Sensitive Regulated Data: Permitted and Restricted UsesPurposeScope and AuthorityStandardViolation of the Standard - Misuse of InformationDefinitionsReferencesAppendix A: Personally Identifiable Information (PII)Appendix B: Security of Personally Owned Devices that Access or Maintain Sensitive Restricted DataAppendix C: Sensitive Security Information (SSI)

The dataset consists of three different privacy policy corpora (in English and Italian) composed of 81 unique privacy policy texts spanning the period 2018-2021. This dataset makes available an example of three corpora of privacy policies. The first corpus is the English-language corpus, the original used in the study by Tang et al. [2]. The other two are cross-language corpora built (one, the source corpus, in English, and the other, the replication corpus, in Italian, which is the language of a potential replication study) from the first corpus.

The policies were collected from:

1. the Alexa top 10 Italy and U.S. websites rank;
2. the Play Store apps rank in the "most profitable games" category of the Play Store for Italy and the U.S.

We manually analyzed the Alexa top 10 Italy websites as of November 2021. Analogously, we analyzed selected apps that, in the same period, had ranked better in the "most profitable games" category of the Play Store for Italy.

All the privacy policies are ANSI-encoded text files and have been manually read and verified.
The dataset is helpful as a starting point for building comparable cross-language privacy policies corpora. The availability of these comparable cross-language privacy policies corpora helps replicate studies in different languages.
Details on the methodology can be found in the accompanying paper.

The available files are as follows:

• policies-texts.zip --> contains a directory of text files with the policy texts. File names are the SHA1 hashes of the policy text.
• policy-metadata.csv --> Contains a CSV file with the metadata for each privacy policy.

This dataset is the original dataset used in the publication [1]. The original English U.S. corpus is described in the publication [2].

[1] F. Ciclosi, S. Vidor and F. Massacci. "Building cross-language corpora for human understanding of privacy policies." Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision. Communications in Computer and Information Science. Springer International Publishing, 2023, In press.

[2] J. Tang, H. Shoemaker, A. Lerner, and E. Birrell. Defining Privacy: How Users Interpret Technical Terms in Privacy Policies. Proceedings on Privacy Enhancing Technologies, 3:70–94, 2021.

A survey conducted from April to May 2022 found that *** in ** organizations in the United States designated an internal project manager or owner to manage compliance with state-level privacy laws. Around half of the organizations conducted data mapping and had an understanding of data practices across the organization. A further ** percent said they updated privacy policies, while ** percent said they were in the process of doing so.

Comprehensive dataset outlining Advatec’s privacy policy, including data collection practices, user rights, GDPR compliance, and third-party data handling procedures.

A dataset of privacy policies in the Greek language, with policies coming from top visited websites in Greece with a privacy policy in the Greek language.

The dataset, as well as results of its analysis are included.

if you want to use this dataset, please cite the relevant conference publication:

Georgia M. Kapitsaki and Maria Papoutsoglou, "A privacy policies dataset in Greek in the GDPR era, in Proceedings of the 27th Pan-Hellenic Conference on Informatics, PCI 2023.

