Sensitive Regulated Data: Permitted and Restricted UsesPurposeScope and AuthorityStandardViolation of the Standard - Misuse of InformationDefinitionsReferencesAppendix A: Personally Identifiable Information (PII)Appendix B: Security of Personally Owned Devices that Access or Maintain Sensitive Restricted DataAppendix C: Sensitive Security Information (SSI)

The dataset consists of three different privacy policy corpora (in English and Italian) composed of 81 unique privacy policy texts spanning the period 2018-2021. This dataset makes available an example of three corpora of privacy policies. The first corpus is the English-language corpus, the original used in the study by Tang et al. [2]. The other two are cross-language corpora built (one, the source corpus, in English, and the other, the replication corpus, in Italian, which is the language of a potential replication study) from the first corpus.

The policies were collected from:

1. the Alexa top 10 Italy and U.S. websites rank;
2. the Play Store apps rank in the "most profitable games" category of the Play Store for Italy and the U.S.

We manually analyzed the Alexa top 10 Italy websites as of November 2021. Analogously, we analyzed selected apps that, in the same period, had ranked better in the "most profitable games" category of the Play Store for Italy.

All the privacy policies are ANSI-encoded text files and have been manually read and verified.
The dataset is helpful as a starting point for building comparable cross-language privacy policies corpora. The availability of these comparable cross-language privacy policies corpora helps replicate studies in different languages.
Details on the methodology can be found in the accompanying paper.

The available files are as follows:

• policies-texts.zip --> contains a directory of text files with the policy texts. File names are the SHA1 hashes of the policy text.
• policy-metadata.csv --> Contains a CSV file with the metadata for each privacy policy.

This dataset is the original dataset used in the publication [1]. The original English U.S. corpus is described in the publication [2].

[1] F. Ciclosi, S. Vidor and F. Massacci. "Building cross-language corpora for human understanding of privacy policies." Workshop on Digital Sovereignty in Cyber Security: New Challenges in Future Vision. Communications in Computer and Information Science. Springer International Publishing, 2023, In press.

[2] J. Tang, H. Shoemaker, A. Lerner, and E. Birrell. Defining Privacy: How Users Interpret Technical Terms in Privacy Policies. Proceedings on Privacy Enhancing Technologies, 3:70–94, 2021.

A dataset of privacy policies in the Greek language, with policies coming from top visited websites in Greece with a privacy policy in the Greek language.

The dataset, as well as results of its analysis are included.

if you want to use this dataset, please cite the relevant conference publication:

Georgia M. Kapitsaki and Maria Papoutsoglou, "A privacy policies dataset in Greek in the GDPR era, in Proceedings of the 27th Pan-Hellenic Conference on Informatics, PCI 2023.

The data consists in crawled privacy policies from European privacy policies. They were split into paragraphs and annotated as containing or not personal data.

The question that was asked to annotators was "Does this paragraph contain the explicit mention of specific personal data (e.g. name, phone number, social security, …) being collected?".

A full description of the dataset can be found in D3.4 of the SMOOTH project

Comprehensive dataset outlining Advatec’s privacy policy, including data collection practices, user rights, GDPR compliance, and third-party data handling procedures.

A survey conducted from April to May 2022 found that six in 10 organizations in the United States designated an internal project manager or owner to manage compliance with state-level privacy laws. Around half of the organizations conducted data mapping and had an understanding of data practices across the organization. A further 41 percent said they updated privacy policies, while 40 percent said they were in the process of doing so.

By 2024, the share of the global population to be covered under modern privacy regulations is projected to reach 75 percent. The forecast for the year 2023 was 65 percent. Additionally, in 2020, only ten percent of the global population's privacy was protected by modern laws.

