"You don't need a university degree to comprehend data protection this way": LLM-Powered Interactive Privacy Policy Assessment
Vincent Freiberger, Arthur Fleig, Erik Buchmann
TL;DR
Privacy policies are often dense and poorly understood by users, limiting awareness of data practices. The authors present PRISMe, an LLM-powered browser extension with an interactive dashboard and chat that assesses policies and communicates findings in plain language, evaluated through a qualitative lab study with 22 participants. Findings show improved understanding and increased privacy awareness, but also highlight trust issues and occasional LLM limitations, including hallucinations and incomplete policy scraping. The work provides design implications for interactive, evidence-backed privacy policy tools and suggests pathways for more reliable, user-centric AI-assisted policy analysis in real-world use.
Abstract
Protecting online privacy requires users to engage with and comprehend website privacy policies, but many policies are difficult and tedious to read. We present the first qualitative user study on Large Language Model (LLM)-driven privacy policy assessment. To this end, we build and evaluate an LLM-based privacy policy assessment browser extension, which helps users understand the essence of a lengthy, complex privacy policy while browsing. The tool integrates a dashboard and an LLM chat. In our qualitative user study (N=22), we evaluate usability, understandability of the information our tool provides, and its impacts on awareness. While providing a comprehensible quick overview and a chat for in-depth discussion improves privacy awareness, users note issues with building trust in the tool. From our insights, we derive important design implications to guide future policy analysis tools.