The global market for Privacy Policy Generator Software is experiencing robust growth, projected to reach $276 million in 2025 and maintain a Compound Annual Growth Rate (CAGR) of 11.3% from 2025 to 2033. This expansion is fueled by several key drivers. Increasingly stringent data privacy regulations, like GDPR and CCPA, are compelling businesses of all sizes – from large enterprises to small and medium-sized enterprises (SMEs) – to adopt robust privacy policies. The rising adoption of cloud-based and web-based solutions further contributes to market growth, providing businesses with accessible and cost-effective tools to manage their compliance needs. The market is segmented by application (Large Enterprises and SMEs) and type (Cloud-Based and Web-Based), with cloud-based solutions gaining significant traction due to their scalability and ease of use. Competitive landscape is dynamic, featuring established players like IBM alongside specialized providers such as Termly.io, iubenda, Get Terms, PrivacyPolicies.com, Seers Co, Termageddon,LLC, and TermsFeed. The geographical distribution shows strong presence across North America, Europe, and Asia Pacific, reflecting the global reach of data privacy concerns. Future growth will likely be driven by the continuing evolution of data privacy regulations, increasing cyber security threats, and the growing demand for user data transparency and control. The continued digital transformation of businesses worldwide ensures sustained demand for user-friendly and effective privacy policy generation tools. The market is expected to witness further fragmentation as specialized solutions catering to niche industries and specific regulatory requirements emerge. North America is likely to retain its leading market share due to early adoption of privacy regulations and a high concentration of technology companies. However, regions like Asia Pacific are expected to showcase significant growth potential in the coming years, driven by increasing internet penetration and the implementation of stricter data privacy regulations. The competition within the market is likely to intensify as vendors continue to enhance their product offerings with features such as automated policy updates, multi-lingual support, and seamless integration with other compliance tools.

The data consists in crawled privacy policies from European privacy policies. They were split into paragraphs and annotated as containing or not personal data.

The question that was asked to annotators was "Does this paragraph contain the explicit mention of specific personal data (e.g. name, phone number, social security, …) being collected?".

A full description of the dataset can be found in D3.4 of the SMOOTH project

The market for Privacy Policy Generator Software is experiencing a steady growth, driven by increasing concerns over data privacy and regulatory compliance. The market size stood at $260.3 million in 2025, and is projected to reach $589.9 million by 2033, exhibiting a CAGR of 10.8% from 2025 to 2033. The proliferation of personal data collection, coupled with stringent data protection regulations like GDPR and CCPA, is propelling the adoption of this software among businesses. Key market trends include the rise of cloud-based solutions, catering to the growing need for flexibility and reduced infrastructure costs. Large enterprises are actively leveraging these solutions to manage the complexities of privacy compliance. Additionally, the increasing adoption of privacy policies across verticals such as e-commerce, healthcare, and financial services is further fueling the market growth. The major players in the market include Termly.io, iubenda, Get Terms, PrivacyPolicies.com, IBM, Seers Co., Termageddon, LLC, TermsFeed, and AppPrivacy.com. North America remains the dominant region for this market, followed by Europe and Asia-Pacific.

This data was collected by the Office of the National Coordinator for Health IT in coordination with Clinovations and the George Washington University Milken Institute of Public Health. ONC and its partners collected the data through research of state government and health information organization websites. The dataset provides policy and law details for four distinct policies or laws, and, where available, hyperlinks to official state records or websites. These four policies or laws are: 1) State Health Information Exchange (HIE) Consent Policies; 2) State-Sponsored HIE Consent Policies; 3) State Laws Requiring Authorization to Disclose Mental Health Information for Treatment, Payment, and Health Care Operations (TPO); and 4) State Laws that Apply a Minimum Necessary Standard to Treatment Disclosures of Mental Health Information.

By 2024, the share of the global population to be covered under modern privacy regulations is projected to reach 75 percent. The forecast for the year 2023 was 65 percent. Additionally, in 2020, only ten percent of the global population's privacy was protected by modern laws.