115 privacy policies from the OPP-115 corpus have been re-annotated with the specific data retention periods disclosed, aligned with the GDPR requirements disclosed in Art. 13 (2)(a). Those retention periods have been categorized into the following 6 distinct cases:

C0: No data retention period is indicated in the privacy policy/segment. C1: A specific data retention period is indicated (e.g., days, weeks, months...). C2: Indicate that the data will be stored indefinitely. C3: A criterion is determined during which a defined period during which the data will be stored can be understood (e.g., as long as the user has an active account). C4: It is indicated that personal data will be stored for an unspecified period, for fraud prevention, legal or security reasons. C5: It is indicated that personal data will be stored for an unspecified period, for purposes other than fraud prevention, legal, or security. Note: If the privacy policy or segment accounts for more than one case, the case with the highest value was annotated (e.g., if case C2 and case C4 apply, C4 is annotated).

Then, the ground truth dataset served as validation for our proposed ChatGPT-based method, the results of which have also been included in this dataset.

Columns description: - policy_id: ID of the policy in the OPP-115 dataset - policy_name: Domain of the privacy policy - policy_text: Privacy policy collected at the time of OPP-115 dataset creation - info_type_value: Type of personal data to which data retention refers - retention_period: Period of retention annotated by OPP-115 annotators - actual_case: Our annotated case ranging from C0-C5 - GPT_case: ChatGPT classification of the case identified in the segment - actual_Comply_GDPR: Boolean denoting True if they apparently comply with GDPR (cases C1-C5) or False if not (case C0) - GPT_Comply_GDPR: Boolean denoting True if they apparently comply with GDPR (cases C1-C5) or False if not (case C0) - paragraphs_retention_period: List containing the paragraphs annotated as Data Retention by OPP-115 annotators and our red text describing the relevant information used for our annotation decision

This dataset has been collected and annotated by Terms of Service; Didn't Read (ToS;DR), an independent project aimed at analyzing and summarizing the terms of service and privacy policies of various online services. ToS;DR helps users understand the legal agreements they accept when using online platforms by categorizing and evaluating specific cases related to these policies.

The dataset includes structured information on individual cases, broader topics, specific services, detailed documents, and key points extracted from legal texts.

• Cases refer to individual legal cases or specific issues related to the terms of service or privacy policies of a particular online service. Each case typically focuses on a specific aspect of a service's terms, such as data collection, user rights, content ownership, or security practices.

  • id, a unique id for each case (incremental).
  • classification, one of those values (good, bad, neutral, blocker).
  • score, values range between 0 to 100.
  • title.
  • description.
  • topic_id, connecting the case with it's topic.
  • created_at.
  • updated_at.
  • privacy_related, a flag indicate if it's related to privacy or not.
  • docbot_regex, the regex expression used to check for specific words in the quoted text.

• Topics are general categories or themes that encompass various cases. They help organize and group similar cases together based on the type of issues they address. For example, "Data Collection" could be a topic that includes cases related to how a service collects and uses user data.

  • id, a unique id for each topic (incremental).
  • title.
  • subtitle, small description.
  • description.
  • created_at.
  • updated_at.

• Services represent specific online platforms, websites, or applications that have their own terms of service and privacy policies.

  • id, a unique id for each service (incremental).
  • name.
  • url.
  • created_at.
  • updated_at.
  • wikipedia, wikipedia url of the service.
  • keywords.
  • related, connecting the service with one of known similar services in the same field.
  • slug. extracted from the name, small letters, no spaces and so on.
  • is_comprehensively_reviewed, a flag indicate if it's comprehensively_reviewed or not.
  • rating, overall rating for the service based on the all cases.
  • status, indicate if the service is deleted or not (deleted, NaN).

• Points are individual statements or aspects within a case that highlight important information about a service's terms of service or privacy policy. These points can be positive (e.g., strong privacy protections) or negative (e.g., data sharing with third parties).

  • id, a unique id for each point (incremental).
  • rank, all values are zero.
  • title, mostly it's similar to case title.
  • source, url of the source.
  • status, one of those values (approved, declined, pending, changes-requested, disputed, draft).
  • analysis.
  • created_at.
  • updated_at.
  • service_id, connecting the point with it's service.
  • quote_text, quotted text from the source which contain information for this point.
  • case_id, connecting the point with the related case.
  • old_id, used for data migration.
  • quote_start, index of first letter of the quotted text in the document.
  • quote_end, index of last letter of the quotted text in the document.
  • service_needs_rating_update, all values are False.
  • document_id, connecting the point with the related document.
  • annotation_ref.

