A4 Article in conference proceedings
“Elderly, with location data, while shopping?” : Spotting Privacy Threats Beyond Software : A Quasi-Experimental Study (2023)
Sarrala, T., & Mikkonen, T. (2023). “Elderly, with location data, while shopping?” : Spotting Privacy Threats Beyond Software : A Quasi-Experimental Study. In H. Mannaert, & R. Koci (Eds.), ICSEA 2023 : The Eighteenth International Conference on Software Engineering Advances (pp. 85-94). International Academy, Research, and Industry Association (IARIA). International Conference on Software Engineering Advances. https://www.thinkmind.org/index.php?view=article&articleid=icsea_2023_1_130_10064
JYU authors or editors
Publication details
All authors or editors: Sarrala, Tuisku; Mikkonen, Tommi
Parent publication: ICSEA 2023 : The Eighteenth International Conference on Software Engineering Advances
Parent publication editors: Mannaert, Herwig; Koci, Radek
Place and date of conference: Valencia, Spain, 13.-17.11.2023
eISBN: 978-1-68558-098-8
Journal or series: International Conference on Software Engineering Advances
eISSN: 2308-4235
Publication year: 2023
Publication date: 13/11/2023
Pages range: 85-94
Number of pages in the book: 129
Publisher: International Academy, Research, and Industry Association (IARIA)
Publication country: United States
Publication language: English
Persistent website address: https://www.thinkmind.org/index.php?view=article&articleid=icsea_2023_1_130_10064
Publication open access: Openly available
Publication channel open access: Open Access channel
Abstract
In software development, privacy has become an increasingly critical aspect due to privacy legislation, the growing complexity of software, and the private nature of many computing systems. However, studies reveal that developers often have security-focused understanding of privacy and expect user privacy needs to align with their own. This can risk regulatory compliance and potentially lead to harm to individuals. In this paper, we present a quasi-experimental study that explores how a card-based privacy threat modeling method using systems thinking elements could help to think about privacy threats on a broader scope and from another person's perspective. Sixty-five software engineering course participants used the same card deck. The experimental group created several scenarios, whereas the control group described their software with the cards. Both reflected against privacy principles. The experimental group's threats had broader and more often social scope, showed consideration for individuals, and were more often context-based. The control group's threats were more security focused and had software artifact focused scope. These findings help to understand how developers' understanding of privacy could be broadened. On a practical level, they have the potential to improve current privacy-by-design tools and methods, ultimately leading to more robust privacy protection in software development.
Keywords: data protection; software development; point of view; scenarios; systems thinking
Free keywords: privacy; privacy impact; software development; card-based modeling; systems thinking; personas; scenarios; process improvement
Contributing organizations
Ministry reporting: Yes
VIRTA submission year: 2023
JUFO rating: 1