AAU logo


Web Application Raises Privacy Awareness

Web Application Raises Privacy Awareness

A newly developed web application informs Internet users about how their personal information is being treated. Developed by researchers at Aalborg University, the goal is to make us aware of how much data we are giving away every time we are on the web. Photo: Lars Horn, Baghuset

Last modified: 08.03.2018

A new program shows how your personal information is being treated when you are on the web. The program was developed by Aalborg University (AAU) researchers to make clear just how much information we are sharing about ourselves.

Whenever you log on to Facebook, Google, Amazon or any other website that requires an account, you will at some point have given your consent for the service provider to gather some of your personal information. As you set up your account, you will most likely have clicked ‘yes, I agree’ to the terms of use – an expansive legal document that practically no one ever reads. This means that none of us has any idea how much information service providers gather, process and share – or how they choose to treat it.

The web tool PPET is here to change that. By visualising different websites’ privacy policies the application creates an instant awareness of how your personal information is being treated by the service provider.


The look of privacy lost

The PPET (short for Privacy Policy Elucidator Tool) plugin has been developed by Prashant Shantaram Dhotre, Henning Olesen and Samant Khajuria from the Center for Communication, Media and Information Technologies at Aalborg University.

The user interface is a small icon in the browser bar that lights up when you log on to a website. Clicking the icon brings you to a dashboard with a visual overview of the subjects that are covered in the current service providers’ privacy policy. The subject categories include information collection, way of information collection, purpose, information sharing, cookies, policies for children, information security measures, etc.

“Privacy policies are lengthy, overly complicated and really difficult to understand,” says Prashant Shantaram Dhotre. “Our tool captures the contents of the privacy policy document and classifies it into categories that are understandable to the user: this is what you have agreed to share, this is what the website knows about you and this is your private data that is now being used, processed, shared and so on.”

By rolling the mouse over a donut chart, the user gets an overview of the site’s policies in several categories. Each category contains a summary with bullet points that makes it easy to quickly browse through the policy and see exactly what you have agreed to.


Giving it all away

The purpose of the PPET is not only to get users to read and understand the privacy policies, but also to empower us to get a better bargain before signing off our valuable private information.

With the PPET it is possible to see exactly how much personal information you have agreed to give away in exchange for whatever service the website provides. And chances are that it is way too much.

“It is a common saying on the Internet that if you are not paying for a product then you are the product,” says Prashant Shantaram Dhotre. “Of course, nothing is free, but the balance is completely tipped. Why would you give information like your personal address, company address, religion, browser search history and so on to a website that sells tickets? It doesn’t make any sense – unless you are getting a better deal that way. And you don’t at the moment, because you are unaware of what is going on.”


Standards are needed

When using the PPET, it quickly becomes apparent that privacy policies vary in the extreme and often do not comply with policy design guidelines. If anything, this only makes the entire area even more chaotic and hazy.

The researchers behind the PPET suggest that all service providers should use a standardised template for privacy policies – preferably one that is aligned with the upcoming European data protection act.

Later this year, the EU will enforce the General Data Protection Regulation (GDPR) – a law designed to protect the personal data of individuals inside the European Union. The law gives users the right to prevent their personal data being processed for direct marketing, to have inaccurate data rectified or destroyed and to claim compensation for damages caused by breach of the law.



The PPET is currently being tested at the Sinhgad Institute in Pune, India where it is being used by 600 students, but Dhotre, Olesen and Khajuria will be developing the PPET further and make it available for international download for everyone as a Firefox add-on by June 2018. This will be implemented with the help of student alumni Anurag Bihani, Sinhagad Institute.






Prashant Shantaram Dhotre, Ph.D., Center for Communication, Media and Information Technologies at Aalborg University Copenhagen, psd@es.aau.dk,  +91 97 6372 2187

Henning Olesen, associate professor, Center for Communication, Media and Information Technologies at Aalborg University Copenhagen, olesen@cmi.aau.dk, + 45 9940 2516

Nelly Sander, press contact AAU, nsa@adm.aau.dk, +45 9940 2018