Forum Numerica - Sepideh GHANAVATI: From Developer insights to LLM-Powered Privacy Solutions

The rapid growth of generative AI, mobile, and IoT applications has increased the need to systematically incorporate privacy and ethical considerations into software development and to provide accurate privacy notices that clearly describe data practices. Despite recent advances in privacy and software engineering research, developers continue to face challenges that can lead to non-compliant applications. In this talk, Dr. Ghanavati presents her research on developers’ privacy and ethical practices in AI and software development. She first discusses empirical findings on how developers engage with privacy in practice, including their levels of expertise, and the ways they use community forums such as Reddit to interpret complex regulations.  Building on these insights, she then introduces an LLM-based framework to automatically detect privacy-related behaviors in source code and generate privacy captions, improving consistency and compliance with laws and policies. The talk concludes with a discussion of future research and educational directions.

Sepideh Ghanavati is an Associate Professor of Computer Science in the School of Computing and Information Science (SCIS) at the University of Maine and Director of the Privacy Engineering and Regulatory Compliance Lab (PERC_Lab). She is the recipient of the 2023 NSF CAREER Award, the Google Faculty Research Award (2018), and the Google Privacy Award (2021). Her research focuses on information privacy and security, usable privacy, and software engineering, with an emphasis on programming comprehension. She studies developers’ understanding and practices related to privacy and develops frameworks, models, and tools to support the creation of privacy-preserving software systems, including web, mobile, and Internet of Things (IoT) applications. She serves as Program Co-Chair of the 34th IEEE International Requirements Engineering Conference (RE 2026) and Vice Program Chair of the Privacy Enhancing Technologies Symposium (PoPETs 2025–2027). Prior to academia, she gained over five years of industry experience in eHealth and software applications.