What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI

TL;DR

This study explores how users perceive and rely on security and privacy information in consumer-facing generative AI, revealing gaps in current transparency practices and proposing design improvements.

Contribution

It provides empirical insights into user perceptions of S&P transparency in GenAI and offers design recommendations to enhance trust and usability.

Findings

Users rarely base adoption decisions on S&P info due to perceived incompleteness.

Uncertainty about S&P practices affects continued use, especially in high-stakes scenarios.

Participants desire trustworthy, accessible transparency to support informed decision-making.

Abstract

Users increasingly rely on consumer-facing generative AI (GenAI) for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy (S&P) communications in GenAI tools shape users' adoption decisions and subsequent experiences. Understanding how users seek, interpret, and evaluate S&P information is critical for designing usable transparency that users can trust and act on. We conducted semi-structured interviews and design sessions with 21 U.S. GenAI users. We find that available S&P information rarely drove initial adoption in practice, as participants often perceived it as incomplete, ineffective, or lacking credibility. Instead, they relied on rough proxies, such as popularity, to infer S&P practices. After adoption, uncertainty about S&P practices constrained participants' willingness to use GenAI tools, particularly in high-stakes contexts, and, in some cases, contributed to discontinued use. Participants therefore called for transparency that supports decision-making and use, including trustworthy information (e.g., independent evaluations) and usable interfaces (e.g., on-demand disclosure). We synthesize participants' desired design practices into five dimensions to facilitate systematic future investigation into best practices. We conclude with recommendations for researchers, designers, and policymakers to improve S&P transparency in consumer-facing GenAI.