Engineering Privacy by Design: Are engineers ready to live up to the challenge?

Bednar, Kathrin; Spiekermann, Sarah; Langheinrich, Marc

doi:10.1080/01972243.2019.1583296

Cited by 74 publications

(68 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main findings of this research were: (a) ICT practitioners' perception regarding software privacy and privacy requirements corroborates with existing research [13], as software developers do not consider themselves fit to develop/implement this activity assuredly; (b) ICT practitioners' knowledge of the LGPD, to be implemented in 2020, is not sufficient for the development of their activities in projects in which they work; (c) The organizational environment interferes with privacy practices; (d) ICT practitioners believe that changes proposed by LGPD will impact the activities of the requirements elicitation and development phases; (e) There are organizations in which ICT practitioners have not been informed about LGPD and its implementation or possible necessary changes in their current and future systems.…”

Section: Introductionsupporting

confidence: 83%

“…Protecting the private data included in software systems is a complicated issue that encompasses several factors: legal regulations and restrictions, international standards, methodological support for developing systems in compliance with those regulations and restrictions, organizational environment, developer perceptions, and technologies [3,13,14]. It was possible to find some studies in the literature that highlight how privacy can be impaired or protected depending on the developed system design [21].…”

Section: Systems' Privacymentioning

confidence: 99%

“…However, it is still unclear how effective these proposed models and guidelines are, and what are the possible limitations for implementing privacy in software engineering practice. Some authors identify the organizational climate (and its relationship to privacy) as a factor influencing the behavior of software developers in implementing privacy in the development of software products [3,13]. Organizations that promote their privacy, supervise, adopt educational and communication means to ensure that employees are conscious of and adhere to the organizational privacy policy, create an organizational climate of privacy awareness, enabling the implementation of privacy in their processes and products [3].…”

Section: Systems' Privacymentioning

confidence: 99%

“…Data privacy violations can be prevented if privacy requirements are properly elicited during the early stages of software development, that is, in the specification phase of functional and non-functional requirements. Although much work has been developed proposing methodologies for privacy requirements' elicitation [4][5][6][7][8][9][10][11][12], we found few works in the literature that have conducted empirical studies to describe how the software industry faces problems related to software development teams perceptions of system privacy [3,13,14], as well as what knowledge these professionals have, in order to perform correct implementations of these requirements along with the compliance with current legislation [13].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Perceptions of ICT Practitioners Regarding Software Privacy

Canedo

Calazans

Masson

et al. 2020

Entropy

View full text Add to dashboard Cite

During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required.

show abstract

Section: Introductionsupporting

confidence: 83%

Section: Systems' Privacymentioning

confidence: 99%

Section: Systems' Privacymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Perceptions of ICT Practitioners Regarding Software Privacy

Canedo

Calazans

Masson

et al. 2020

Entropy

View full text Add to dashboard Cite

show abstract

“…The challenge concerns Privacy by Design (PbD) principles, which consider privacy as an essential property to be considered during the design phase and throughout the entire engineering lifecycle [22]. Engineers have to go beyond functional requirements and be especially responsive to PbD aspects when engineering software artefacts that deal with personal data [4]. Since confidentiality concerns ethical and legal aspects that are beyond the scope of this paper, in the following we focus on the technical aspects related with data privacy preservation of software systems.…”

Section: Introductionmentioning

confidence: 99%

Privacy-Preserving Reengineeringof Model-View-Controller ApplicationArchitectures Using Linked Data

Dodero

Rodríguez-García

Ruiz-Rube

et al. 2019

JWE

View full text Add to dashboard Cite

When a legacy system's software architecture cannot be redesigned, implementing additional privacy requirements is often complex, unreliable and costly to maintain. This paper presents a privacy-by-design approach to reengineer web applications as linked data-enabled and implement access control and privacy preservation properties. The method is based on the knowledge of the application architecture, which for the Web of data is commonly designed on the basis of a model-view-controller pattern. Whereas wrapping techniques commonly used to link data of web applications duplicate the security source code, the new approach allows for the controlled disclosure of an application's data, while preserving non-functional properties such as privacy preservation. The solution has been implemented and compared with existing linked data frameworks in terms of reliability, maintainability and complexity.

show abstract

Get to Know Your Geek: Towards a Sociological Understanding of Incentives Developing Privacy-Friendly Free and Open Source Software

Karadeniz

Schiffner

2020

Privacy and Identity Management. Data for Better Living: AI and Privacy

View full text Add to dashboard Cite

In this paper we sketch a road map towards a sociological understanding of software developers' motivations to implement privacy features. Although there are a number of studies concerning incentives for developers, these accounts make little contribution to a comprehensive sociological understanding, as they are either based on a simplistic view of FOSS development in terms of altruism vs. utilitarianism, or are focused on individual psychological factors, leaving room for research that takes into account the complex social context of FOSS development. To address this gap, we propose a mixed methods approach, incorporating the strengths of qualitative and quantitative techniques for a comprehensive understanding of FOSS development as a social field. We then sketch how we envision developing a game theoretic approach based on the gathered data to analyze the situation in the field with respect to privacy features and propose relevant changes in policy and best practices.

show abstract

Engineering Privacy by Design: Are engineers ready to live up to the challenge?

Cited by 74 publications

References 37 publications

Perceptions of ICT Practitioners Regarding Software Privacy

Perceptions of ICT Practitioners Regarding Software Privacy

Privacy-Preserving Reengineeringof Model-View-Controller ApplicationArchitectures Using Linked Data

Get to Know Your Geek: Towards a Sociological Understanding of Incentives Developing Privacy-Friendly Free and Open Source Software

Contact Info

Product

Resources

About