IDP-Bench: Benchmarking ability of LLMs to protect personal information in interdependent privacy contexts

Researchers introduced IDP-Bench, the first benchmark evaluating how well large language models protect interdependent privacy—where one person's data can be revealed by others without consent. Testing eight open-source LLMs revealed strong performance in recognizing data co-ownership but significant weaknesses in understanding contextual integrity parameters and judging sharing appropriateness, with smaller models showing particular vulnerability to prompt sensitivity.

The emergence of LLMs as personal AI assistants has created a privacy challenge that extends beyond individual users to interconnected social networks. IDP-Bench addresses a critical blind spot in current LLM evaluation: while researchers have focused on preventing individual data leaks, they've largely ignored scenarios where one person's information becomes vulnerable through another's interaction with an AI system. This is particularly relevant as these models are deployed in household settings and enterprise environments where multiple stakeholders share contextual knowledge.

The benchmark grounds its evaluation in Contextual Integrity theory, a framework recognizing that privacy violations occur when information flows inappropriately between social contexts. The research reveals a troubling pattern: while models demonstrate robust understanding of data co-ownership (indicating they recognize when multiple parties have stakes in shared information), they consistently fail at the nuanced task of identifying secondary subjects and determining whether sharing is contextually appropriate. Seven of eight tested models scored below 74% on secondary subject identification, suggesting fundamental gaps in how LLMs model social relationships and information flow.

For developers deploying LLMs in privacy-sensitive applications, these findings signal urgent requirements for additional safety layers. The high prompt sensitivity indicates that model behavior remains unpredictable in edge cases, making reliance on base LLM capabilities insufficient for handling interdependent privacy scenarios. The correlation between model scale and sharing judgment accuracy offers some optimism, but smaller models—often preferred for deployment efficiency—show concerning degradation. Organizations handling shared or family data should implement explicit guardrails beyond model reasoning, while AI safety researchers face pressure to develop IDP-specific training approaches before these systems become further entrenched in sensitive social contexts.

• →LLMs excel at recognizing data co-ownership but struggle significantly with identifying secondary subjects and contextual integrity parameters in privacy scenarios.
• →Smaller models show particularly weak performance on interdependent privacy tasks, creating deployment risks for resource-constrained environments.
• →High prompt sensitivity on IDP-specific questions demonstrates that model behavior remains unpredictable and requires explicit safety mechanisms beyond base capabilities.
• →Current LLM evaluation frameworks have overlooked interdependent privacy risks where one person's data can be exposed through another's interactions with AI systems.
• →Organizations deploying LLMs in shared-data contexts need additional guardrails rather than relying on model reasoning alone for privacy protection.