ESEIW 2022
Sun 18 - Fri 23 September 2022 Helsinki, Finland
Thu 22 Sep 2022 11:20 - 11:40 at Sonck - Session 1B - Testing & Security Chair(s): Guilherme Horta Travassos

Introduction: Modern privacy regulations, such as GDPR, address privacy in software systems in a technologically agnostic way by mentioning general “technical measures” for data privacy compliance rather than dictating how these should be implemented. An understanding of the concept of technical measures and how exactly these can be handled in practice, however, is not trivial due to its interdisciplinary nature and the necessary technical-legal interactions.

Aims: We aim to investigate how the concept of technical measures for data privacy compliance is understood in practice as well as the technical-legal interaction intrinsic to the process of implementing those technical measures.

Methods: We follow a qualitative research design and conduct a series of 16 semi-structured interviews with selected privacy professionals with technical and legal expertise.

Results: Our results suggest that there is no clear mutual understanding and commonly accepted approach to handling technical measures. Both technical and legal roles are involved in the implementation of such measures. While they still often operate in separate spheres, a predominant opinion amongst the interviewees is to promote more interdisciplinary collaboration.

Conclusions: Our empirical findings confirm the need for better interaction between legal and engineering teams when implementing technical measures for data privacy. We posit that interdisciplinary collaboration is paramount to a more complete understanding of technical measures, which currently lacks a mutually accepted notion. Yet, as strongly suggested by our results, there is still a lack of systematic approaches to such interaction. Therefore, the results strengthen our confidence in the need for further investigations into the technical-legal dynamic of data privacy compliance.

Thu 22 Sep

Displayed time zone: Athens change

11:00 - 12:30
Session 1B - Testing & SecurityESEM Technical Papers at Sonck
Chair(s): Guilherme Horta Travassos Federal University of Rio de Janeiro
11:00
20m
Full-paper
Do Static Analysis Tools Affect Software Quality when Using Test-driven Development?
ESEM Technical Papers
Simone Romano University of Salerno, Fiorella Zampetti University of Sannio, Italy, Maria Teresa Baldassarre Department of Computer Science, University of Bari , Massimiliano Di Penta University of Sannio, Italy, Giuseppe Scanniello University of Salerno
11:20
20m
Full-paper
Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative Study
ESEM Technical Papers
Oleksandra Klymenko Technical University of Munich, Oleksandr Kosenkov fortiss GmbH, Stephen Meisenbacher Technical University of Munich, Parisa Elahidoost fortiss GmbH, Daniel Mendez Blekinge Institute of Technology, Florian Matthes Technical University of Munich
11:40
20m
Full-paper
Does Collaborative Editing Help Mitigate Security Vulnerabilities in Crowd-Shared IoT Code Examples?
ESEM Technical Papers
Madhu Selvaraj University of Calgary, Gias Uddin University of Calgary, Canada
12:00
20m
Full-paper
An Exploratory Study on Regression Vulnerabilities
ESEM Technical Papers
Larissa Braz University of Zurich, Enrico Fregnan University of Zurich, Vivek Arora Independent Researcher, Alberto Bacchelli University of Zurich
Pre-print Media Attached