Privy: Envisioning and Mitigating Privacy Risks for Consumer-facing AI Product Concepts
This addresses privacy risk management for AI practitioners, offering a practical tool to overcome barriers in privacy work, though it is incremental as it builds on existing assessment methods with AI enhancements.
The paper tackles the problem of AI practitioners lacking resources to identify and mitigate privacy risks in consumer-facing AI products by introducing Privy, a tool that guides structured privacy impact assessments. Results from a controlled study with 24 practitioners and 13 privacy experts show that Privy helps produce high-quality assessments, with the LLM-powered version enhancing these effects, and practitioners rated it as useful and usable.
AI creates and exacerbates privacy risks, yet practitioners lack effective resources to identify and mitigate these risks. We present Privy, a tool that guides practitioners through structured privacy impact assessments to: (i) identify relevant risks in novel AI product concepts, and (ii) propose appropriate mitigations. Privy was shaped by a formative study with 11 practitioners, which informed two versions -- one LLM-powered, the other template-based. We evaluated these two versions of Privy through a between-subjects, controlled study with 24 separate practitioners, whose assessments were reviewed by 13 independent privacy experts. Results show that Privy helps practitioners produce privacy assessments that experts deemed high quality: practitioners identified relevant risks and proposed appropriate mitigation strategies. These effects were augmented in the LLM-powered version. Practitioners themselves rated Privy as being useful and usable, and their feedback illustrates how it helps overcome long-standing awareness, motivation, and ability barriers in privacy work.