GenAIPABench: A Benchmark for Generative AI-based Privacy Assistants

Authors: Aamir Hamid (Univ. of Maryland Baltimore County), Hemanth Reddy Samidi (Univ. of Maryland Baltimore County), Primal Pappachan (Portland State University), Tim Finin (Univ. of Maryland Baltimore County), Roberto Yus (Univ. of Maryland Baltimore County)

Volume: 2024
Issue: 3
Pages: 336–352
DOI: https://doi.org/10.56553/popets-2024-0081

Artifact: Available

Download PDF

Abstract: Website privacy policies are often lengthy and intricate. Privacy assistants assist in simplifying policies and making them more accessible and user-friendly. The emergence of generative AI (genAI) offers new opportunities to build privacy assistants that can answer users’ questions about privacy policies. However, genAI’s reliability is a concern due to its potential for producing inaccurate information. This study introduces GenAIPABench, a benchmark for evaluating Generative AI-based Privacy Assistants (GenAIPAs). GenAIPABench includes: 1) A set of curated questions about privacy policies along with annotated answers for various organizations and regulations; 2) Metrics to assess the accuracy, relevance, and consistency of responses; and 3) A tool for generating prompts to introduce privacy policies and paraphrased variants of the curated questions. We evaluated 3 leading genAI systems—ChatGPT-4, Bard, and Bing AI—using GenAIPABench to gauge their effectiveness as GenAIPAs. Our results demonstrate significant promise in genAI capabilities in the privacy domain while also highlighting challenges in managing complex queries, ensuring consistency, and verifying source accuracy.

Keywords: Generative Artificial Intelligence, Large Language Models, Privacy Policies, Data Protection Regulations, Benchmark

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.