Design of a Compliance Index for Privacy Policies: A Study of Mobile Wallet and Remittance Services

Many nations have adopted comprehensive data privacy laws to protect customers' data. However, privacy policies of mobile wallet digital payment systems (DPS), and particularly the mobile wallet and remittance services that are part of DPS, are often not compliant with privacy laws. There is a lack of measures to assess how adequate the policies are in addressing data privacy issues. To address this problem, this article develops a compliance index to help DPS organizations assess the compliance of their privacy policies with the general data protection regulation (GDPR). The compliance index is created through a natural language process that includes term frequency-inverse document frequency matrix and topic modeling using latent Dirichlet allocation, to compute 1) an emphasis density score that indicates the level of emphasis a privacy policy places on GDPR dimensions, and 2) a privacy score that identifies the level of compliance of a privacy policy with GDPR. The compliance index is validated by assessing its effectiveness at the country level in comparison with an international publicly available data privacy benchmark.