PRISMe: A Novel LLM-Powered Tool for Interactive Privacy Policy Assessment

This results in significant privacy risks, such as automated influence [7], manipulation [54], and potential security breaches. Yet, while companies invest heavily in acquiring and analyzing their users' personal data, users without extensive research or background knowledge lack awareness of the associated privacy risks [29] or have distorted perceptions of risks [31], which results in irrational decisions [1]. Regulations such as the GDPR [25] force companies to communicate data management practices and users' rights regarding their data in privacy policies, to enhance users' decision-making. However, evidence shows that companies focus on compliance, effectively targeting lawyers instead of users [78], so users rarely read privacy policies [61]. Using LLMs to automatically assess privacy policies is a promising approach to solve this issue [37, 72, 91]. Yet, no prior work evaluates their impact on understandability and risk awareness from a user's perspective through a user study. Additionally, to the best of our knowledge, no existing tool combines LLM-based automatic privacy policy assessment with: (i) dynamic evaluation criteria not focused on compliance but tailored to type of platform (e.g., e-commerce or health services); (ii) an interactive dashboard; and (iii) a chat for open conversations with the LLM with (iv) customizable explanations and responses that adapt to the user's preferences for detail and complexity. To address these gaps, we introduce PRISMe (Privacy Risk Information Scanner for Me), a Chrome extenstion with the above features designed to empower users in making informed privacy decisions. To evaluate PRISMe, we conducted a scenario-based, mixed-methods user study with a qualitative focus.