Will They Use It or Not? Investigating Software Developers’ Intention to Follow Privacy Engineering Methodologies

Senarath, Awanthika; Grobler, Marthie; Arachchilage, Nalin Asanka Gamagedara

doi:10.1145/3364224

Cited by 34 publications

(17 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition to design and code reviews, to incorporate privacy considerations into formal processes, our fndings suggest using verifed libraries that do not contain privacy threats as well as tools that help to annotate data sets, map data fows, and automate the detection of privacy threats. Such tools should be practically useful and efective, and save developers' time without introducing additional burden [61]. Since security tools are already commonly used in the organisations, the new privacy features can be incorporated into those existing tools to further facilitate adoption.…”

Section: Support the Capabilitiesmentioning

confidence: 99%

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Tahaei

Frik

Vaniea

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Software development teams are responsible for making and implementing software design decisions that directly impact end-user privacy, a challenging task to do well. Privacy Champions-people who strongly care about advocating privacy-play a useful role in supporting privacy-respecting development cultures. To understand their motivations, challenges, and strategies for protecting end-user privacy, we conducted 12 interviews with Privacy Champions in software development teams. We fnd that common barriers to implementing privacy in software design include: negative privacy culture, internal prioritisation tensions, limited tool support, unclear evaluation metrics, and technical complexity. To promote privacy, Privacy Champions regularly use informal discussions, management support, communication among stakeholders, and documentation and guidelines. They perceive code reviews and practical training as more instructive than general privacy awareness and on-boarding training. Our study is a frst step towards understanding how Privacy Champions work to improve their organisation's privacy approaches and improve the privacy of enduser products. CCS CONCEPTS• Human-centered computing → Empirical studies in collaborative and social computing; • Security and privacy → Usability in security and privacy; • Social and professional topics → Software management.

show abstract

Section: Support the Capabilitiesmentioning

confidence: 99%

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Tahaei

Frik

Vaniea

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…Software applications, which are developed without the ability to preserve privacy, are likely to be affected by data breaches [4]. Previous research has revealed that software developers may not adhere to these data privacy principles when implementing privacy-preserving software systems [10][11][12][13].…”

Section: Introductionmentioning

confidence: 99%

I’m all ears! Listening to software developers on putting GDPR principles into software development practice

Alhazmi

Arachchilage

2021

Pers Ubiquit Comput

Self Cite

View full text Add to dashboard Cite

Previous research has been carried out to identify the impediments that prevent developers from incorporating privacy protocols into software applications. No research has been carried out to find out why developers are not able to develop systems that preserve privacy while specifically considering the General Data Protection Regulation principles (GDPR principles). Consequently, this paper aims to examine the issues, which prevent developers from creating applications, which consider and include GDPR principles into their software systems. From our research findings, we identified the lack of familiarity with GDPR principles by developers as one of the obstacles that prevent GDPR onboarding. Those who were familiar with the principles did not have the requisite knowledge about the principles including their techniques. Developers focused on functional than on privacy requirements. Unavailability of resourceful online tools and lack of support from institutions and clients were also identified as issues inimical to the onboarding of GDPR principles.

show abstract

“…We first identify three challenges that the agile and services shift in software engineering practices described in the previous Section II raises for methodological works and proposals for engineering privacy by design. A few recent studies show the impediments that software developers experience and/or express towards adopting privacy engineering methodologies in their work [48], [86], [87], [94]. Prominently, incompatibility between privacy engineering methodologies and usual development processes and a lack of demonstrable use are considered to be an obstacle to the adoption of privacy engineering methods [86], [87].…”

Section: A Challengesmentioning

confidence: 99%

“…A few recent studies show the impediments that software developers experience and/or express towards adopting privacy engineering methodologies in their work [48], [86], [87], [94]. Prominently, incompatibility between privacy engineering methodologies and usual development processes and a lack of demonstrable use are considered to be an obstacle to the adoption of privacy engineering methods [86], [87]. We analyze what privacy engineering methodological works face in the current agile and services software development practices and we identify the following challenges.…”

Section: A Challengesmentioning

confidence: 99%

Privacy Engineering Meets Software Engineering. On the Challenges of Engineering Privacy ByDesign

Kostova,

Gürses,

Troncoso

2020

Preprint

View full text Add to dashboard Cite

Current day software development relies heavily on the use of service architectures and on agile iterative development methods to design, implement, and deploy systems. These practices result in systems made up of multiple services that introduce new data flows and evolving designs that escape the control of a single designer. Academic privacy engineering literature typically abstracts away such conditions of software production in order to achieve generalizable results. Yet, through a systematic study of the literature, we show that proposed solutions inevitably make assumptions about software architectures, development methods and scope of designer control that are misaligned with current practices. These misalignments are likely to pose an obstacle to operationalizing privacy engineering solutions in the wild. Specifically, we identify important limitations in the approaches that researchers take to design and evaluate privacy enhancing technologies which ripple to proposals for privacy engineering methodologies. Based on our analysis, we delineate research and actions needed to re-align research with practice, changes that serve a precondition for the operationalization of academic privacy results in common software engineering practices.

show abstract

Will They Use It or Not? Investigating Software Developers’ Intention to Follow Privacy Engineering Methodologies

Cited by 34 publications

References 58 publications

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

I’m all ears! Listening to software developers on putting GDPR principles into software development practice

Privacy Engineering Meets Software Engineering. On the Challenges of Engineering Privacy ByDesign

Contact Info

Product

Resources

About