CLEAR: Towards Contextual LLM-Empowered Privacy Policy Analysis and Risk Generation for Large Language Model Applications

TL;DR

This paper introduces CLEAR, a contextual assistant leveraging LLMs to help users understand privacy policies and risks in LLM-powered applications, aiming to enhance user awareness and safety.

Contribution

The paper presents a novel, user-centered approach with co-design workshops and a practical tool, CLEAR, to improve privacy risk understanding in LLM applications.

Findings

CLEAR is easy to use and enhances user understanding of privacy risks.

User feedback indicates increased awareness of data practices.

The approach informs design and policy for safer LLM deployment.

Abstract

The rise of end-user applications powered by large language models (LLMs), including both conversational interfaces and add-ons to existing graphical user interfaces (GUIs), introduces new privacy challenges. However, many users remain unaware of the risks. This paper explores methods to increase user awareness of privacy risks associated with LLMs in end-user applications. We conducted five co-design workshops to uncover user privacy concerns and their demand for contextual privacy information within LLMs. Based on these insights, we developed CLEAR (Contextual LLM-Empowered Privacy Policy Analysis and Risk Generation), a just-in-time contextual assistant designed to help users identify sensitive information, summarize relevant privacy policies, and highlight potential risks when sharing information with LLMs. We evaluated the usability and usefulness of CLEAR across two example domains: ChatGPT and the Gemini plugin in Gmail. Our findings demonstrated that CLEAR is easy to use and improves users' understanding of data practices and privacy risks. We also discussed LLM's duality in posing and mitigating privacy risks, offering design and policy implications.