PrivacyAkinator: Articulating Key Privacy Design Decisions by Answering LLM-Generated Multiple-choice Questions
PrivacyAkinator, developed by researchers and described in a paper on arXiv (2605.20206), addresses the complexity of NIST's Privacy Risk Assessment Methodology (PRAM). An observational study with 12 participants found that novice developers struggled most with articulating privacy-related design decisions. PrivacyAkinator offers three innovations: a universal privacy representation that abstracts decisions into data flows and stakeholder interactions; a domain-aware design space mined from 10K privacy-related news articles; and a dynamic question-generation workflow to prioritize relevant questions. In a user study with 24 participants, developers using PrivacyAkinator identified 47% more key decisions in 73% less time compared to PRAM. The tool is interactive and leverages LLM-generated multiple-choice questions to guide developers through privacy design decisions.
PrivacyAkinator significantly reduces time and effort for developers to identify key privacy decisions.