A catalog of quality criteria to guide the assessment of applications' privacy policies.

Context: The information about personal data processing must be described in the companies' privacy policies. Problem: privacy policies are long documents, full of jargon, and do not always comply with the current privacy law. Besides, the privacy policies should be consistent with requirements document and application behavior, hence, it is of paramount importance that stakeholders should be able to evaluate the quality of the privacy policies. Objective: This work proposes a catalog of criteria for assessing the quality of privacy policies. Method: the snowballing technique was performed to find relevant studies that evaluate privacy policies. Results: The proposed catalog, elaborated from the empirical results of 48 studies, has 29 different criteria grouped into five categories. Contributions: The developed catalog can help: (i) requirements engineers to check the consistency of the privacy policies content with the requirements document; (ii) writers to create more precise and complete documents regarding users' rights in accordance with the requirements document, (iii) analysts and developers to make them more straightforward which information must be properly documented about the practice of data collection; (iv) end-users to understand the content of the privacy policies.