Sensitive Regulated Data: Permitted and Restricted UsesPurposeScope and AuthorityStandardViolation of the Standard - Misuse of InformationDefinitionsReferencesAppendix A: Personally Identifiable Information (PII)Appendix B: Security of Personally Owned Devices that Access or Maintain Sensitive Restricted DataAppendix C: Sensitive Security Information (SSI)

The dataset consists of three different privacy policy corpora (in English and Italian) composed of 81 unique privacy policy texts spanning the period 2018-2021. This dataset makes available an example of three corpora of privacy policies. The first corpus is the English-language corpus, the original used in the study by Tang et al. [2]. The other two are cross-language corpora built (one, the source corpus, in English, and the other, the replication corpus, in Italian, which is the language of a potential replication study) from the first corpus.

The policies were collected from:

1. the Alexa top 10 Italy and U.S. websites rank;
2. the Play Store apps rank in the "most profitable games" category of the Play Store for Italy and the U.S.

We manually analyzed the Alexa top 10 Italy websites as of November 2021. Analogously, we analyzed selected apps that, in the same period, had ranked better in the "most profitable games" category of the Play Store for Italy.

All the privacy policies are ANSI-encoded text files and have been manually read and verified.
The dataset is helpful as a starting point for building comparable cross-language privacy policies corpora. The availability of these comparable cross-language privacy policies corpora helps replicate studies in different languages.
Details on the methodology can be found in the accompanying paper.

The available files are as follows:

• policies-texts.zip --> contains a directory of text files with the policy texts. File names are the SHA1 hashes of the policy text.
• policy-metadata.csv --> Contains a CSV file with the metadata for each privacy policy.

This dataset is the original dataset used in the publication [1]. The original English U.S. corpus is described in the publication [2].

[1] F. Ciclosi, S. Vidor and F. Massacci. "Building cross-language corpora for human understanding of privacy policies." Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision. Communications in Computer and Information Science. Springer International Publishing, 2023, In press.

[2] J. Tang, H. Shoemaker, A. Lerner, and E. Birrell. Defining Privacy: How Users Interpret Technical Terms in Privacy Policies. Proceedings on Privacy Enhancing Technologies, 3:70–94, 2021.

As of February 2025, 19 U.S. states had consumer privacy laws signed. California was the first state to develop a privacy bill in 2018. Since then, more states have come up with state-level laws dedicated to the protection of consumer data. A few of the signed laws are yet to become effective in 2025 or in 2026.

By 2024, the share of the global population to be covered under modern privacy regulations is projected to reach 75 percent. The forecast for the year 2023 was 65 percent. Additionally, in 2020, only ten percent of the global population's privacy was protected by modern laws.

A survey conducted in April and May 2023 found that less than half of the surveyed organizations in the United States and the United Kingdom (UK) had completed selected actions to comply with state data privacy laws in the United States. Around ** percent of the respondents had made a comparison of the United States' state-level privacy law frameworks. A further ** percent said they were in the process of doing so. Furthermore, ** percent of the respondents said they had updated privacy policies, while almost ** percent were in the process of planning and conducting data assessments.

Comprehensive dataset outlining Advatec’s privacy policy, including data collection practices, user rights, GDPR compliance, and third-party data handling procedures.

news

The market for Privacy Policy Generator Software is experiencing a steady growth, driven by increasing concerns over data privacy and regulatory compliance. The market size stood at $260.3 million in 2025, and is projected to reach $589.9 million by 2033, exhibiting a CAGR of 10.8% from 2025 to 2033. The proliferation of personal data collection, coupled with stringent data protection regulations like GDPR and CCPA, is propelling the adoption of this software among businesses. Key market trends include the rise of cloud-based solutions, catering to the growing need for flexibility and reduced infrastructure costs. Large enterprises are actively leveraging these solutions to manage the complexities of privacy compliance. Additionally, the increasing adoption of privacy policies across verticals such as e-commerce, healthcare, and financial services is further fueling the market growth. The major players in the market include Termly.io, iubenda, Get Terms, PrivacyPolicies.com, IBM, Seers Co., Termageddon, LLC, TermsFeed, and AppPrivacy.com. North America remains the dominant region for this market, followed by Europe and Asia-Pacific.

