Privacy by designers: software developers’ privacy mindset

Hadar, Irit; Hasson, Tomer; Ayalon, Oshrat; Toch, Eran; Birnhack, Michael; Sherman, Sofia; Balissa, Arod

doi:10.1007/s10664-017-9517-1

Cited by 153 publications

(196 citation statements)

References 62 publications

Supporting

Mentioning

162

Contrasting

Unclassified

Order By: Relevance

“…Notions such as "privacy-by-design", "privacy-by-default", and "data-protection-by-design" frequently appear in the legal literature [2], [11], [12], but the work has just recently begun on how the required paradigm change could be achieved in software engineering and computer science in general. While there are some good practical examples, including those related to distributed software architectures [13], [14], there exists also some empirical evidence that software engineers are even actively discouraged from making privacy a priority [15]. Web privacy is a good example about the latter point.…”

Section: Background and Related Workmentioning

confidence: 99%

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Hjerppe¹,

Ruohonen

Leppänen

2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) in the European Union is the most famous recently enacted privacy regulation. Despite of the regulation's legal, political, and technological ramifications, relatively little research has been carried out for better understanding the GDPR's practical implications for requirements engineering and software architectures. Building on a grounded theory approach with close ties to the Finnish software industry, this paper contributes to the sealing of this gap in previous research. Three questions are asked and answered in the context of software development organizations. First, the paper elaborates nine practical constraints under which many small and medium-sized enterprises (SMEs) often operate when implementing solutions that address the new regulatory demands. Second, the paper elicits nine regulatory requirements from the GDPR for software architectures. Third, the paper presents an implementation for a software architecture that complies both with the requirements elicited and the constraints elaborated.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Hjerppe¹,

Ruohonen

Leppänen

2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

show abstract

“…We intentionally disregarded concerns developers raised that related to their work environment when they practiced privacy as our study did not investigate the organizational constraints that affected developers privacy practices. Previous work that focuses on organizational privacy climate [14] has identified the importance of infrastructural support within the software development industry for developers to practice privacy when they develop software. Our study was designed to focus explicitly on the issues developers face as individuals when they are asked to embed privacy into software applications.…”

Section: Recommendationsmentioning

confidence: 99%

“…For example, on the following day of the Cambridge Analytica incident, Facebook's shares lost its market value by $58 billion [10]. Therefore, it is important that the issues developers face when they attempt to embed privacy into software applications are understood [3,14]. Addressing these problems would enable the development of privacy practices that can effectively guide software developers to embed privacy into the software applications they design.…”

Section: Introductionmentioning

confidence: 99%

Why developers cannot embed privacy into software systems?

Senarath

Arachchilage

2018

Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018

View full text Add to dashboard Cite

Pervasive use of software applications continue to challenge user privacy when users interact with software systems. Even though privacy practices such as Privacy by Design (PbD), have clear instructions for software developers to embed privacy into software designs, those practices are yet to become a common practice among software developers. The difficulty of developing privacy preserving software systems highlights the importance of investigating software developers and the problems they face when they are asked to embed privacy into application designs. Software developers are the community who can put practices such as PbD into action. Therefore identifying the problems they face when embedding privacy into software applications and providing solutions to those problems are important to enable the development of privacy preserving software systems. This study investigates 36 software developers in a software design task with instructions to embed privacy in order to identify the problems they face. We derive recommendation guidelines to address the problems to enable the development of privacy preserving software systems.

show abstract

“…Privacy has become a top concern in software development, especially due to incidents regarding unauthorized data exploration, misuse of information stored in social media websites, internet data, disclosure of personal information to third parties without users' consent and many more [Kalloniatis 2017]. In addition, research has shown that many software developers do not have sufficient knowledge and understanding about privacy, nor do they sufficiently know how to develop privacy-sensitive systems [Hadar et al 2018]. For those reasons, Kalloniatis et al [Kalloniatis et al 2009] state that privacy violations can be avoided if privacy requirements are properly discovered during early phases of software development, when requirements specification occurs.…”

Section: Introductionmentioning

confidence: 99%