DASS: Developer Implementation of Privacy in Software Systems

Principal Investigator(s): 
Serge Egelman and Primal Wijisekera

DASS: Developer Implementation of Privacy in SoftwareRecent years have seen a surge in privacy regulations across the globe. The main objective of these regulations is to protect user data and users’ rights by providing guidelines for organizations to follow. The assumption is that such guidelines will provide developers with a clear and concise framework for writing privacy-conscious code. However, even after the introduction of these regulatory frameworks, society continues to experience blatant violations of user privacy. The developer is responsible for ensuring that the legal framework is implemented correctly in the software code. Writing privacy-conscious code requires developers to develop a thorough and nuanced understanding of the regulatory demands. To further such an understanding and develop solutions, this project explores the interaction between new privacy regulations and the software developers tasked with complying with them. Among others, these interactions entail discussions among developers in the face of new privacy regulations, code changes they make in response to shifting regulatory frameworks or new case law interpreting existing regulations, and reactions to widely publicized privacy breaches. After identifying these interactions, this project aims to propose solutions in order to allow for the effective alignment of regulatory constraints and development practice.

The project brings together computer scientists with expertise in security, privacy, and usability, with legal and organizational behavior scholars with expertise in privacy law, algorithmic fairness, network consensus mechanisms, and computational linguistics. These experts are studying how new privacy laws are impacting software systems by examining the discussions developers are having among themselves, in public code repositories, bug tracking systems, and online fora. They are also contextualizing these discussions by comparing them to the language of privacy used in the laws and regulations themselves, the public comments around the laws, and the broader public conversation on privacy. Through these comparisons, they will rigorously evaluate the impacts of new privacy regulations on software development and offer recommendations for improvements.

This is a collaborative project with researchers from Stanford. Funding is provided by a grant from NSF, the National Science Foundation.