A4 Article in conference proceedings
“Elderly, with location data, while shopping?” : Spotting Privacy Threats Beyond Software : A Quasi-Experimental Study (2023)


Sarrala, T., & Mikkonen, T. (2023). “Elderly, with location data, while shopping?” : Spotting Privacy Threats Beyond Software : A Quasi-Experimental Study. In H. Mannaert, & R. Koci (Eds.), ICSEA 2023 : The Eighteenth International Conference on Software Engineering Advances (pp. 85-94). International Academy, Research, and Industry Association (IARIA). International Conference on Software Engineering Advances. https://www.thinkmind.org/index.php?view=article&articleid=icsea_2023_1_130_10064


JYU authors or editors


Publication details

All authors or editorsSarrala, Tuisku; Mikkonen, Tommi

Parent publicationICSEA 2023 : The Eighteenth International Conference on Software Engineering Advances

Parent publication editorsMannaert, Herwig; Koci, Radek

Place and date of conferenceValencia, Spain13.-17.11.2023

eISBN978-1-68558-098-8

Journal or seriesInternational Conference on Software Engineering Advances

eISSN2308-4235

Publication year2023

Publication date13/11/2023

Pages range85-94

Number of pages in the book129

PublisherInternational Academy, Research, and Industry Association (IARIA)

Publication countryUnited States

Publication languageEnglish

Persistent website addresshttps://www.thinkmind.org/index.php?view=article&articleid=icsea_2023_1_130_10064

Publication open accessOpenly available

Publication channel open accessOpen Access channel


Abstract

In software development, privacy has become an increasingly critical aspect due to privacy legislation, the growing complexity of software, and the private nature of many computing systems. However, studies reveal that developers often have security-focused understanding of privacy and expect user privacy needs to align with their own. This can risk regulatory compliance and potentially lead to harm to individuals. In this paper, we present a quasi-experimental study that explores how a card-based privacy threat modeling method using systems thinking elements could help to think about privacy threats on a broader scope and from another person's perspective. Sixty-five software engineering course participants used the same card deck. The experimental group created several scenarios, whereas the control group described their software with the cards. Both reflected against privacy principles. The experimental group's threats had broader and more often social scope, showed consideration for individuals, and were more often context-based. The control group's threats were more security focused and had software artifact focused scope. These findings help to understand how developers' understanding of privacy could be broadened. On a practical level, they have the potential to improve current privacy-by-design tools and methods, ultimately leading to more robust privacy protection in software development.


Keywordsdata protectionsoftware developmentpoint of viewscenariossystems thinking

Free keywordsprivacy; privacy impact; software development; card-based modeling; systems thinking; personas; scenarios; process improvement


Contributing organizations


Ministry reportingYes

VIRTA submission year2023

JUFO rating1


Last updated on 2024-03-07 at 00:47