The Privacy Policy Generator Software market is experiencing robust growth, driven by increasing data privacy regulations globally (like GDPR, CCPA, etc.) and the rising awareness among businesses about the importance of compliance. The market size in 2025 is estimated at $500 million, reflecting a significant expansion from previous years. Assuming a conservative Compound Annual Growth Rate (CAGR) of 15% based on the rapid adoption of such tools and ongoing regulatory changes, the market is projected to reach approximately $1.2 billion by 2033. This growth is fueled by several key trends: the increasing complexity of privacy regulations, the simplification and cost-effectiveness these generators offer compared to manual policy drafting, and the growing preference for automated solutions within businesses of all sizes. While the market faces some restraints, such as the potential for inaccuracies in generated policies and the need for continuous updates to reflect evolving regulations, these are likely to be outweighed by the strong market drivers in the foreseeable future. The market is segmented by various factors, including software type (cloud-based, on-premise), pricing models (subscription, one-time purchase), and target user (SMBs, Enterprises). Key players such as Termly.io, iubenda, Get Terms, PrivacyPolicies.com, IBM, Seers Co, Termageddon, LLC, and TermsFeed are competing to capture market share through product innovation and strategic partnerships. The competitive landscape is dynamic, with both established players and emerging startups vying for market dominance. Success in this market hinges on the ability to provide accurate, up-to-date, and user-friendly policy generation tools tailored to specific regulatory environments. Further innovation will be crucial to address the evolving needs of businesses regarding data privacy, including integrations with other security and compliance software. Future growth will also depend on the ability of these companies to effectively communicate the value proposition of automated policy generation and to build trust with users concerned about data security and legal compliance. The market shows strong potential for growth driven by escalating demands for privacy compliance and the benefits offered by streamlined automation solutions.

This dataset has been collected and annotated by Terms of Service; Didn't Read (ToS;DR), an independent project aimed at analyzing and summarizing the terms of service and privacy policies of various online services. ToS;DR helps users understand the legal agreements they accept when using online platforms by categorizing and evaluating specific cases related to these policies.

The dataset includes structured information on individual cases, broader topics, specific services, detailed documents, and key points extracted from legal texts.

• Cases refer to individual legal cases or specific issues related to the terms of service or privacy policies of a particular online service. Each case typically focuses on a specific aspect of a service's terms, such as data collection, user rights, content ownership, or security practices.

  • id, a unique id for each case (incremental).
  • classification, one of those values (good, bad, neutral, blocker).
  • score, values range between 0 to 100.
  • title.
  • description.
  • topic_id, connecting the case with it's topic.
  • created_at.
  • updated_at.
  • privacy_related, a flag indicate if it's related to privacy or not.
  • docbot_regex, the regex expression used to check for specific words in the quoted text.

• Topics are general categories or themes that encompass various cases. They help organize and group similar cases together based on the type of issues they address. For example, "Data Collection" could be a topic that includes cases related to how a service collects and uses user data.

  • id, a unique id for each topic (incremental).
  • title.
  • subtitle, small description.
  • description.
  • created_at.
  • updated_at.

• Services represent specific online platforms, websites, or applications that have their own terms of service and privacy policies.

  • id, a unique id for each service (incremental).
  • name.
  • url.
  • created_at.
  • updated_at.
  • wikipedia, wikipedia url of the service.
  • keywords.
  • related, connecting the service with one of known similar services in the same field.
  • slug. extracted from the name, small letters, no spaces and so on.
  • is_comprehensively_reviewed, a flag indicate if it's comprehensively_reviewed or not.
  • rating, overall rating for the service based on the all cases.
  • status, indicate if the service is deleted or not (deleted, NaN).

• Points are individual statements or aspects within a case that highlight important information about a service's terms of service or privacy policy. These points can be positive (e.g., strong privacy protections) or negative (e.g., data sharing with third parties).

  • id, a unique id for each point (incremental).
  • rank, all values are zero.
  • title, mostly it's similar to case title.
  • source, url of the source.
  • status, one of those values (approved, declined, pending, changes-requested, disputed, draft).
  • analysis.
  • created_at.
  • updated_at.
  • service_id, connecting the point with it's service.
  • quote_text, quotted text from the source which contain information for this point.
  • case_id, connecting the point with the related case.
  • old_id, used for data migration.
  • quote_start, index of first letter of the quotted text in the document.
  • quote_end, index of last letter of the quotted text in the document.
  • service_needs_rating_update, all values are False.
  • document_id, connecting the point with the related document.
  • annotation_ref.

• Documents refer to the original terms of service and privacy policies of the services that are being analyzed on TOSDR. These documents are the source of information for the cases, points, and ratings provided on the platform. TOSDR links to the actual documents, so users can review the full details if they choose to.

