On lawful disclosure of personal user data: What should app developers do?

Sype, Yung Shin Van Der; Maalej, Walid

doi:10.1109/relaw.2014.6893479

Cited by 20 publications

(15 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While there is research on making PPs understandable for end users [34,58,72], there is minimal research on helping developers craft PPs. The lack of support can be seen in the wild, where there are still numerous apps without PPs [77] as well PPs that contain misleading and contradictory statements [7].…”

Section: Supporting Privacy Policy Creation Tasksmentioning

confidence: 99%

Understanding Privacy-Related Questions on Stack Overflow

Tahaei

Vaniea

Saphra

2020

Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

We analyse Stack Overflow (SO) to understand challenges and confusions developers face while dealing with privacy-related topics. We apply topic modelling techniques to 1,733 privacyrelated questions to identify topics and then qualitatively analyse a random sample of 315 privacy-related questions. Identified topics include privacy policies, privacy concerns, access control, and version changes. Results show that developers do ask SO for support on privacy-related issues. We also find that platforms such as Apple and Google are defining privacy requirements for developers by specifying what "sensitive" information is and what types of information developers need to communicate to users (e.g. privacy policies). We also examine the accepted answers in our sample and find that 28% of them link to official documentation and more than half are answered by SO users without references to any external resources.

show abstract

Section: Supporting Privacy Policy Creation Tasksmentioning

confidence: 99%

Understanding Privacy-Related Questions on Stack Overflow

Tahaei

Vaniea

Saphra

2020

Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…As Roeser [3] notes: “Engineers can influence the possible risks and benefits more directly than anybody else.” However, despite the promise, research has shown that developers of all shades and hues generally lack the competence to deal effectively with privacy management [4,5,6,7] and that the difficulties of complying with regulation are likely to grow considerably [8]. Traditionally, developers are faced with a couple of options.…”

Section: Introductionmentioning

confidence: 99%

Privacy Engineering for Domestic IoT: Enabling Due Diligence

Lodge

Crabtree

2019

Sensors

View full text Add to dashboard Cite

The EU’s General Data Protection Regulation (GDPR) has recently come into effect and insofar as Internet of Things (IoT) applications touch EU citizens or their data, developers are obliged to exercise due diligence and ensure they undertake Data Protection by Design and Default (DPbD). GDPR mandates the use of Data Protection Impact Assessments (DPIAs) as a key heuristic enabling DPbD. However, research has shown that developers generally lack the competence needed to deal effectively with legal aspects of privacy management and that the difficulties of complying with regulation are likely to grow considerably. Privacy engineering seeks to shift the focus from interpreting texts and guidelines or consulting legal experts to embedding data protection within the development process itself. There are, however, few examples in practice. We present a privacy-oriented, flow-based integrated development environment (IDE) for building domestic IoT applications. The IDE enables due diligence in (a) helping developers reason about personal data during the actual in vivo construction of IoT applications; (b) advising developers as to whether or not the design choices they are making occasion the need for a DPIA; and (c) attaching and making available to others (including data processors, data controllers, data protection officers, users and supervisory authorities) specific privacy-related information that has arisen during an application’s development.

show abstract

“…Thus, these tools cannot be integrated within the engineering lifecycle. In consequence, research has shown [16]- [19] that developers and engineers (who usually are not privacy-savvy at all), find privacy and data protection alien to their work and, most importantly, seldom use privacy management tools, as they find these are more oriented to the legal arena rather than to the engineering activities. Same research has encountered that they will be more akin to take decisions that protect privacy and data protection when the process is embedded within their usual development workflow and tools.…”

Section: Automating Privacy Managementmentioning

confidence: 99%

Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering

Martín

Kung

2018

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-tostart PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).

show abstract

On lawful disclosure of personal user data: What should app developers do?

Cited by 20 publications

References 33 publications

Understanding Privacy-Related Questions on Stack Overflow

Understanding Privacy-Related Questions on Stack Overflow

Privacy Engineering for Domestic IoT: Enabling Due Diligence

Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering

Contact Info

Product

Resources

About