Understanding Software Developers' Approach towards Implementing Data Minimization

Abstract

Data Minimization (DM) is a privacy practice that requires minimizing the use of user data in software systems. However, continuous privacy incidents that compromise user data suggest that the requirements of DM are not adequately implemented in software systems. Therefore, it is important that we understand the problems faced by software developers when they attempt to implement DM in software systems. In this study, we investigate how 24 software developers implement DM in a software system design when they are asked to. Our findings revealed that developers find it difficult to implement DM when they are not aware of the potential of data they could collect at the design phase of systems. Furthermore, developers were inconsistent in how they implemented DM in their software designs.