Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Examining Software Developers' Needs for Privacy Enforcing Techniques: A survey

Ioanna Theophilou, Georgia M. Kapitsaki

TL;DR

The paper tackles the challenge of helping software developers meet privacy requirements under GDPR/CCPA by conducting a needs-oriented survey with 68 developers to identify general and technical needs for privacy-enforcing techniques. It combines survey design, pilot refinement, and four scenario-based assessments to reveal demand for automated privacy tools, reusable design patterns, and stronger legal-technical collaboration, with clear variations across roles, experience, and organization size. The study provides actionable insights for building privacy automation tools and governance processes, highlighting a gap between current practice and desired tooling, especially for Privacy engineers and Product Managers. Overall, the findings underscore an urgent need for privacy facilitators and automation within the SDLC to streamline compliance and reduce privacy risks in software systems.

Abstract

Data privacy legislation, such as GDPR and CCPA/CPRA, has rendered data privacy law compliance a requirement of all software systems. Developers need to implement various kinds of functionalities to cover law needs, including user rights and law principles. As data compliance is tightly coupled with legal knowledge, it is not always easy to perform such integrations in software systems. Prior studies have focused on developers' understanding of privacy principles, such as Privacy by Design, and have examined privacy techniques used in the software industry. Nevertheless, emerging developer needs that can assist in privacy law compliance have not been examined but are useful in understanding what development automation tools, such as Generative AI, need to cover to make the compliance process more straightforward and seamless within the development process. In this work, we present a survey that examines the above needs with the participation of 68 developers, while we have examined which factors affect practitioners' needs. Most developers express a need for more automated tools, while privacy experience increases practitioners' concerns for privacy tools. Our results can assist practitioners in better positioning their development activities within privacy law compliance and point to an urgent need for privacy facilitators.

Examining Software Developers' Needs for Privacy Enforcing Techniques: A survey

TL;DR

The paper tackles the challenge of helping software developers meet privacy requirements under GDPR/CCPA by conducting a needs-oriented survey with 68 developers to identify general and technical needs for privacy-enforcing techniques. It combines survey design, pilot refinement, and four scenario-based assessments to reveal demand for automated privacy tools, reusable design patterns, and stronger legal-technical collaboration, with clear variations across roles, experience, and organization size. The study provides actionable insights for building privacy automation tools and governance processes, highlighting a gap between current practice and desired tooling, especially for Privacy engineers and Product Managers. Overall, the findings underscore an urgent need for privacy facilitators and automation within the SDLC to streamline compliance and reduce privacy risks in software systems.

Abstract

Data privacy legislation, such as GDPR and CCPA/CPRA, has rendered data privacy law compliance a requirement of all software systems. Developers need to implement various kinds of functionalities to cover law needs, including user rights and law principles. As data compliance is tightly coupled with legal knowledge, it is not always easy to perform such integrations in software systems. Prior studies have focused on developers' understanding of privacy principles, such as Privacy by Design, and have examined privacy techniques used in the software industry. Nevertheless, emerging developer needs that can assist in privacy law compliance have not been examined but are useful in understanding what development automation tools, such as Generative AI, need to cover to make the compliance process more straightforward and seamless within the development process. In this work, we present a survey that examines the above needs with the participation of 68 developers, while we have examined which factors affect practitioners' needs. Most developers express a need for more automated tools, while privacy experience increases practitioners' concerns for privacy tools. Our results can assist practitioners in better positioning their development activities within privacy law compliance and point to an urgent need for privacy facilitators.

Paper Structure

This paper contains 16 sections, 2 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Survey Creation Process and Structure
  4. Main survey design process
  5. Pilot survey
  6. Informed consent form
  7. Final survey structure
  8. Quality Assurance and Data Analysis Methods
  9. Survey Results and Discussion
  10. General demographics
  11. RQ1. Which needs do software developers have for creating privacy-aware code?
  12. RQ2. How do developers' activities and experience relate to their needs for privacy tools?
  13. RQ3. How do demographics and organization size affect the needs for privacy tools?
  14. RQ4. How would software developers react in privacy-leak realistic scenarios?
  15. Implications and Threats to Validity
  16. ...and 1 more sections

Figures (2)

  • Figure 1: Survey participants country of residence.
  • Figure 2: Counts of Identified Privacy Risks.