  • id, a unique id for each document (incremental).
  • name, name of document like privacy policy or cookies policy, etc.
  • url, url of the document.
  • xpath.
  • text, the actual document.
  • created_at.
  • updated_at.
  • service_id, connecting the document with it's service.
  • reviewed, a flag indicate if the document has been reviewed or not.
  • status, indicate if the service is deleted or not (deleted, NaN).
  • crawler_server, the server used to crawl the document

There has been a rising awareness of data privacy among mobile app users in China. As of the early of 2020, around ** percent of the Chinese respondents in a survey said that they had read privacy terms on mobile apps carefully before agreeing to the conditions. Compared to the same survey which was conducted in 2018, the reading rate had increased, although it was still relatively more common for consumers to consent without reading the policies.

Data Privacy Service Market Outlook

The global data privacy service market size was valued at USD 12.5 billion in 2023 and is projected to reach USD 41.2 billion by 2032, growing at a robust CAGR of 14.1% during the forecast period. The increasing complexity of data breaches and stringent regulatory requirements are driving the growth of this market. Organizations worldwide are becoming more aware of the importance of data protection and privacy, leading to a surge in demand for comprehensive data privacy services.

One of the primary growth factors for the data privacy service market is the escalating frequency and sophistication of cyber-attacks. With the advent of advanced technologies, malicious entities have found new methods to infiltrate organizational networks and compromise sensitive data. Consequently, businesses are compelled to invest heavily in data privacy services to safeguard their information assets. Additionally, regulatory bodies across the globe are implementing stringent data protection laws, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States, which mandate organizations to adopt robust data privacy measures, further fueling market growth.

Another significant driver is the increasing adoption of cloud services and digital transformation initiatives. As more businesses migrate to cloud environments and digitize their operations, the risks associated with data breaches and unauthorized access escalate. Cloud service providers and organizations alike are investing in data privacy services to ensure compliance with regulatory standards and to build trust with their customers. The advent of technologies like AI and machine learning has also enabled more sophisticated data privacy solutions, providing organizations with the tools to detect and mitigate threats in real-time.

Moreover, the growing awareness and concern among consumers regarding their data privacy rights are compelling organizations to be more transparent about their data handling practices. Consumers are increasingly demanding control over their personal information and are more likely to do business with companies that prioritize data privacy. This shift in consumer behavior is pushing organizations to enhance their data privacy frameworks, thereby accelerating the market growth. Furthermore, the rise of remote work due to the COVID-19 pandemic has amplified the need for robust data privacy services as employees access corporate networks from various locations, increasing the potential attack surface.

In terms of regional outlook, North America holds the largest share of the data privacy service market, driven by the presence of numerous technology giants and stringent data protection regulations. Europe follows closely, with the GDPR setting a high standard for data privacy practices. The Asia-Pacific region is anticipated to exhibit the highest growth rate, owing to the rapid digital transformation and increasing regulatory focus on data privacy. Latin America and the Middle East & Africa are also expected to witness significant growth, albeit at a slower pace compared to other regions, as these regions are gradually strengthening their regulatory frameworks and increasing awareness about data privacy issues.

As organizations strive to enhance their data protection capabilities, the role of a Data Privacy Management Platform becomes increasingly pivotal. These platforms offer a centralized solution for managing data privacy policies, procedures, and compliance requirements. By integrating various data privacy tools and technologies, a Data Privacy Management Platform enables organizations to streamline their data protection efforts and ensure consistency across all operations. This is particularly important in the context of evolving regulatory landscapes, where maintaining compliance with multiple data protection laws can be challenging. The platform not only aids in compliance but also enhances transparency and accountability, which are critical for building trust with stakeholders.

