Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A First Look at the General Data Protection Regulation (GDPR) in Open-Source Software (2401.14629v1)

Published 26 Jan 2024 in cs.SE and cs.CY

Abstract: This poster describes work on the General Data Protection Regulation (GDPR) in open-source software. Although open-source software is commonly integrated into regulated software, and thus must be engineered or adapted for compliance, we do not know how such laws impact open-source software development. We surveyed open-source developers (N=47) to understand their experiences and perceptions of GDPR. We learned many engineering challenges, primarily regarding the management of users' data and assessments of compliance. We call for improved policy-related resources, especially tools to support data privacy regulation implementation and compliance in open-source software.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (17)
  1. 2016. Regulation (EU) 2016/679 of the European Parliament. Official Journal of the European Union. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
  2. Abdulrahman Alhazmi and Nalin Asanka Arachchilage. 2021. I’m all ears! listening to software developers on putting GDPR principles into software development practice. Personal and Ubiquitous Computing 25 (2021), 879–892.
  3. Keri Allan. 2007. Reskilling for compliance. Information Professional 4, 1 (2007).
  4. Engineering Privacy by Design: Are engineers ready to live up to the challenge? The Information Society 35, 3 (2019), 122–142.
  5. Randolph E Bucklin and Catarina Sismeiro. 2009. Click here for Internet insight: Advances in clickstream data analysis in marketing. Journal of Interactive marketing 23, 1 (2009), 35–48.
  6. GitHub. 2022. Octoverse 2022: The state of open source software. https://octoverse.github.com
  7. Facebook Algorithms and Personal Data. Pew Research Center.
  8. Sebastian Holst. 2017. GDPR liability: software development and the new law. LinkedIn (2017). https://www.linkedin.com/pulse/gdpr-liability-software-development-new-law-sebastian-holst/
  9. International Electrotechnical Commission. 2010. Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 3: Software requirements. https://webstore.iec.ch/publication/9277
  10. Rene Moquin and Robin L Wakefield. 2016. The roles of awareness, sanctions, and ethics in software compliance. Journal of Computer Information Systems 56, 3 (2016), 261–270.
  11. Sok: Analysis of software supply chain security by establishing secure design properties. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses. 15–24.
  12. Jane Ritchie and Liz Spencer. 2002. Qualitative data analysis for applied policy research. In Analyzing qualitative data. Routledge, 173–194.
  13. David Stokes. 2012. 21 - Validation and regulatory compliance of free/open source software. In Open Source Software in Life Science Research, Lee Harland and Mark Forster (Eds.). Woodhead Publishing, 481–504.
  14. Synopsys. 2023. Open Source Security and Risk Analysis Report. https://www.pwc.com/us/en/services/consulting/library/gdpr-readiness.html
  15. UNCTAD. 2021. Data Protection and Privacy Legislation Worldwide. United Nations Conference on Trade and Development (2021).
  16. Denis Verdon. 2006. Security policies and the software developer. IEEE Security & Privacy 4, 4 (2006), 42–49.
  17. Christopher Wylie. 2019. How I Helped Hack Democracy. New York Magazine.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets