Authors - Deepali Lokare, Pankaj Chandre, Prashant Dhotre Abstract - The rapid expansion of digital services has significantly increased the collection and processing of personal data through online platforms such as e-commerce systems, social media applications, and digital payment services. To regulate the use of personal information, governments worldwide have introduced data protection regulations such as the General Data Protection Regulation (GDPR), the Digital Personal Data Protection Act (DPDPA), and the California Consumer Privacy Act (CCPA). Organizations publish privacy policies to inform users about their data practices; however, these policies are often lengthy, complex, and difficult for users to understand. Consequently, users frequently accept privacy policies without fully reviewing how their personal data is collected, processed, and shared. Recent research has explored automated approaches for privacy policy analysis using artificial intelligence techniques, including machine learning, natural language processing, and large language models. Retrieval-Augmented Generation (RAG) has further enhanced compliance evaluation by linking policy statements with relevant regulatory clauses. Despite these advancements, challenges remain, such as the lack of standardised datasets, limited explainability of AI decisions, dependence on prompt design, and insufficient validation with regulatory experts. This paper discusses future research directions in AI-driven privacy policy compliance analysis and highlights emerging opportunities for improving regulatory compliance assessment, user privacy protection, and transparent privacy governance in digital ecosystems.
Open Zoom