• Documents refer to the original terms of service and privacy policies of the services that are being analyzed on TOSDR. These documents are the source of information for the cases, points, and ratings provided on the platform. TOSDR links to the actual documents, so users can review the full details if they choose to.

  • id, a unique id for each document (incremental).
  • name, name of document like privacy policy or cookies policy, etc.
  • url, url of the document.
  • xpath.
  • text, the actual document.
  • created_at.
  • updated_at.
  • service_id, connecting the document with it's service.
  • reviewed, a flag indicate if the document has been reviewed or not.
  • status, indicate if the service is deleted or not (deleted, NaN).
  • crawler_server, the server used to crawl the document

This data was collected by the Office of the National Coordinator for Health IT in coordination with Clinovations and the George Washington University Milken Institute of Public Health. ONC and its partners collected the data through research of state government and health information organization websites. The dataset provides policy and law details for four distinct policies or laws, and, where available, hyperlinks to official state records or websites. These four policies or laws are: 1) State Health Information Exchange (HIE) Consent Policies; 2) State-Sponsored HIE Consent Policies; 3) State Laws Requiring Authorization to Disclose Mental Health Information for Treatment, Payment, and Health Care Operations (TPO); and 4) State Laws that Apply a Minimum Necessary Standard to Treatment Disclosures of Mental Health Information.

The market for Privacy Policy Generator Software is experiencing a steady growth, driven by increasing concerns over data privacy and regulatory compliance. The market size stood at $260.3 million in 2025, and is projected to reach $589.9 million by 2033, exhibiting a CAGR of 10.8% from 2025 to 2033. The proliferation of personal data collection, coupled with stringent data protection regulations like GDPR and CCPA, is propelling the adoption of this software among businesses. Key market trends include the rise of cloud-based solutions, catering to the growing need for flexibility and reduced infrastructure costs. Large enterprises are actively leveraging these solutions to manage the complexities of privacy compliance. Additionally, the increasing adoption of privacy policies across verticals such as e-commerce, healthcare, and financial services is further fueling the market growth. The major players in the market include Termly.io, iubenda, Get Terms, PrivacyPolicies.com, IBM, Seers Co., Termageddon, LLC, TermsFeed, and AppPrivacy.com. North America remains the dominant region for this market, followed by Europe and Asia-Pacific.

The Office of the Privacy Commissioner of Canada (OPC) commissioned Phoenix Strategic Perspectives (Phoenix SPI) to conduct quantitative research with Canadian businesses on privacy‐related issues. To address its information needs, the OPC conducts surveys with businesses every two years to inform and guide outreach efforts. The objectives of this research were to collect data on the type of privacy policies and practices businesses have in place; on businesses’ compliance with the law; and on businesses’ awareness and approaches to privacy protection. The findings will be used to help the OPC provide guidance to both individuals and organizations on privacy issues; and enhance its outreach efforts with small businesses, which can be an effective way to achieve positive change for privacy protection. A 13‐minute telephone survey was administered to 1,003 companies across Canada between November 29 and December 19, 2019. The target respondents were senior decision makers with responsibility and knowledge of their company’s privacy and security practices. Businesses were divided by size for sampling purposes: small (1 to 19 employees); medium (20 to 99 employees); and large (100 employees or more). The results were weighted by size, sector and region using Statistics Canada data to ensure that they reflect the actual distribution of businesses in Canada. Based on a sample of this size, the results can be considered accurate to within ±3.1%, 19 times out of 20.

There has been a rising awareness of data privacy among mobile app users in China. As of the early of 2020, around ** percent of the Chinese respondents in a survey said that they had read privacy terms on mobile apps carefully before agreeing to the conditions. Compared to the same survey which was conducted in 2018, the reading rate had increased, although it was still relatively more common for consumers to consent without reading the policies.