As of January 2025, The European Union (EU) had three fully operating and one upcoming law regarding online privacy and the usage of digital technologies. The first one, the General Data Protection Regulation (GDPR), was enacted in May 2018. The second law became effective on February 17, 2024, and is called the Digital Services Act (DSA). In March 2024, another law protecting consumer privacy, the Digital Markets Act, was enacted. The latest regulation adopted by the European Union (EU) is called the Cyber Resilience Act (CRA), which became active in December 2024.

The global market for Privacy Policy Generator Software is experiencing robust growth, projected to reach $276 million in 2025 and maintain a Compound Annual Growth Rate (CAGR) of 11.3% from 2025 to 2033. This expansion is fueled by several key drivers. Increasingly stringent data privacy regulations, like GDPR and CCPA, are compelling businesses of all sizes – from large enterprises to small and medium-sized enterprises (SMEs) – to adopt robust privacy policies. The rising adoption of cloud-based and web-based solutions further contributes to market growth, providing businesses with accessible and cost-effective tools to manage their compliance needs. The market is segmented by application (Large Enterprises and SMEs) and type (Cloud-Based and Web-Based), with cloud-based solutions gaining significant traction due to their scalability and ease of use. Competitive landscape is dynamic, featuring established players like IBM alongside specialized providers such as Termly.io, iubenda, Get Terms, PrivacyPolicies.com, Seers Co, Termageddon,LLC, and TermsFeed. The geographical distribution shows strong presence across North America, Europe, and Asia Pacific, reflecting the global reach of data privacy concerns. Future growth will likely be driven by the continuing evolution of data privacy regulations, increasing cyber security threats, and the growing demand for user data transparency and control. The continued digital transformation of businesses worldwide ensures sustained demand for user-friendly and effective privacy policy generation tools. The market is expected to witness further fragmentation as specialized solutions catering to niche industries and specific regulatory requirements emerge. North America is likely to retain its leading market share due to early adoption of privacy regulations and a high concentration of technology companies. However, regions like Asia Pacific are expected to showcase significant growth potential in the coming years, driven by increasing internet penetration and the implementation of stricter data privacy regulations. The competition within the market is likely to intensify as vendors continue to enhance their product offerings with features such as automated policy updates, multi-lingual support, and seamless integration with other compliance tools.

A dataset of privacy policies in the Greek language, with policies coming from top visited websites in Greece with a privacy policy in the Greek language.

The dataset, as well as results of its analysis are included.

if you want to use this dataset, please cite the relevant conference publication:

Georgia M. Kapitsaki and Maria Papoutsoglou, "A privacy policies dataset in Greek in the GDPR era, in Proceedings of the 27th Pan-Hellenic Conference on Informatics, PCI 2023.

A survey conducted from April to May 2022 found that *** in ** organizations in the United States designated an internal project manager or owner to manage compliance with state-level privacy laws. Around half of the organizations conducted data mapping and had an understanding of data practices across the organization. A further ** percent said they updated privacy policies, while ** percent said they were in the process of doing so.

A survey conducted in April and May 2023 found that 60 percent of the companies that do business in the United States find it challenging to track the status of the data privacy legislation and the differences between state laws when preparing for changes in the data privacy laws. The challenge for around 50 percent of the respondents were increasing their budget because of the changes.

A 2023 survey found that 25 percent of organizations worldwide believe that they should comply with all relevant privacy laws. Security professionals also stressed the need to avoid having data breaches, in addition to the importance of providing clear information on how their data is being used to build consumer trust.

