基于机器学习的医疗健康APP隐私政策合规性研究

Evaluating Privacy Policy for Mobile Health APPs with Machine Learning

【目的】采用机器学习集成方法对我国医疗健康APP隐私政策的合规性进行测评,提高隐私政策合规性测评的效率与精准性。【方法】依据国家相关政策法规构建医疗健康APP隐私政策合规性测评指标体系,基于硬投票分类器,综合应用卷积神经网络、循环神经网络、长短期记忆人工神经网络三种机器学习算法建立合规性检测模型,通过采集安卓手机应用市场中1 210款医疗健康APP数据,验证模型的有效性并进行隐私政策合规性测评。【结果】我国医疗健康APP隐私政策整体合规性较差,在6项测评维度上均存在较多违规问题,在线医疗、医药服务、健康管理、医学资讯4类细分领域APP的隐私政策合规性得分分别为0.63、0.59、0.61、0.66。【局限】由于标注的隐私政策数据量有限,合规性检测模型无法充分学习测评指标特征。【结论】基于机器学习集成方法的检测模型能够对APP隐私政策的合规性进行大规模、细粒度自动测评,为政府部门科学监管和APP运营商自检自查提供了新的思路与方法。

[Objective] This paper analyzes privacy policies for mobile health APPs in China with machine learning, aiming to improve the efficiency and accuracy of compliance evaluation. [Methods] First, we constructed the evaluation system for the privacy policy compliance of mobile health APPs according to relevant policies and regulations. Then, based on the hard voting classifier, we established the compliance evaluation model integrating three machine learning algorithms: CNN, RNN and LSTM. Finally, we examined our model using 1210 mobile health APPs from the Android APP market, and evaluated the compliance of their privacy policies. [Results] The overall compliance of the privacy policies for mobile health APPs was poor. There are many violations in the six evaluation criteria. The compliance scores of online medical APPs, medical service APPs, health management APPs, and medical information APPs were 0.63, 0.59, 0.61and 0.66. [Limitations] Due to the limited amount of annotated privacy policy data, the proposed model may not be able to fully learn the features of evaluation indicators. [Conclusions] This proposed model could conduct large-scale, fine-grained automatic evaluation of the compliance of APPs privacy policies. It also provides new ideas and methods for the government agencies and APP operators to improve decision making.