This Data Viz Tool Explains Privacy Policies You’re Too Lazy To Read

A new tool turns thousands of complex, inscrutable documents into beautiful visualizations.

People don’t read privacy policies. One study from 2016 showed that people will agree to anything to get past that daunting mess of legalese; 98% of the study’s participants didn’t realize that the policy for a fake social networking site gave all their personal information to the NSA and even required them to give up their first born child.


But a new project called Polisis poses a way to make these policies easier to understand: visualize them. The tool uses machine learning to analyze any privacy policy on the internet and creates flow charts that reveal how companies use your data, what third parties receive it, and what you can do about it. While it’s a great tool for understanding exactly what any website is doing with your data, Polisis has an even larger goal: to create an entirely new interface for privacy policies.

Google [Screenshot: Hamza Harkous]
“Privacy policies so far play the role of being legally binding on one side, and being an interface on the other side to the users,” says post-doctoral researcher Hamza Harkous, who created Polisis and studies human-computer interaction, data, and privacy at the Swiss university EPFL. “I hope at some point we’ll arrive at a point where the privacy policy legal text is no longer the default interface for privacy information about websites.”

Polisis is the result of an AI system Harkous first created when making a chatbot, called Pribot, that would be able to answer any questions you might have about a service’s privacy policy. To build the bot, Harkous and the team of researchers he worked with needed to be able to understand exactly what each privacy policy was saying. He captured all the policies from the Google Play Store–about 130,000 policies–and fed them into a machine learning algorithm that could learn to distinguish different parts of the policies. Then, the team used a second dataset, from the Usable Privacy Policy Project, consisting of 115 policies that law students had annotated, to train more algorithms to distinguish more granular details, like financial data that the company uses and financial data the company shares with third parties.

Once they’d built the system, Harkous realized that the chatbot interface was only useful if you had a specific question about a specific company. So he began work on Polisis, which uses the same underlying system but just represents the flow of data in a visual way.

Facebook [Screenshot: Hamza Harkous]
“We had a lot of powerful techniques just waiting for people to ask via a chatbot,” Harkous says. “This allows you to discover them in a single interface and allow you to discover what’s inside the privacy policy. It removes the barrier between the user and the privacy barrier. It’s colorful, you can see data flowing.”

Some of the most interesting insights Harkous has noticed of the nearly 16,500 policies the system has analyzed so far come from the privacy policies for Apple and Pokemon Go. Both companies take users’ location data, which makes sense given that they both offer location-based services, but the Polisis visualizations show just how many things they use location data for–in particular, advertising. You might not realize it, but when you catch a Pokemon in a certain area, the company is likely using your location to sell you things.


The project, which launched earlier this month, has already garnered thousands of views. Users have added 2,000 new websites, which the tool analyzes automatically and then adds to its database. You can also download a browser extension that takes you to the Polisis analysis of any service’s policy.

Spotify [Screenshot: Hamza Harkous]
The Polisis interface is far from perfect, and Harkous has plans to improve it. Right now, it’s hard to know what to pay attention to–the visualization treats all data-sharing as equal when it’s obviously not. Some forms of sharing are perfectly normal, while other types indicate shady practices. For instance, the free email unsubscribe service reads all your emails and sells information it finds there to third parties. But that’s something that would be hard to tell when looking at the site’s privacy viz, so Harkous is working on a tool that will analyze all the policies and point out surprising parts of particular policies that are abnormal. He also wants to make a side-by-side comparison tool and provide Polisis in other languages.

Ultimately, Harkhous hopes that companies will either adopt his tool as their default privacy policy, or develop a more user-friendly version of today’s hard-to-read fine print. The latter would be ideal, because it would be more accurate than anything his algorithm can do. “Maybe at some point, we can force companies to do it themselves and provide similar notices which are really easy to understand,” he says.

But for now, you can check out the site or download the plugin. It’ll save you the time it’d take to read the policies for every site you use on the internet today–about 76 full working days per year. And it may just help you feel more informed, and less guilty, the next time you hurriedly click “accept.”

About the author

Katharine Schwab is an associate editor at Co.Design based in New York who covers technology, design, and culture.