This data was collected by the Office of the National Coordinator for Health IT in coordination with Clinovations and the George Washington University Milken Institute of Public Health. ONC and its partners collected the data through research of state government and health information organization websites. The dataset provides policy and law details for four distinct policies or laws, and, where available, hyperlinks to official state records or websites. These four policies or laws are: 1) State Health Information Exchange (HIE) Consent Policies; 2) State-Sponsored HIE Consent Policies; 3) State Laws Requiring Authorization to Disclose Mental Health Information for Treatment, Payment, and Health Care Operations (TPO); and 4) State Laws that Apply a Minimum Necessary Standard to Treatment Disclosures of Mental Health Information.

The documents contained in this dataset reflect NASA's comprehensive IT policy in compliance with Federal Government laws and regulations.

The Privacy Policy Generator Software market is experiencing robust growth, driven by increasing global data privacy regulations like GDPR and CCPA, and the rising awareness among businesses regarding data protection compliance. The market's expansion is further fueled by the simplification and cost-effectiveness offered by these software solutions compared to hiring legal professionals. While precise market sizing data wasn't provided, considering the prevalence of data privacy concerns and the numerous players in the market (including established names like IBM alongside specialized providers like Termly.io and iubenda), a reasonable estimation for the 2025 market size would be around $250 million. A compound annual growth rate (CAGR) of 15% over the forecast period (2025-2033) appears plausible, given the continuing adoption of these tools and the anticipated strengthening of global privacy laws. This projected CAGR translates to a market value exceeding $1 billion by 2033. The market is segmented by various factors such as software features (e.g., customization options, integration capabilities), pricing models (subscription, one-time purchase), and target user size (small businesses, enterprises). Key restraints include the potential for software limitations in handling complex legal scenarios requiring nuanced legal expertise and the ongoing evolution of data privacy regulations requiring constant software updates. The competitive landscape comprises a mix of established technology companies and specialized privacy software providers. While some larger players leverage their brand recognition, the specialized vendors often offer more comprehensive features tailored to specific user needs. Regional variations in market penetration are expected, with mature markets like North America and Europe showing higher adoption rates, while emerging economies present substantial growth opportunities in the coming years. Continued market expansion depends on factors such as sustained regulatory pressure, further technological advancements in the software (e.g., AI-powered personalization), and increased user awareness of data privacy best practices. Strategic partnerships between software providers and legal consultancies could also enhance market growth by bridging the gap between automated policy generation and expert legal review.

115 privacy policies from the OPP-115 corpus have been re-annotated with the specific data retention periods disclosed, aligned with the GDPR requirements disclosed in Art. 13 (2)(a). Those retention periods have been categorized into the following 6 distinct cases:

C0: No data retention period is indicated in the privacy policy/segment. C1: A specific data retention period is indicated (e.g., days, weeks, months...). C2: Indicate that the data will be stored indefinitely. C3: A criterion is determined during which a defined period during which the data will be stored can be understood (e.g., as long as the user has an active account). C4: It is indicated that personal data will be stored for an unspecified period, for fraud prevention, legal or security reasons. C5: It is indicated that personal data will be stored for an unspecified period, for purposes other than fraud prevention, legal, or security. Note: If the privacy policy or segment accounts for more than one case, the case with the highest value was annotated (e.g., if case C2 and case C4 apply, C4 is annotated).

Then, the ground truth dataset served as validation for our proposed ChatGPT-based method, the results of which have also been included in this dataset.

Columns description: - policy_id: ID of the policy in the OPP-115 dataset - policy_name: Domain of the privacy policy - policy_text: Privacy policy collected at the time of OPP-115 dataset creation - info_type_value: Type of personal data to which data retention refers - retention_period: Period of retention annotated by OPP-115 annotators - actual_case: Our annotated case ranging from C0-C5 - GPT_case: ChatGPT classification of the case identified in the segment - actual_Comply_GDPR: Boolean denoting True if they apparently comply with GDPR (cases C1-C5) or False if not (case C0) - GPT_Comply_GDPR: Boolean denoting True if they apparently comply with GDPR (cases C1-C5) or False if not (case C0) - paragraphs_retention_period: List containing the paragraphs annotated as Data Retention by OPP-115 annotators and our red text describing the relevant information used for our annotation decision