Engineering Privacy by Design: Are engineers ready to live up to the challenge?

TL;DR

This paper investigates whether engineers are prepared to incorporate privacy by design in their work, revealing motivational and systemic barriers that hinder compliance with privacy regulations.

Contribution

It provides empirical insights into engineers' perceptions and challenges regarding privacy responsibilities in leading IT organizations.

Findings

Engineers often feel lack of responsibility for privacy.

Legal interactions frustrate engineers and reduce autonomy.

Engineers are not fully prepared to meet privacy challenges.

Abstract

Organizations struggle to comply with legal requirements as well as customers calls for better data protection. On the implementation level, incorporation of privacy protections in products and services depends on the commitment of the engineers who design them. We interviewed six senior engineers, who work for globally leading IT corporations and research institutions to investigate their motivation and ability to comply with privacy regulations. Our findings point to a lack of perceived responsibility, control, autonomy, and frustrations with interactions with the legal world. While we increasingly call on engineers to go beyond functional requirements and be responsive to human values in our increasingly technological society, we may be facing the dilemma of asking engineers to live up to a challenge they are currently not ready to embrace.