Privacy Leakage Overshadowed by Views of AI: A Study on Human Oversight of Privacy in Language Model Agent

TL;DR

This study investigates how people oversee privacy risks in language model agents, revealing that users often accept responses with higher privacy leakage, which can lead to increased harmful disclosures.

Contribution

First empirical analysis of human oversight of privacy in LM agents, identifying privacy behavior patterns and implications for designing privacy-aware AI systems.

Findings

Users may prefer responses with more privacy leakage.

Harmful disclosures increased from 15.7% to 55.0%.

Six privacy behavior patterns were identified.

Abstract

Language model (LM) agents that act on users' behalf for personal tasks (e.g., replying emails) can boost productivity, but are also susceptible to unintended privacy leakage risks. We present the first study on people's capacity to oversee the privacy implications of the LM agents. By conducting a task-based survey ($N=300$), we investigate how people react to and assess the response generated by LM agents for asynchronous interpersonal communication tasks, compared with a response they wrote. We found that people may favor the agent response with more privacy leakage over the response they drafted or consider both good, leading to an increased harmful disclosure from 15.7% to 55.0%. We further identified six privacy behavior patterns reflecting varying concerns, trust levels, and privacy preferences underlying people's oversight of LM agents' actions. Our findings shed light on designing agentic systems that enable privacy-preserving interactions and achieve bidirectional alignment on privacy preferences to help users calibrate trust.