Enregistré dans:
Détails bibliographiques
Auteurs principaux: Kesari, Aniket, Breaux, Travis, Norton, Tom, Santos, Sarah, Singhal, Anmol
Format: Preprint
Publié: 2025
Sujets:
Accès en ligne:https://arxiv.org/abs/2507.04185
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866909676993511424
author Kesari, Aniket
Breaux, Travis
Norton, Tom
Santos, Sarah
Singhal, Anmol
author_facet Kesari, Aniket
Breaux, Travis
Norton, Tom
Santos, Sarah
Singhal, Anmol
contents Privacy law and regulation have turned to "consent" as the legitimate basis for collecting and processing individuals' data. As governments have rushed to enshrine consent requirements in their privacy laws, such as the California Consumer Privacy Act (CCPA), significant challenges remain in understanding how these legal mandates are operationalized in software. The opaque nature of software development processes further complicates this translation. To address this, we explore the use of Large Language Models (LLMs) in requirements engineering to bridge the gap between legal requirements and technical implementation. This study employs a three-step pipeline that involves using an LLM to classify software use cases for compliance, generating LLM modifications for non-compliant cases, and manually validating these changes against legal standards. Our preliminary findings highlight the potential of LLMs in automating compliance tasks, while also revealing limitations in their reasoning capabilities. By benchmarking LLMs against real-world use cases, this research provides insights into leveraging AI-driven solutions to enhance legal compliance of software.
format Preprint
id arxiv_https___arxiv_org_abs_2507_04185
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle From Legal Text to Tech Specs: Generative AI's Interpretation of Consent in Privacy Law
Kesari, Aniket
Breaux, Travis
Norton, Tom
Santos, Sarah
Singhal, Anmol
Software Engineering
Privacy law and regulation have turned to "consent" as the legitimate basis for collecting and processing individuals' data. As governments have rushed to enshrine consent requirements in their privacy laws, such as the California Consumer Privacy Act (CCPA), significant challenges remain in understanding how these legal mandates are operationalized in software. The opaque nature of software development processes further complicates this translation. To address this, we explore the use of Large Language Models (LLMs) in requirements engineering to bridge the gap between legal requirements and technical implementation. This study employs a three-step pipeline that involves using an LLM to classify software use cases for compliance, generating LLM modifications for non-compliant cases, and manually validating these changes against legal standards. Our preliminary findings highlight the potential of LLMs in automating compliance tasks, while also revealing limitations in their reasoning capabilities. By benchmarking LLMs against real-world use cases, this research provides insights into leveraging AI-driven solutions to enhance legal compliance of software.
title From Legal Text to Tech Specs: Generative AI's Interpretation of Consent in Privacy Law
topic Software Engineering
url https://arxiv.org/abs/2507.04185