Understanding Privacy Norms through Web Forms

TL;DR

This work introduces a large-scale measurement of PI collection via web forms to uncover privacy norms contextualized by website category and form type. It combines a bespoke web-form crawler with an LLM-assisted annotation pipeline to produce 293k labeled forms from 11,500 sites, enabling analysis of PI types and form functionalities. The study finds that observed PI collection patterns align with functional and legal requirements, yet deviations often indicate unnecessary data collection, and privacy policies frequently misalign with these norms. The findings highlight a notable disconnect between privacy policy disclosures and in-the-wild practices, prompting questions about policy effectiveness and opportunities for privacy risk assessment tools. Overall, the work provides a baseline for data minimization across contexts and offers methodological resources for scalable privacy-norm measurement and policy analysis.

Abstract

Web forms are one of the primary ways to collect personal information online, yet they are relatively under-studied. Unlike web tracking, data collection through web forms is explicit and contextualized. Users (i) are asked to input specific personal information types, and (ii) know the specific context (i.e., on which website and for what purpose). For web forms to be trusted by users, they must meet the common sense standards of appropriate data collection practices within a particular context (i.e., privacy norms). In this paper, we extract the privacy norms embedded within web forms through a measurement study. First, we build a specialized crawler to discover web forms on websites. We run it on 11,500 popular websites, and we create a dataset of 293K web forms. Second, to process data of this scale, we develop a cost-efficient way to annotate web forms with form types and personal information types, using text classifiers trained with assistance of large language models (LLMs). Third, by analyzing the annotated dataset, we reveal common patterns of data collection practices. We find that (i) these patterns are explained by functional necessities and legal obligations, thus reflecting privacy norms, and that (ii) deviations from the observed norms often signal unnecessary data collection. In addition, we analyze the privacy policies that accompany web forms. We show that, despite their wide adoption and use, there is a disconnect between privacy policy disclosures and the observed privacy norms.

Figures (7)

• Figure 1: Web form examples. Left: the account registration form on facebook.com asks for name, phone number, email address, birth date, and gender. Right: the email list subscription form on macys.com asks for email address, zip code, and birth date. Users have to fill in the requested PI in the fields in order to use the functionality provided by the forms.
• Figure 2: Overview. ① We collect web forms from top websites using a customized crawler (Section \ref{['sec:web-forms-collection']}). ② We develop a machine learning system to annotate the web forms with form types and PI types (Section \ref{['sec:dataset-annotation']}). ③ We analyze the web forms to reveal common patterns of PI collection that reflect privacy norms and uncommon cases (Section \ref{['sec:analysis']}). ④ Finally, we also analyze privacy policies to compare the observed norms to disclosed PI collection practices (Section \ref{['sec:privacy-policy-analysis']}).
• Figure 3: Overview of form type classification.
• Figure 4: Collection rates of major PI types (contact information) by website category (left) and form type (right).
• Figure 5: Collection rates of less frequent PI types. For each PI type, we show the average collection rate (top-left cell) and contexts where the collection rates are significantly different from the average. Each cell shows the collection rate (i.e.,$P[t|w,f]$, the percentage at the bottom) and the number of websites that collect the PI type in the corresponding context (i.e.,$N[t|w,f]$).