Service Type Analysis

The service type segment of the data privacy service market is categorized into consulting, implementation, and support and maintenance. Consulting services hold a significant share of the market as organizations seek expert guidance to navigate the complex landscape of data privacy regulations and to develop effective data protection strategies. Consulting fir

115 privacy policies from the OPP-115 corpus have been re-annotated with the specific data retention periods disclosed, aligned with the GDPR requirements disclosed in Art. 13 (2)(a). Those retention periods have been categorized into the following 6 distinct cases:

C0: No data retention period is indicated in the privacy policy/segment. C1: A specific data retention period is indicated (e.g., days, weeks, months...). C2: Indicate that the data will be stored indefinitely. C3: A criterion is determined during which a defined period during which the data will be stored can be understood (e.g., as long as the user has an active account). C4: It is indicated that personal data will be stored for an unspecified period, for fraud prevention, legal or security reasons. C5: It is indicated that personal data will be stored for an unspecified period, for purposes other than fraud prevention, legal, or security. Note: If the privacy policy or segment accounts for more than one case, the case with the highest value was annotated (e.g., if case C2 and case C4 apply, C4 is annotated).

Then, the ground truth dataset served as validation for our proposed ChatGPT-based method, the results of which have also been included in this dataset.

Columns description: - policy_id: ID of the policy in the OPP-115 dataset - policy_name: Domain of the privacy policy - policy_text: Privacy policy collected at the time of OPP-115 dataset creation - info_type_value: Type of personal data to which data retention refers - retention_period: Period of retention annotated by OPP-115 annotators - actual_case: Our annotated case ranging from C0-C5 - GPT_case: ChatGPT classification of the case identified in the segment - actual_Comply_GDPR: Boolean denoting True if they apparently comply with GDPR (cases C1-C5) or False if not (case C0) - GPT_Comply_GDPR: Boolean denoting True if they apparently comply with GDPR (cases C1-C5) or False if not (case C0) - paragraphs_retention_period: List containing the paragraphs annotated as Data Retention by OPP-115 annotators and our red text describing the relevant information used for our annotation decision

The Privacy Policy Generator Software market is experiencing robust growth, driven by increasing global data privacy regulations like GDPR and CCPA, and the rising awareness among businesses regarding data protection compliance. The market's expansion is further fueled by the simplification and cost-effectiveness offered by these software solutions compared to hiring legal professionals. While precise market sizing data wasn't provided, considering the prevalence of data privacy concerns and the numerous players in the market (including established names like IBM alongside specialized providers like Termly.io and iubenda), a reasonable estimation for the 2025 market size would be around $250 million. A compound annual growth rate (CAGR) of 15% over the forecast period (2025-2033) appears plausible, given the continuing adoption of these tools and the anticipated strengthening of global privacy laws. This projected CAGR translates to a market value exceeding $1 billion by 2033. The market is segmented by various factors such as software features (e.g., customization options, integration capabilities), pricing models (subscription, one-time purchase), and target user size (small businesses, enterprises). Key restraints include the potential for software limitations in handling complex legal scenarios requiring nuanced legal expertise and the ongoing evolution of data privacy regulations requiring constant software updates. The competitive landscape comprises a mix of established technology companies and specialized privacy software providers. While some larger players leverage their brand recognition, the specialized vendors often offer more comprehensive features tailored to specific user needs. Regional variations in market penetration are expected, with mature markets like North America and Europe showing higher adoption rates, while emerging economies present substantial growth opportunities in the coming years. Continued market expansion depends on factors such as sustained regulatory pressure, further technological advancements in the software (e.g., AI-powered personalization), and increased user awareness of data privacy best practices. Strategic partnerships between software providers and legal consultancies could also enhance market growth by bridging the gap between automated policy generation and expert legal review.

As of February 2025, 19 U.S. states had consumer privacy laws signed. California was the first state to develop a privacy bill in 2018. Since then, more states have come up with state-level laws dedicated to the protection of consumer data. A few of the signed laws are yet to become effective in 2025 or in 2026.

The documents contained in this dataset reflect NASA's comprehensive IT policy in compliance with Federal Government laws and regulations.

This dataset is about books. It has 1 row and is filtered where the book is Cyber security, privacy and data protection in EU law : a law, policy and technology analysis. It features 7 columns including author, publication date, language, and book publisher.