This work addresses the limitation of existing visual privacy assessments, which predominantly rely on binary labels and fail to capture higher-order privacy risks arising from combinations of otherwise benign attributes. To overcome this, the authors propose a fine-grained, composition-based privacy evaluation framework. They introduce the first Composition-based Privacy Risk Taxonomy (CPRT), which establishes a hierarchical severity scale and an interpretable scoring function, and release the first large-scale image dataset aligned with this taxonomy. Leveraging vision-language models (VLMs) and supervised fine-tuning (SFT), they train an 8B-parameter deployable model that achieves performance on par with state-of-the-art VLMs in evaluating compositional privacy risks, significantly outperforming smaller models.

Existing visual privacy benchmarks largely treat privacy as a binary property, labeling images as private or non-private based on visible sensitive content. We argue that privacy is fundamentally compositional. Attributes that are benign in isolation may combine to produce severe privacy violations. We introduce the Compositional Privacy Risk Taxonomy (CPRT), a regulation-aware framework that organizes visual attributes according to standalone identifiability and compositional harm potential. CPRT defines four graded severity levels and is paired with an interpretable scoring function that assigns continuous privacy severity scores. We further construct a taxonomy-aligned dataset of 6.7K images and derive ground-truth compositional risk scores. By evaluating frontier and open-weight VLMs we find that frontier models align well with compositional severity when provided structured guidance, but systematically underestimate composition-driven risks. Smaller models struggle to internalize graded privacy reasoning. To bridge this gap, we introduce a deployable 8B supervised fine-tuned (SFT) model that closely matches frontier-level performance on compositional privacy assessment.