Natural Language but Omitted? On the Ineffectiveness of Large Language Models' privacy policy from End-users' Perspective

TL;DR

This study investigates how end-users read and understand privacy policies of large language models, revealing that users often miss critical information and remain concerned about privacy despite detailed reading.

Contribution

First user study examining LLM privacy policy comprehension, highlighting gaps in user understanding and persistent privacy concerns, with design implications.

Findings

Users miss important privacy information in cursory reading.

Detailed reading does not fully alleviate privacy concerns.

Users remain worried about privacy even after thorough reading.

Abstract

LLMs driven products were increasingly prevalent in our daily lives, With a natural language based interaction style, people may potentially leak their personal private information. Thus, privacy policy and user agreement played an important role in regulating and alerting people. However, there lacked the work examining the reading of LLM's privacy policy. Thus, we conducted the first user study to let participants read the privacy policy and user agreement with two different styles (a cursory and detailed style). We found users lack important information upon cursory reading and even detailed reading. Besides, their privacy concerns was not solved even upon detailed reading. We provided four design implications based on the findings.