This repository contains the replication package for the RE'26 short paper "Transforming Privacy Artifacts into Accessible Reports for Non-Technical Stakeholders". It includes use case artifacts, generated threat reports, survey materials, and an interview transcript.
The transition toward Industry 5.0 is reshaping industrial work environments with an emphasis on human-centricity, enabling close collaboration between humans and machines to enhance productivity and flexibility. However, such systems typically require monitoring of human workers and operators, often involving sensitive data, raising significant privacy concerns. As a result, affected workers and unions frequently reject human-machine collaboration features due to a lack of transparency regarding privacy threats and implemented mitigation strategies. To enable early stakeholder involvement, establish trust, and support informed decision-making, privacy implications must be communicated in a way understandable to non-technical stakeholders. Yet, current Requirements Engineering (RE) practices provide limited methodological support for making privacy threats and mitigations accessible to non-technical stakeholders (e.g., individual workers or their representative unions). In this RE@Next paper, we propose a conceptual framework that guides software design from human monitoring-related use cases and requirements to informed decision-making guidance focusing on non-technical stakeholders. Building on principles such as Privacy by Design, the framework leverages Large Language Models (LLMs) to transform technical artifacts into accessible privacy reports. We share initial insights from two industry use cases, evaluate the quality of the generated reports, and outline future research directions toward integrating privacy transparency into RE processes for human-centric industrial systems.
replication-package/
│
├── uc1/ # Use Case 1
│ ├── requirementsUC1.csv # Requirements
│ ├── usecaseUC1.csv # Use case description
│ ├── STRIDE.csv # STRIDE threat catalog
│ ├── DFD.png # Data flow diagram
│ ├── combined-overview.pdf # Combined overview document
│ └── reports/
│ ├── AI Report UC1.pdf # AI-generated threat report
│ ├── Manual Report UC1.pdf # Manually created threat report
│ └── generated-raw.html # Raw generated output
│
├── uc2/ # Use Case 2
│ ├── requirements.csv # Requirements
│ ├── usecase.csv # Use case description
│ ├── stride.csv # STRIDE threat catalog
│ ├── dfd.png # Data flow diagram
│ ├── combined-overview.pdf # Combined overview document
│ └── reports/
│ ├── AI Report UC2.pdf # AI-generated threat report
│ ├── Manual Report UC2.pdf # Manually created threat report
│ └── generated-raw.html # Raw generated output
│
├── uc1-for-example-figure/ # UC1 assets used in the paper's example figure
│ ├── example-figure.af # affinity source file for the figure
│ ├── example-figure.pdf # Example figure (with report)
│ └── example-figure-no-report.pdf # Example figure (without report)
│
└── survey/ # Survey study
├── survey.pdf # Survey instrument
├── results.csv # Raw survey responses
├── data_exploration.html # Survey data exploration notebook
├── uc1/
│ ├── artifacts/
│ │ ├── usecase.csv # UC1 use case (survey version)
│ │ ├── requirements.csv # UC1 requirements (survey version)
│ │ ├── STRIDE-privacy-threats.csv # UC1 STRIDE threats (survey version)
│ │ └── dataflow-diagram.png # UC1 data flow diagram
│ └── reports/
│ ├── UC1 Report A.pdf # Survey report variant A
│ └── UC1 Report B.pdf # Survey report variant B
└── uc2/
├── artifacts/
│ ├── usecase.csv # UC2 use case (survey version)
│ ├── requirements.csv # UC2 requirements (survey version)
│ ├── STRIDE-privacy-threats.csv # UC2 STRIDE threats (survey version)
│ └── dataflow-diagram.png # UC2 data flow diagram
└── reports/
├── UC2 Report A.pdf # Survey report variant A
└── UC2 Report B.pdf # Survey report variant B
