GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling

Himadri Chowdhury; Md Istiak Morsalin; Rafe Sumnan Azade; Vijayalakshmi Ramasamy; Gokila Dorai

doi:10.1007/978-3-032-13513-1_33

GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling

Himadri Chowdhury
, Md Istiak Morsalin
, Rafe Sumnan Azade
, Vijayalakshmi Ramasamy
, Gokila Dorai

Computer Science

Georgia Southern University
Augusta University

Research output: Contribution to book or proceeding › Conference article › peer-review

Abstract

Privacy policies play a crucial role in disclosing organizational data practices; however, their lengthy and complex nature hinders user understanding and regulatory auditing, particularly in e-commerce. To address these challenges, we introduce the Data Protection Regulation analysis (GraphDPR) framework, which leverages graph-based semantic analysis for auditing privacy policies. GraphDPR employs transformer-based text processing, knowledge graph creation, and unsupervised topic modeling to generate structured representations of policy content. It converts privacy policies into entity–category–data point triples, normalizes them with Sentence-BERT embeddings, and enhances them into company-specific knowledge graphs using Neo4j. These graphs are then analyzed with Latent Dirichlet Allocation (LDA) to identify thematic patterns in the data collection. GraphDPR facilitates both static and comparative audits by aligning policy content with regulatory standards, yielding interpretable insights into compliance. Experimental results indicate that it provides better regulatory coverage and topic clarity than existing systems, like PolicyGPT and Poligraph. By integrating graph mining and semantic modeling, GraphDPR enhances automated privacy policy auditing and supports scalable compliance monitoring.

Original language	English
Title of host publication	Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings
Editors	Aijun An, Alfredo Cuzzocrea, Hongxin Hu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	422-430
Number of pages	9
ISBN (Print)	9783032135124
DOIs	https://doi.org/10.1007/978-3-032-13513-1_33
State	Published - 2026
Event	17th International Conference on Social Networks Analysis and Mining, ASONAM 2025 - Niagara Falls, Canada Duration: Aug 25 2025 → Aug 28 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	16322 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th International Conference on Social Networks Analysis and Mining, ASONAM 2025
Country/Territory	Canada
City	Niagara Falls
Period	08/25/25 → 08/28/25

Scopus Subject Areas

Theoretical Computer Science
General Computer Science

Keywords

Compliance Scoring
Knowledge Graphs
Privacy Policy Analysis
Topic Modelling

Access to Document

10.1007/978-3-032-13513-1_33

Cite this

Chowdhury, H., Morsalin, M. I., Azade, R. S., Ramasamy, V., & Dorai, G. (2026). GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling. In A. An, A. Cuzzocrea, & H. Hu (Eds.), Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings (pp. 422-430). (Lecture Notes in Computer Science; Vol. 16322 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-13513-1_33

Chowdhury, Himadri ; Morsalin, Md Istiak ; Azade, Rafe Sumnan et al. / GraphDPR : A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling. Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings. editor / Aijun An ; Alfredo Cuzzocrea ; Hongxin Hu. Springer Science and Business Media Deutschland GmbH, 2026. pp. 422-430 (Lecture Notes in Computer Science).

@inproceedings{d3e3d90f0acc4de580b6727eba5d7732,

title = "GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling",

abstract = "Privacy policies play a crucial role in disclosing organizational data practices; however, their lengthy and complex nature hinders user understanding and regulatory auditing, particularly in e-commerce. To address these challenges, we introduce the Data Protection Regulation analysis (GraphDPR) framework, which leverages graph-based semantic analysis for auditing privacy policies. GraphDPR employs transformer-based text processing, knowledge graph creation, and unsupervised topic modeling to generate structured representations of policy content. It converts privacy policies into entity–category–data point triples, normalizes them with Sentence-BERT embeddings, and enhances them into company-specific knowledge graphs using Neo4j. These graphs are then analyzed with Latent Dirichlet Allocation (LDA) to identify thematic patterns in the data collection. GraphDPR facilitates both static and comparative audits by aligning policy content with regulatory standards, yielding interpretable insights into compliance. Experimental results indicate that it provides better regulatory coverage and topic clarity than existing systems, like PolicyGPT and Poligraph. By integrating graph mining and semantic modeling, GraphDPR enhances automated privacy policy auditing and supports scalable compliance monitoring.",

keywords = "Compliance Scoring, Knowledge Graphs, Privacy Policy Analysis, Topic Modelling",

author = "Himadri Chowdhury and Morsalin, \{Md Istiak\} and Azade, \{Rafe Sumnan\} and Vijayalakshmi Ramasamy and Gokila Dorai",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 17th International Conference on Social Networks Analysis and Mining, ASONAM 2025 ; Conference date: 25-08-2025 Through 28-08-2025",