The global market for Privacy Policy Generator Software is experiencing robust growth, projected to reach $276 million in 2025 and maintain a Compound Annual Growth Rate (CAGR) of 11.3% from 2025 to 2033. This expansion is fueled by several key drivers. Increasingly stringent data privacy regulations, like GDPR and CCPA, are compelling businesses of all sizes – from large enterprises to small and medium-sized enterprises (SMEs) – to adopt robust privacy policies. The rising adoption of cloud-based and web-based solutions further contributes to market growth, providing businesses with accessible and cost-effective tools to manage their compliance needs. The market is segmented by application (Large Enterprises and SMEs) and type (Cloud-Based and Web-Based), with cloud-based solutions gaining significant traction due to their scalability and ease of use. Competitive landscape is dynamic, featuring established players like IBM alongside specialized providers such as Termly.io, iubenda, Get Terms, PrivacyPolicies.com, Seers Co, Termageddon,LLC, and TermsFeed. The geographical distribution shows strong presence across North America, Europe, and Asia Pacific, reflecting the global reach of data privacy concerns. Future growth will likely be driven by the continuing evolution of data privacy regulations, increasing cyber security threats, and the growing demand for user data transparency and control. The continued digital transformation of businesses worldwide ensures sustained demand for user-friendly and effective privacy policy generation tools. The market is expected to witness further fragmentation as specialized solutions catering to niche industries and specific regulatory requirements emerge. North America is likely to retain its leading market share due to early adoption of privacy regulations and a high concentration of technology companies. However, regions like Asia Pacific are expected to showcase significant growth potential in the coming years, driven by increasing internet penetration and the implementation of stricter data privacy regulations. The competition within the market is likely to intensify as vendors continue to enhance their product offerings with features such as automated policy updates, multi-lingual support, and seamless integration with other compliance tools.

This statistic shows the results of a survey about the share of users reading privacy policies or terms and conditions for internet sites or apps in Australia as of August 2018. During the survey period, around ** percent of respondents stated to never read the terms and conditions or privacy policy of a website, compared to **** percent of respondents claiming to read them every time.

The documents contained in this dataset reflect NASA's comprehensive IT policy in compliance with Federal Government laws and regulations.

The Security Policy Management (SPM) solutions market is experiencing robust growth, driven by the escalating need for enhanced cybersecurity in a rapidly evolving digital landscape. The increasing complexity of IT infrastructure, coupled with the proliferation of cloud services and remote work, necessitates robust and centralized policy management. Organizations face mounting pressure to comply with stringent data privacy regulations like GDPR and CCPA, further fueling the demand for sophisticated SPM solutions. The market, estimated at $5 billion in 2025, is projected to witness a Compound Annual Growth Rate (CAGR) of 12% through 2033, reaching an estimated $12 billion by then. This growth is propelled by the adoption of advanced technologies like artificial intelligence (AI) and machine learning (ML) to automate policy enforcement and improve threat detection. Leading vendors such as Google, Amazon, Cisco, and Check Point are investing heavily in R&D to offer innovative SPM solutions that address the dynamic needs of enterprises across various sectors. The market segmentation reveals significant opportunities within specific verticals. The financial services sector, for example, is expected to drive significant growth due to strict regulatory compliance demands and the high value of the data they manage. Similarly, the healthcare industry faces increasing pressure to protect sensitive patient information, contributing to strong growth in this segment. However, the market faces certain restraints, including the high initial investment costs associated with implementing SPM solutions and the complexity of integrating these solutions with existing IT infrastructure. Despite these challenges, the long-term outlook for the SPM market remains positive, fueled by continuous innovation and increasing awareness of the importance of effective security policy management.

Article Contributions This file enumerates and explains the distribution of the datasets in the files.

Privacy Policies dataset This dataset ["Policies_urls.csv"] contains 142 privacy policy URLs with the corresponding organization. These URLs were obtained with the two methods (Selenium & Google) described in the article. This is the reason for duplicated URLs.

300 Domain Holders This dataset ["300_domain_holders.xlsx"] contains three different sheets for each of the datasets used for the validations described in the article i.e. Fortune 500, PII_receivers_1 (for the technique's evaluation) and PII_receivers_2 (for ROI's evaluation).

Recipient Domains this dataset ["Domains_receiving_PII.csv"] contains the 40,493 dataflows corresponding to the 1,112 unique domains receiving personal data from Android apps.