Identifying Personal Data Processing for Code Review
Feiyang Tang, Bjarte M. {\O}stvold, Magiel Bruntink
TL;DR
This paper introduces a new approach to identifying personal data processing in code review to help developers comply with privacy regulations like GDPR.
Contribution
It presents an ongoing method for detecting personal data handling in software, aiding privacy analysis during code review.
Findings
Supports GDPR compliance efforts
Enhances privacy awareness in code review
Lays groundwork for automated privacy analysis
Abstract
Code review is a critical step in the software development life cycle, which assesses and boosts the code's effectiveness and correctness, pinpoints security issues, and raises its quality by adhering to best practices. Due to the increased need for personal data protection motivated by legislation, code reviewers need to understand where personal data is located in software systems and how it is handled. Although most recent work on code review focuses on security vulnerabilities, privacy-related techniques are not easy for code reviewers to implement, making their inclusion in the code review process challenging. In this paper, we present ongoing work on a new approach to identifying personal data processing, enabling developers and code reviewers in drafting privacy analyses and complying with regulations such as the General Data Protection Regulation (GDPR).
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy, Security, and Data Protection · Privacy-Preserving Technologies in Data · Access Control and Trust