AbstractThe introduction of the GDPR sparked a lot of discussion on privacy and already resulted in penalties for data processors for not complying with the regulation. One of the requirements enforced by the GDPR is building applications using Privacy by Design. To determine how more ‘privacy-compliant’ applications can be created, an exploratory qualitative research design has been conducted using a case study approach in this study. Findings are based on interviews performed in two educational organisations.
The findings reveal that both employees (as users) and software developers value privacy, although they do not always act on it. Both users and developers see the need to adapt to Privacy by Design principles and the use of the Value Sensitive Design method during software development, as beneficial for applications. Users also indicate that they would like to give more input relating to the design of privacy-embedding software applications. The research concludes that using a set of privacy principles and a method when developing these applications, could add to more ‘privacy-compliant’ applications that can be more GDPR compliant, which both allow for more future research. Although the study has some limitations with respect to external validity, the study’s findings can be applied to increase software development teams’ awareness and incorporation of privacy as a value in new applications. The research contributes to the body of knowledge in information science on how software developers can create more GDPR compliant applications.
|Date of Award||2 May 2020|
|Supervisor||Rachelle Bosua (Examinator) & Laury Bollen (Co-assessor)|
- Privacy by Design (PbD)
- Value Sensitive Design (VSD)
- Application development,
- Value of Privacy