Evaluating the Compliance of Software Requirements to LGPD with LLM through Simulations
Resumo
Protecting system user data is an increasingly relevant topic as legislation and regulations emerge to ensure security and privacy. This study presents a proposal for using LLM models to support the assessment of systems’ compliance with the LGPD. This is an automated, requirements-based approach that enables simulations of various scenarios. Using LLMs to measure systems’ compliance with the LGPD can result in benefits such as faster and more diverse solutions and reduced manual effort. However, risks such as analysis or interpretation errors, response quality, and dependence on accurate requirements specifications must be considered. This research is in an early stage, and the approach was evaluated on an ad hoc basis.Referências
Araújo, E., Vilela, J., Silva, C., and Alves, C. (2021). Are my business process models compliant with lgpd? the lgpd4bp method to evaluate and to model lgpd aware business processes. In XVII Brazilian Symposium on Information Systems, SBSI ’21.
Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. lei geral de proteção de dados pessoais (lgpd).
Canedo, E. D., Calazans, A. T. S., Masson, E. T. S., Costa, P. H. T., and Lima, F. (2020). Perceptions of ict practitioners regarding software privacy. Entropy, 22(4).
Cavoukian, A. (2010). Privacy by design: The definitive workshop. a foreword by ann cavoukian, ph.d. Identity in the Information Society, 3(2):247–251.
de Souza, C. R. B., Marczak, S., and Prikladnicki, R. (2012). Desenvolvimento colaborativo de software. In Pimentel, M. and Fuks, H., editors, Sistemas Colaborativos, chapter 8. Elsevier, Rio de Janeiro.
Hou, X., Zhao, Y., Liu, Y., Yang, Z., Wang, K., Li, L., Luo, X., Lo, D., Grundy, J., and Wang, H. (2024). Large language models for software engineering: A systematic literature review. ACM Transactions on Software Engineering and Methodology, 33(8):1–79.
Mendes, J. a., Viana, D., and Rivero, L. (2021). Developing an inspection checklist for the adequacy assessment of software systems to quality attributes of the brazilian general data protection law: An initial proposal. In Proceedings of the XXXV Brazilian Symposium on Software Engineering, SBES ’21, page 263–268.
Neitzke, C., Mendes, J. a., Rivero, L., Teixeira, M., and Viana, D. (2023). Enhancing lgpd compliance: Evaluating a checklist for lgpd quality attributes within a government office. In XXII Brazilian Symposium on Software Quality, SBQS ’23, page 218–227.
Neves Camêlo, M. and Alves, C. (2023). G-priv: A guide to support lgpd compliant specification of privacy requirements. iSys - Brazilian Journal of Information Systems, 16(1):2:1 – 2.
Ozkaya, I. (2023). Application of large language models to software engineering tasks: Opportunities, risks, and implications. IEEE Software, 40(3):4–8.
Parliament, E. (2016). Général data protéction régulation (gdpr) - régulation (eu) 2016/679.
Rocha, L. D., Silva, G. R. S., and Dias Canedo, E. (2023). Privacy compliance in software development: A guide to implementing the lgpd principles. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, SAC ’23, page 1352–1361.
Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. lei geral de proteção de dados pessoais (lgpd).
Canedo, E. D., Calazans, A. T. S., Masson, E. T. S., Costa, P. H. T., and Lima, F. (2020). Perceptions of ict practitioners regarding software privacy. Entropy, 22(4).
Cavoukian, A. (2010). Privacy by design: The definitive workshop. a foreword by ann cavoukian, ph.d. Identity in the Information Society, 3(2):247–251.
de Souza, C. R. B., Marczak, S., and Prikladnicki, R. (2012). Desenvolvimento colaborativo de software. In Pimentel, M. and Fuks, H., editors, Sistemas Colaborativos, chapter 8. Elsevier, Rio de Janeiro.
Hou, X., Zhao, Y., Liu, Y., Yang, Z., Wang, K., Li, L., Luo, X., Lo, D., Grundy, J., and Wang, H. (2024). Large language models for software engineering: A systematic literature review. ACM Transactions on Software Engineering and Methodology, 33(8):1–79.
Mendes, J. a., Viana, D., and Rivero, L. (2021). Developing an inspection checklist for the adequacy assessment of software systems to quality attributes of the brazilian general data protection law: An initial proposal. In Proceedings of the XXXV Brazilian Symposium on Software Engineering, SBES ’21, page 263–268.
Neitzke, C., Mendes, J. a., Rivero, L., Teixeira, M., and Viana, D. (2023). Enhancing lgpd compliance: Evaluating a checklist for lgpd quality attributes within a government office. In XXII Brazilian Symposium on Software Quality, SBQS ’23, page 218–227.
Neves Camêlo, M. and Alves, C. (2023). G-priv: A guide to support lgpd compliant specification of privacy requirements. iSys - Brazilian Journal of Information Systems, 16(1):2:1 – 2.
Ozkaya, I. (2023). Application of large language models to software engineering tasks: Opportunities, risks, and implications. IEEE Software, 40(3):4–8.
Parliament, E. (2016). Général data protéction régulation (gdpr) - régulation (eu) 2016/679.
Rocha, L. D., Silva, G. R. S., and Dias Canedo, E. (2023). Privacy compliance in software development: A guide to implementing the lgpd principles. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, SAC ’23, page 1352–1361.
Publicado
19/07/2026
Como Citar
MOURA, Lucas; LIMA, Marcos Vinícius; PEIXOTO, Allan; COUTINHO, Emanuel.
Evaluating the Compliance of Software Requirements to LGPD with LLM through Simulations. In: WORKSHOP SOBRE ASPECTOS SOCIAIS, HUMANOS E ECONÔMICOS DE SOFTWARE (WASHES), 11. , 2026, Gramado/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 206-211.
ISSN 2763-874X.
DOI: https://doi.org/10.5753/washes.2026.20815.
