it can be referred to as first-party advertising. In this case, collection and use of personal data is identified as first party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is first party. For example: "We collect", "Data you provide", "Information we collect", "Our servers", "Our cookies", "We use your data" "Data collected from your interaction with our services", "Information you submit", “We restrict access to personal information to our employees, contractors, and agents”, etc. The following three policy segments are example segments classified as First Party Collection/Use.
Category 2. Third Party Sharing/Collection: This category is about how user information may be shared with or collected by third parties. In third party sharing/collection an entity other than the service provider collects data from users through the service provider's platform. Third parties could include advertisers, ad network companies, analytic companies, or partner services that have their own data collection and privacy practices. Third-party entities often work with a variety of first-party websites, collecting information on user profiles from diverse sources, including news, weather, entertainment, and travel websites. For instance, if a customer uses Amazon.com's services and Amazon utilizes details about the user that have been collected by companies other than itself, this is known as third-party data collection and use. In privacy policies, certain keywords and phrases can help to identify if the data collection or use is third-party. For example: "Third-party providers", "External partners", "Ad networks", "Data we share" "Cookies from third-party advertisers", "Third-party cookies", "Third-party analytics", "Our partners’ services", “data processors”, etc. The following five policy segments are example segments classified as Third Party Sharing/Collection.
Category 3. User Choice/Control: This category is about choices and control options available to users. Choice means giving individuals options as to how their personal information may be used. Specifically, choice relates to secondary uses of information—that is, uses beyond those necessary to complete the contemplated transaction. Control means privacy controls that allow individuals to manage use and sharing of their data. Example for choice/control can be following: “opt-in”, “opt-out”, “cookie preference” (functional/recommended/essential/performance/advertising), “location data controls”, “privacy control”, “communication preference”, “do-not-track”, “do-not-sell”, “withdraw consent”, etc. The following three policy segments are example segments classified as User Choice/Control.
Category 4. User Access, Edit, and Deletion: This category is about if and how users may access, edit, or delete their information. These are privacy rights-based choices. In privacy policies such provision can be found in the following keywords and phrases: "right to access", “rights you have”, "request a copy", "view your information", "download your data", "personal data report", "obtain a copy", “how do I change my information”, “ how can I move my information”, "data subject access request", “delete information”, etc. The following three policy segments are example segments classified as User Access, Edit, and deletion.
Category 5. Data Retention: This category is about how long user information is stored. Retention period outlines the time period for which personal information is stored and when it will be deleted or anonymized. Here are examples of some keywords, terms, and phrases that commonly identify "data retention" in privacy policies: "retention period", "how long we keep your data", “retaining your information”, "storage duration", "duration", "keep your data", “hold your information”, “hold your information any longer than we have to”, etc. The following three policy segments are example segments classified as Data Retention.
Category 6. Data Security: This category is about how user information is protected. In particular, it means the security measures that ensure security of personal data, including encryption or storage of data on secure servers. It also includes processing user data to improve safety and reliability of products, services, and users. Here are examples of some keywords, terms, and phrases that commonly identify "data security" in privacy policies: “security, fraud and abuse prevention”, “information security”, “security tips”, “security measures”, “security features”, “security partners”, “security controls”, “encryption”, “data breach procedure”, “secure server”, “firewalls and antivirus software”, “appropriate technical and organizational measures to safeguard personal information”, etc. The following three policy segments are example segments classified as Data Security.
Category 7. Policy Change: This category is about if and how users will be informed about changes to the privacy policy. Here are examples of some keywords, terms, and phrases that commonly identify "policy change" in privacy policies: “notify you about upcoming changes”, “we change this privacy policy from time to time”, “email notification of privacy policy changes”, “notification of changes”, “revisions to this policy”, “policy update alert”, “how we will inform you”, etc. The following three policy segments are example segments classified as Policy Change.
Category 8. Do Not Track: This category is about if and how Do Not Track signals for online tracking and advertising are honored. Examples of keywords, terms, and phrases that commonly reflect "Do Not Track" in privacy policies include: “you can switch off some cookies and similar tracking technologies”, “online tracking preferences”, “do not track”, “behavioral tracking opt-out”, “opting-out of tracking”, etc. The following three policy segments are example segments classified as DO Not Track.
Category 9. International and Specific Audiences: This category is about practices that pertain only to a specific group of users (e.g., children, Europeans, or California residents). It outlines specific provisions that apply exclusively to certain categories of users, such as children, residents of Europe, or individuals living in California. The privacy policy includes clauses for these distinct user groups. Here are examples of some keywords, terms, and phrases that commonly identify international audiences or specific audiences in privacy policies: “child permissions”, “special protection of children's personal data”, “age-specific guidelines”, “kids profile”, “parental consent”, “children and teens”, “international users”, “regional laws”, “GDPR” (General Data Protection Regulation for European users), “CCPA” (California Consumer Privacy Act for California residents), “COPPA” (Children's Online Privacy Protection Act), “ CIPA” (Children’s Internet Protection Act in United States), “specific audience considerations”, “disclosure and international transfers”, “supplemental privacy disclosures for certain services and regions”, etc. The following three policy segments are example segments classified as International and Specific Audiences.
Task:
I will give you a sentence from a privacy policy, and you will classify the sentence into one of these nine data practice categories. Please only respond with one of the nine categories for each sentence. Please follow these steps:
• Read the sentence carefully.
• Identify keywords and phrases that indicate a specific data practice.
• Match these indicators with the descriptions of the nine categories.
• Determine the most appropriate category for the sentence.
Let's work through a few examples to demonstrate this process:
Example Sentence 1: “We collect the following categories of personal information about you: name, email address, profile information, payment details, and device IDs.”