Understanding the Impact of Data Privacy Regulations on Software and Its Stakeholders

Project Investigators

Principal Investigator (PI): Chris Brown, assistant professor, Virginia Tech Computer Science Department

Co-PI: Aaron F. Brantly, associate professor, Virginia Tech Political Science Department

Rationale and Background

Data privacy issues have grown in importance as new technologies enable novel means to collect and process data generated by users.

Firms sell this data to provide potential benefits to user experiences, such as hyper-personalized marketing and behavioral analysis to optimize user experience/user interaction.

However, data exploitation raises security challenges; user data and data privacy policies, regulations, and laws are critical safeguards, and policies pertaining to data privacy are increasing across jurisdictions.

Little is known about the impact of these laws on software and its stakeholders.

Methodology

The project will analyze code modifications and stakeholder (both developer and user) perceptions related to the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA). 

Researchers will focus on three areas of the impact of data privacy on:

• Software. Researchers will examine changes to code bases, getting a before-and-after snapshot of programs at the software level to get a proxy measure of the effort required to implement changes for privacy regulations.
• Developers. Researchers will will analyze comments from software developers in online programming communities to explore the concerns, challenges, and difficulties they face in creating and maintaining software while following privacy regulations. 
• Users.  Researchers will investigate comments made by software users about data privacy regulations on Twitter to understand perspectives and response to changes in the user experience (increased cookie acceptance pop-ups, for example). 

Projected Outcomes

The research will advance knowledge in:

• Computing research areas related to the development, maintenance, deployment, and privatization of software. 
• The social sciences, in particular, public policy studies pertaining to the creation and implementation of regulations and laws.
• The impact of introducing new data privacy requirements on software developers, code bases, and development processes.
• The challenges software developers face and questions they ask when implementing changed data privacy standards.
• The impact of these modifications in software applications on user experiences.

The project will also motivate innovation in the workforce through recommendations to improve the rollout of data privacy-related policies and insight into tools and resources to ease regulation compliance.

Researchers will create a database for others to analyze to answer new research questions, and findings will be submitted to peer-reviewed conferences and workshops, as well as the Tech4Humanity blog and other industry-focused resources.