This study identifies systemic deficiencies in current information sources for supporting developers in privacy-sensitive software development: developers普遍 lack legal expertise, while personal experience, online resources, and AI assistants fail to deliver precise, context-aware, and actionable privacy compliance guidance. Through the first controlled comparative study—employing scenario-based simulations, think-aloud protocols, and in-depth interviews—we conducted thematic analysis of developer decision-making across these three information sources. Results reveal that experiential knowledge is constrained by domain-specific blind spots; online content is overly verbose and difficult to interpret; and AI-generated responses lack contextual grounding and problem specificity. The study articulates design requirements for “context-aware privacy support tools,” emphasizing actionability, comprehensibility, and task alignment. These findings provide empirical grounding and methodological insights for developing privacy engineering assistance systems tailored to software developers. (149 words)

Since the introduction of the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), software developers increasingly have to make privacy-related decisions during system design and implementation. However, past research showed that they often lack legal expertise and struggle with privacy-compliant development. To shed light on how effective current information sources are in supporting them with privacy-sensitive implementation, we conducted a qualitative study with 30 developers. Participants were presented with a privacy-sensitive scenario and asked to identify privacy issues and suggest measures using their knowledge, online resources, and an AI assistant. We observed developers'decision-making in think-aloud sessions and discussed it in follow-up interviews. We found that participants struggled with all three sources: personal knowledge was insufficient, web content was often too complex, and while AI assistants provided clear and user-tailored responses, they lacked contextual relevance and failed to identify scenario-specific issues. Our study highlights major shortcomings in existing support for privacy-related development tasks. Based on our findings, we discuss the need for more accessible, understandable, and actionable privacy resources for developers.