🤖 AI Summary
Privacy laws designate “consent” as a lawful basis for data processing, yet its translation into software implementations has long suffered from a legal–technical gap and opaque development practices. This paper proposes the first LLM-based, three-step automated framework: (1) legal clause parsing, (2) use-case compliance classification, and (3) technical requirement reconstruction—augmented by human-in-the-loop verification to ensure legal alignment. It establishes the first systematic, end-to-end mapping from privacy regulation text to executable technical specifications, enabling compliance-aware requirements engineering and use-case remediation. Empirical evaluation demonstrates that the LLM effectively identifies and rectifies non-compliant use cases, validating its feasibility for automated compliance tasks; it also reveals persistent limitations in complex legal reasoning. The work introduces a novel paradigm and practical pathway for AI-augmented legal technologization.
📝 Abstract
Privacy law and regulation have turned to "consent" as the legitimate basis for collecting and processing individuals' data. As governments have rushed to enshrine consent requirements in their privacy laws, such as the California Consumer Privacy Act (CCPA), significant challenges remain in understanding how these legal mandates are operationalized in software. The opaque nature of software development processes further complicates this translation. To address this, we explore the use of Large Language Models (LLMs) in requirements engineering to bridge the gap between legal requirements and technical implementation. This study employs a three-step pipeline that involves using an LLM to classify software use cases for compliance, generating LLM modifications for non-compliant cases, and manually validating these changes against legal standards. Our preliminary findings highlight the potential of LLMs in automating compliance tasks, while also revealing limitations in their reasoning capabilities. By benchmarking LLMs against real-world use cases, this research provides insights into leveraging AI-driven solutions to enhance legal compliance of software.