PoliCond: Condition-Aware Ontology-Driven LLMs for Privacy Policy Contradiction Analysis

Although privacy policies serve as the primary mechanism for disclosing data practices under regulations like the General Data Protection Regulation, they frequently contain internal conflicts that undermine transparency and user trust. Existing research has advanced automated privacy policy contradiction analysis by leveraging language models, tuple-based knowledge representations and ontologies (or knowledge graphs) to resolve natural language ambiguities. However, traditional 3-tuple (entity, action, data type) lack contextual information and fail to distinguish data collection practices under varying scenarios, leading to incomplete or misleading contradiction detection. To address these challenges, we present PoliCond, a framework that combines condition-aware tuple representations, domain ontologies and large language models. On established benchmarks, PoliCond achieves an F1 score of 88.6%, outperforming prior methods (58.2%), with an average processing time of 8.4 seconds per policy. In a real-world analysis of 175 privacy policies, PoliCond uncovers previously undetected internal contradictions, including 46 inconsistent policies and 48 contradictory pairs of policy segments missed by existing approaches. These findings underscore the prevalence of inconsistencies in privacy policies and demonstrate the practical utility of PoliCond.