Qiyu Li, University of California, San Diego
Privacy design is often treated as inherently open-ended and deeply contextual. Small shifts in context—who requests data, for what purpose, under what stakes, and with what downstream sharing—can flip whether a data practice feels appropriate. While this captures a real phenomenon, it has also left us with privacy frameworks that are too abstract and generic to operationalize for developers without specialized privacy expertise.
In this talk, we explore methods to significantly lower the barrier of privacy risk assessment for developers. We argue that privacy design is more structured than it appears: many recurring privacy-relevant decisions can be captured using a structured, closed-ended representation. By constructing such a representation, we can transform a significant portion of open-ended privacy design into a closed-ended task.
We operationalize this through PrivacyAkinator, an interactive tool that guides developers through key privacy design decisions via LLM-generated multiple-choice questions. By grounding privacy assessment in a structured representation of the privacy design space, PrivacyAkinator transforms privacy design from ad-hoc decision-making into systematic, auditable design support.
Authors: Qiyu Li, Haojian Jin
Qiyu Li is a Ph.D. student at UC San Diego, Halıcıoğlu Data Science Institute, advised by Prof. Haojian Jin. His research lies in the intersection of Privacy & Security and Human-Computer Interaction (HCI), with a focus on harnessing AI to build usable tools that help developers create effective privacy designs.
author = {Qiyu Li},
title = {Turning Privacy Risk Assessment Into 20 Questions for Developers},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}
