On Understanding How Developers Perceive and Interpret Privacy Requirements Research Preview

Peixoto, Mariana Maia; Ferreira, Dayse; Cavalcanti, M. A. Q.; Silva, Cléber Costa; Vilela, Jéssyka; Araújo, João; Gorschek, Tony

doi:10.1007/978-3-030-44429-7_8

Cited by 24 publications

(27 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The tool developed by the authors provides a method to enforce privacy and security requirements. Peixoto et al [51] investigated the personal factors that affect the understanding of the privacy requirements by software developers. The authors conducted thirteen interviews at six private companies and found nine personal factors that affect how software developers perceive and interpret privacy requirements.…”

Section: Rq1 According To the Literature What Are The Methodologiementioning

confidence: 99%

Perceptions of ICT Practitioners Regarding Software Privacy

Canedo

Calazans

Masson

et al. 2020

Entropy

View full text Add to dashboard Cite

During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required.

show abstract

Section: Rq1 According To the Literature What Are The Methodologiementioning

confidence: 99%

Perceptions of ICT Practitioners Regarding Software Privacy

Canedo

Calazans

Masson

et al. 2020

Entropy

View full text Add to dashboard Cite

show abstract

“…More than 10 years earlier, the FTC showed that enacting COPPA had an effect on encouraging websites to be transparent and more protective of their users' data [24]. These reports spurred further research that aimed to understand the privacy behaviors of mobile apps at a larger scale [43,47,54,57,[62][63][64]76], examine consumer expectations of privacy [48,56,58,66,71,75], and understand app developers' privacy practices [53,61,65,67].…”

Section: Related Workmentioning

confidence: 99%

Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps

Alomar

Egelman

2022

PoPETs

View full text Add to dashboard Cite

We investigate the privacy compliance processes followed by developers of child-directed mobile apps. While children’s online privacy laws have existed for decades in the US, prior research found relatively low rates of compliance. Yet, little is known about how compliance issues come to exist and how compliance processes can be improved to address them. Our results, based on surveys (n = 127) and interviews (n = 27), suggest that most developers rely on app markets to identify privacy issues, they lack complete understandings of the third-party SDKs they integrate, and they find it challenging to ensure that these SDKs are kept upto-date and privacy-related options are configured correctly. As a result, we find that well-resourced app developers outsource most compliance decisions to auditing services, and that smaller developers follow “best-effort” models, by assuming that their apps are compliant so long as they have not been rejected by app markets. We highlight the need for usable tools that help developers identify and fix mobile app privacy issues.

show abstract

“…Other studies investigated public forums to see how developers deal with privacy regulations and changes to them, finding that they mostly try to uphold standards defined by large companies [62] or are focused on recent changes or events [36] when discussing privacy. When asked to solve privacy-focused tasks, developers tend to use betterdocumented alternatives and copy examples, which could be adopted by privacy-friendly services [28], and that they often struggle with embedding privacy into their application due to lack of knowledge, privacy contradicting app requirements, or task complexity [50,57].…”

Section: Website Protectionmentioning

confidence: 99%

“…We cannot verify to what degree participants were actually involved with the provided website or if they consistently answered for the same site. Analyzing self-reported information is common in research involving developers [1,42,50,57] and manual inspection of survey responses suggests that participants answered consistently. Our survey was voluntary and uncompensated, which might have introduced bias, especially since experts tend to be well-paid and hard to reach.…”

Section: Limitationsmentioning

confidence: 99%

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Utz¹,

Amft²,

Degeling³

et al. 2022

Preprint

View full text Add to dashboard Cite

Modern websites frequently use and embed third-party services to facilitate web development, connect to social media, or for monetization. This often introduces privacy issues as the inclusion of third-party services on a website can allow the third party to collect personal data about the website's visitors. While the prevalence and mechanisms of third-party web tracking have been widely studied, little is known about the decision processes that lead to websites using third-party functionality and whether efforts are being made to protect their visitors' privacy.We report results from an online survey with 395 participants involved in the creation and maintenance of websites. For ten common website functionalities we investigated if privacy has played a role in decisions about how the functionality is integrated, if specific efforts for privacy protection have been made during integration, and to what degree people are aware of data collection through third parties. We find that ease of integration drives third-party adoption but visitor privacy is considered if there are legal requirements or respective guidelines. Awareness of data collection and privacy risks is higher if the collection is directly associated with the purpose for which the third-party service is used.

show abstract

On Understanding How Developers Perceive and Interpret Privacy Requirements Research Preview

Cited by 24 publications

References 8 publications

Perceptions of ICT Practitioners Regarding Software Privacy

Perceptions of ICT Practitioners Regarding Software Privacy

Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Contact Info

Product

Resources

About