A First Look at the General Data Protection Regulation (GDPR) in Open-Source Software

• URL: http://arxiv.org/abs/2401.14629v1
• Date: Fri, 26 Jan 2024 03:49:13 GMT
• Title: A First Look at the General Data Protection Regulation (GDPR) in Open-Source Software
• Authors: Lucas Franke and Huayu Liang and Aaron Brantly and James C Davis and Chris Brown
• Abstract summary: This poster describes work on regulated data protection in opensource software. We surveyed open-source developers to understand their experiences. We call for improved policy-related compliance resources.
• Score: 4.844017045823075
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: This poster describes work on the General Data Protection Regulation (GDPR) in open-source software. Although open-source software is commonly integrated into regulated software, and thus must be engineered or adapted for compliance, we do not know how such laws impact open-source software development. We surveyed open-source developers (N=47) to understand their experiences and perceptions of GDPR. We learned many engineering challenges, primarily regarding the management of users' data and assessments of compliance. We call for improved policy-related resources, especially tools to support data privacy regulation implementation and compliance in open-source software.

Related papers

• Seeker: Enhancing Exception Handling in Code with LLM-based Multi-Agent Approach [54.03528377384397]
  In real world software development, improper or missing exception handling can severely impact the robustness and reliability of code. We explore the use of large language models (LLMs) to improve exception handling in code. We propose Seeker, a multi agent framework inspired by expert developer strategies for exception handling.
  arXiv  Detail & Related papers  (2024-10-09T14:45:45Z)
• An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries [52.23798016734889]
  This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries. The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges.
  arXiv  Detail & Related papers  (2024-09-27T16:20:20Z)
• An Exploratory Mixed-Methods Study on General Data Protection Regulation (GDPR) Compliance in Open-Source Software [4.2610816955137]
  European Union's General Data Protection Regulation require software developers to meet privacy requirements interacting with users' data. Prior research describes impact of such laws on development, but only when commercial software.
  arXiv  Detail & Related papers  (2024-06-20T20:38:33Z)
• Towards an Enforceable GDPR Specification [49.1574468325115]
  Privacy by Design (PbD) is prescribed by modern privacy regulations such as the EU's. One emerging technique to realize PbD is enforcement (RE) We present a set of requirements and an iterative methodology for creating formal specifications of legal provisions.
  arXiv  Detail & Related papers  (2024-02-27T09:38:51Z)
• FAIR-USE4OS: Guidelines for Creating Impactful Open-Source Software [0.41942958779358663]
  This paper extends the FAIR (Findable, Accessible, Interoperable, Reusable) guidelines to provide criteria for assessing if software conforms to best practices in open source. The FAIR-USE4OS guidelines will allow funders and researchers to more effectively evaluate and plan open source software projects.
  arXiv  Detail & Related papers  (2024-02-05T09:15:20Z)
• Helping Code Reviewer Prioritize: Pinpointing Personal Data and its Processing [0.9238700679836852]
  We have designed two specialized views to help code reviewers in prioritizing their work related to personal data. Our approach, evaluated on four open-source GitHub applications, demonstrated a precision rate of 0.87 in identifying personal data flows. This solution, designed to augment the efficiency of privacy-related analysis tasks such as the Record of Processing Activities (ROPA), aims to conserve resources, thereby saving time and enhancing productivity for code reviewers.
  arXiv  Detail & Related papers  (2023-06-20T12:30:46Z)
• Outsourcing Training without Uploading Data via Efficient Collaborative Open-Source Sampling [49.87637449243698]
  Traditional outsourcing requires uploading device data to the cloud server. We propose to leverage widely available open-source data, which is a massive dataset collected from public and heterogeneous sources. We develop a novel strategy called Efficient Collaborative Open-source Sampling (ECOS) to construct a proximal proxy dataset from open-source data for cloud training.
  arXiv  Detail & Related papers  (2022-10-23T00:12:18Z)
• NL2GDPR: Automatically Develop GDPR Compliant Android Application Features from Natural Language [28.51179772165298]
  NL2 is an information extraction tool developed by Baidu Cognitive Computing Lab. It generates privacycentric information and generating privacy policies. It can achieve 92.9% identification of policies related to personal storage process, data process, and types respectively.
  arXiv  Detail & Related papers  (2022-08-29T04:16:50Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• Towards Utility-based Prioritization of Requirements in Open Source Environments [51.65930505153647]
  We show how utility-based prioritization approaches can be used to support contributors in conventional and open source Requirements Engineering scenarios. As an example, we show how dependencies can be taken into account in utility-based prioritization processes.
  arXiv  Detail & Related papers  (2021-02-17T09:05:54Z)
• Why are Developers Struggling to Put GDPR into Practice when Developing Privacy-Preserving Software Systems? [3.04585143845864]
  General Data Protection Law provides guidelines for developers on how to protect user data. Previous research has attempted to investigate what hinders developers from embedding privacy into software systems. This paper investigates the issues that hinder software developers from implementing software applications taking law on-board.
  arXiv  Detail & Related papers  (2020-08-07T04:34:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.