Rituraj Kirti and Inchara Shivalingaiah, Meta
Translating textual privacy requirements, especially purpose limitation, into enforceable controls across large-scale data ecosystems is slow, error-prone, and difficult to validate. We present an experience report on deploying an LLM-powered guided privacy engineering workflow that helps engineers: (1) decompose requirement text into implementable "privacy jobs to be done," (2) traverse data lineage to identify impacted datasets and flows, (3) suggest candidate enforcement and monitoring points, and (4) track state from interpretation → implementation → verification.
We will walk through a real requirement end-to-end, highlight where automation helped vs. where human judgment remained essential, and share practical lessons on system architecture, governance, evaluation, and failure modes (including misinterpretations and lineage gaps). Attendees will leave with a reusable workflow template and design guidelines for building similar systems in their organizations.
Rituraj Kirti is a Software Engineer at Meta who builds reusable patterns a.k.a 'recipes' for implementing end to end privacy controls at scale. He previously worked on applied ML products at Meta and holds a B.E. (Hons.) in Instrumentation Engineering from BITS Pilani.
Inchara Shivalingaiah is a Software Engineer on Meta's Privacy Infrastructure experiences team, where she builds developer workflows and platform capabilities to translate privacy requirements into verifiable technical controls. She holds an M.S. in Computer Science and Engineering from UCLA.
author = {Rituraj Kirti and Inchara Shivalingaiah},
title = {From Legalese to Logic: Translating Privacy Requirements into Verifiable Controls via Agentic Workflows},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}