Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative Study
Technical University of Munich, DEU.
Fortiss GmbH, DEU.
Technical University of Munich, DEU.
Fortiss GmbH, DEU.
Show others and affiliations
2022 (English)In: ESEM '22: Proceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement / [ed] Madeiral F., Lassenius C., Conte T., Mannisto T., IEEE Computer Society, 2022, p. 261-271Conference paper, Published paper (Refereed)
Abstract [en]

Background: Modern privacy regulations, such as the General Data Protection Regulation (GDPR), address privacy in software systems in a technologically agnostic way by mentioning general "technical measures"for data privacy compliance rather than dictating how these should be implemented. An understanding of the concept of technical measures and how exactly these can be handled in practice, however, is not trivial due to its interdisciplinary nature and the necessary technical-legal interactions. Aims: We aim to investigate how the concept of technical measures for data privacy compliance is understood in practice as well as the technical-legal interaction intrinsic to the process of implementing those technical measures. Methods: We follow a research design that is 1) exploratory in nature, 2) qualitative, and 3) interview-based, with 16 selected privacy professionals in the technical and legal domains. Results: Our results suggest that there is no clear mutual understanding and commonly accepted approach to handling technical measures. Both technical and legal roles are involved in the implementation of such measures. While they still often operate in separate spheres, a predominant opinion amongst the interviewees is to promote more interdisciplinary collaboration. Conclusions: Our empirical findings confirm the need for better interaction between legal and engineering teams when implementing technical measures for data privacy. We posit that interdisciplinary collaboration is paramount to a more complete understanding of technical measures, which currently lacks a mutually accepted notion. Yet, as strongly suggested by our results, there is still a lack of systematic approaches to such interaction. Therefore, the results strengthen our confidence in the need for further investigations into the technical-legal dynamic of data privacy compliance. © 2022 Association for Computing Machinery.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022. p. 261-271
Series
International Symposium on Empirical Software Engineering and Measurement, ISSN 1949-3770, E-ISSN 1949-3789
Keywords [en]
data privacy, GDPR, privacy compliance, technical measures, Laws and legislation, General data protection regulations, Interdisciplinary collaborations, Legal domains, Mutual understanding, Privacy regulation, Qualitative study, Research designs, Software-systems
National Category
Media and Communication Technology
Identifiers
URN: urn:nbn:se:bth-23787DOI: 10.1145/3544902.3546234ISI: 001139214400024Scopus ID: 2-s2.0-85139835328ISBN: 9781450394277 (print)OAI: oai:DiVA.org:bth-23787DiVA, id: diva2:1706928
Conference
16th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2022, Helsinki, 18 September through 23 September 2022
Note

open access

Available from: 2022-10-28 Created: 2022-10-28 Last updated: 2025-01-02Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopusarXive.org

Authority records

Mendez, Daniel

Search in DiVA

By author/editor
Mendez, Daniel
By organisation
Department of Software Engineering
Media and Communication Technology

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 56 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf