Abstract
Users’ privacy concerns regarding their electronic data and its use across digital platforms have intensified with the rapid diffusion of Generative AI and large language models (LLMs). Unlike conventional digital platforms, LLM-based systems may process personal data across multiple stages of the AI lifecycle, including model training, fine-tuning, prompt interactions, uploaded documents, user feedback, and generated outputs. These practices introduce new forms of opacity and uncertainty regarding how user data is collected, retained, inferred, reused, or incorporated into AI-enabled services. Although regulations and policies, such as the General Data Protection Regulation (GDPR) and emerging AI governance frameworks, seek to strengthen users’ rights to transparency, control, and intervenability, many existing approaches remain largely ex-post. That is, they provide users with information after data practices and system architectures have already been designed and implemented. While ex-post transparency tools can offer valuable insight into organizational data practices, they are limited in their ability to support meaningful user agency and autonomy in the context of LLM-enabled systems. In particular, they often do not capture users’ privacy expectations, concerns, and values before AI systems and related data policies are developed. To address this limitation, this research proposes a human-centered approach for designing GenAI data privacy policies with users rather than for users. Drawing on human-centered design principles from Human-Computer Interaction (HCI), this study develops a participatory framework for eliciting users’ privacy needs, values, constraints, and preferences in relation to LLM-enabled data practices. The proposed approach aims to facilitate mutual understanding between users, designers, and organizations while supporting more transparent, accountable, and responsive AI privacy governance. By incorporating users’ voices ex-ante, this research contributes to the design of more effective and human-centered privacy policies for Generative AI environments.
Recommended Citation
Albizri, Abdullah and Nehme, Alaa, "Designing Data Privacy Policies for Generative AI: A Human-Centered Approach to User Agency, Transparency, and Intervenability" (2026). AMCIS 2026 TREOs. 187.
https://aisel.aisnet.org/treos_amcis2026/187