Existing privacy-preserving methods rely on static labels or large-scale private datasets, rendering them ill-suited to dynamic and heterogeneous user privacy preferences. To address this, we propose PrivCLIP—the first few-shot, user-controllable IMU privacy-aware framework enabling real-time privacy policy customization. Users specify their preferences via natural-language descriptors (“sensitive,” “non-sensitive,” or “neutral”), eliminating the need for labeled data or manual feature engineering. PrivCLIP leverages multimodal contrastive learning to align IMU sequences with textual semantics, and integrates language-guided activity purification with an IMU-GPT-based reconstruction module to suppress sensitive behaviors while preserving utility. Evaluated on multiple benchmark datasets, PrivCLIP outperforms state-of-the-art methods, achieving a 23.6% higher anonymization rate and incurring only a 1.2% accuracy drop on downstream tasks—demonstrating superior trade-offs between privacy protection strength and task performance.

User-controllable privacy is important in modern sensing systems, as privacy preferences can vary significantly from person to person and may evolve over time. This is especially relevant in devices equipped with Inertial Measurement Unit (IMU) sensors, such as smartphones and wearables, which continuously collect rich time-series data that can inadvertently expose sensitive user behaviors. While prior work has proposed privacy-preserving methods for sensor data, most rely on static, predefined privacy labels or require large quantities of private training data, limiting their adaptability and user agency. In this work, we introduce PrivCLIP, a dynamic, user-controllable, few-shot privacy-preserving sensing framework. PrivCLIP allows users to specify and modify their privacy preferences by categorizing activities as sensitive (black-listed), non-sensitive (white-listed), or neutral (gray-listed). Leveraging a multimodal contrastive learning approach, PrivCLIP aligns IMU sensor data with natural language activity descriptions in a shared embedding space, enabling few-shot detection of sensitive activities. When a privacy-sensitive activity is identified, the system uses a language-guided activity sanitizer and a motion generation module (IMU-GPT) to transform the original data into a privacy-compliant version that semantically resembles a non-sensitive activity. We evaluate PrivCLIP on multiple human activity recognition datasets and demonstrate that it significantly outperforms baseline methods in terms of both privacy protection and data utility.