How A Law Firm Built Its Own AI-Driven GDPR Platform 

How A Law Firm Built its Own AI-Driven GDPR Platform

A Guest Post by Sergii Shcherbak, lawyer and software developer at Synch

Synch is an international law firm with headquarters in Stockholm, Sweden, and we have launched PrivacyPolicyCheck.Ai, a client-oriented legal AI tool developed entirely in-house.

The tool provides high-level analysis of privacy policies from a GDPR compliance perspective, and it is free to use.

The Tech

Having submitted a privacy policy, the user is shown results in the form of a compliance checklist comprising 17 GDPR requirements for a privacy policy, mandatory and conditional, such as:

(i) the data controller’s identification and contact details,

(ii) information on third country transfers,

and, (iii) legal ground (basis) for the processing of personal data.

Each of the requirements is accompanied with explanatory text, providing more details on the requirement and guidance on achieving compliance.

Since many of Synch’s customers are international, it was natural to start with the English version of the tool. Therefore, only privacy policies in English are supported at this stage.

As for technical details, the application is written in Python (backend, partially frontend) and JavaScript (frontend). The AI is based on deep learning, one of the most advanced and efficient approaches in machine learning.

Each of the covered 17 GDPR requirements is analyzed by a separate neural network, trained on hundreds of privacy policies and tweaked depending on the task at hand. Moreover, there is an additional neural network that serves as a ‘gatekeeper’ to the tool by determining whether the submitted document is a privacy policy and worth analyzing.

The tool allows for continuous training from privacy policies voluntarily supplied for this purpose by users. Hence, the accuracy of the underlying AI is improved over time.

The platform interface.

The Team

As regards the team behind PrivacyPolicyCheck.Ai, the application has been developed at Synch by Sergii Shcherbak, lawyer and AI developer, with the assistance of Anders Holm-Jensen, who is also a lawyer with software development expertise, and Hampus Stålholm, GDPR expert.

All this means that the training data was prepared, and the deep learning models were trained and tweaked, by those who regularly advise on the GDPR and understand the data protection requirements and principles.

Data cleaning is not less time-consuming than deploying AI’s neural networks. It takes time to go through many different types of privacy policies, compliant and not, and to sort these documents into different categories.

This way, AI can clearly see what is ‘right’ and what is ‘wrong’ and remember lots of distinct cases, hundreds of them. Only then, having been presented with a variety of different wordings, AI can derive conclusions based on the diverse data it saw during the training.

Magnus Sundqvist, our Head of Digital Services at Synch, summed up what we have done: ‘We are proud to be the first law firm in the Nordics to have developed legal AI entirely in-house, with the help of our brilliant AI and legal experts. Positive feedback that we have been receiving since launch demonstrates that the tool is easy to use and helps companies comply with the GDPR. This is our first digital product within the domain of AI, and we are confident there are more useful legal AI solutions from us yet to come.’