year = "2026",

doi = "10.1007/978-3-032-13513-1\_33",

language = "English",

isbn = "9783032135124",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "422--430",

editor = "Aijun An and Alfredo Cuzzocrea and Hongxin Hu",

booktitle = "Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings",

address = "Germany",

}

Chowdhury, H, Morsalin, MI, Azade, RS, Ramasamy, V & Dorai, G 2026, GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling. in A An, A Cuzzocrea & H Hu (eds), Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings. Lecture Notes in Computer Science, vol. 16322 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 422-430, 17th International Conference on Social Networks Analysis and Mining, ASONAM 2025, Niagara Falls, Canada, 08/25/25. https://doi.org/10.1007/978-3-032-13513-1_33

GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling. / Chowdhury, Himadri; Morsalin, Md Istiak; Azade, Rafe Sumnan et al.
Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings. ed. / Aijun An; Alfredo Cuzzocrea; Hongxin Hu. Springer Science and Business Media Deutschland GmbH, 2026. p. 422-430 (Lecture Notes in Computer Science; Vol. 16322 LNCS).

Research output: Contribution to book or proceeding › Conference article › peer-review

TY - GEN

T1 - GraphDPR

T2 - 17th International Conference on Social Networks Analysis and Mining, ASONAM 2025

AU - Chowdhury, Himadri

AU - Morsalin, Md Istiak

AU - Azade, Rafe Sumnan

AU - Ramasamy, Vijayalakshmi

AU - Dorai, Gokila

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - Privacy policies play a crucial role in disclosing organizational data practices; however, their lengthy and complex nature hinders user understanding and regulatory auditing, particularly in e-commerce. To address these challenges, we introduce the Data Protection Regulation analysis (GraphDPR) framework, which leverages graph-based semantic analysis for auditing privacy policies. GraphDPR employs transformer-based text processing, knowledge graph creation, and unsupervised topic modeling to generate structured representations of policy content. It converts privacy policies into entity–category–data point triples, normalizes them with Sentence-BERT embeddings, and enhances them into company-specific knowledge graphs using Neo4j. These graphs are then analyzed with Latent Dirichlet Allocation (LDA) to identify thematic patterns in the data collection. GraphDPR facilitates both static and comparative audits by aligning policy content with regulatory standards, yielding interpretable insights into compliance. Experimental results indicate that it provides better regulatory coverage and topic clarity than existing systems, like PolicyGPT and Poligraph. By integrating graph mining and semantic modeling, GraphDPR enhances automated privacy policy auditing and supports scalable compliance monitoring.

AB - Privacy policies play a crucial role in disclosing organizational data practices; however, their lengthy and complex nature hinders user understanding and regulatory auditing, particularly in e-commerce. To address these challenges, we introduce the Data Protection Regulation analysis (GraphDPR) framework, which leverages graph-based semantic analysis for auditing privacy policies. GraphDPR employs transformer-based text processing, knowledge graph creation, and unsupervised topic modeling to generate structured representations of policy content. It converts privacy policies into entity–category–data point triples, normalizes them with Sentence-BERT embeddings, and enhances them into company-specific knowledge graphs using Neo4j. These graphs are then analyzed with Latent Dirichlet Allocation (LDA) to identify thematic patterns in the data collection. GraphDPR facilitates both static and comparative audits by aligning policy content with regulatory standards, yielding interpretable insights into compliance. Experimental results indicate that it provides better regulatory coverage and topic clarity than existing systems, like PolicyGPT and Poligraph. By integrating graph mining and semantic modeling, GraphDPR enhances automated privacy policy auditing and supports scalable compliance monitoring.

KW - Compliance Scoring

KW - Knowledge Graphs

KW - Privacy Policy Analysis

KW - Topic Modelling

UR - https://www.scopus.com/pages/publications/105028876216

U2 - 10.1007/978-3-032-13513-1_33

DO - 10.1007/978-3-032-13513-1_33

M3 - Conference article

AN - SCOPUS:105028876216

SN - 9783032135124

T3 - Lecture Notes in Computer Science

SP - 422

EP - 430

BT - Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings

A2 - An, Aijun

A2 - Cuzzocrea, Alfredo

A2 - Hu, Hongxin

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 25 August 2025 through 28 August 2025

ER -

Chowdhury H, Morsalin MI, Azade RS, Ramasamy V, Dorai G. GraphDPR: A Privacy Policy Analysis Framework Using Knowledge Graphs and Topic Modeling. In An A, Cuzzocrea A, Hu H, editors, Social Networks Analysis and Mining - 17th International Conference, ASONAM 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2026. p. 422-430. (Lecture Notes in Computer Science). doi: 10.1007/978-3-032-13513-1_33