Examining Software Developers' Needs for Privacy Enforcing Techniques: A survey

TL;DR

This survey investigates software developers' needs for privacy-enforcing tools amid legal compliance, highlighting a demand for automation and the influence of privacy experience on tool concerns.

Contribution

It identifies specific developer needs for privacy automation tools and examines factors affecting these needs, filling a gap in understanding emerging privacy support requirements.

Findings

Most developers want more automated privacy tools.

Privacy experience increases concerns about privacy tools.

Results can guide development of privacy facilitation tools.

Abstract

Data privacy legislation, such as GDPR and CCPA/CPRA, has rendered data privacy law compliance a requirement of all software systems. Developers need to implement various kinds of functionalities to cover law needs, including user rights and law principles. As data compliance is tightly coupled with legal knowledge, it is not always easy to perform such integrations in software systems. Prior studies have focused on developers' understanding of privacy principles, such as Privacy by Design, and have examined privacy techniques used in the software industry. Nevertheless, emerging developer needs that can assist in privacy law compliance have not been examined but are useful in understanding what development automation tools, such as Generative AI, need to cover to make the compliance process more straightforward and seamless within the development process. In this work, we present a survey that examines the above needs with the participation of 68 developers, while we have examined which factors affect practitioners' needs. Most developers express a need for more automated tools, while privacy experience increases practitioners' concerns for privacy tools. Our results can assist practitioners in better positioning their development activities within privacy law compliance and point to an urgent need for privacy facilitators.