Understanding issues related to personal data and data protection in open source projects on GitHub

📅 2023-04-13
🏛️ arXiv.org
📈 Citations: 2
Influential: 0
📄 PDF

career value

181K/year
🤖 AI Summary
This study investigates how data protection regulations (e.g., GDPR, CCPA) impact open-source software (OSS) development practices, focusing on the reporting, discussion, and resolution of personal-data-related issues in GitHub projects. Using an exploratory empirical approach—combining inductive thematic coding, annotating reporter roles and issue states, and conducting relevance-based statistical analysis—the authors systematically identify six recurrent categories of data protection issues. Results show that such issues are predominantly reported by non-core contributors; resolution rates are low and rely heavily on non-technical negotiation rather than code-level fixes; and a structural tension exists between regulatory compliance requirements and OSS development culture. This work is the first to empirically demonstrate how data protection obligations are substantively embedded within OSS development workflows, thereby bridging regulatory compliance and OSS engineering practice. It provides foundational evidence and design insights for developing compliance-aware open-source governance mechanisms.
📝 Abstract
extbf{Context:} Data protection regulations such as the GDPR and the CCPA affect how software may handle the personal data of its users and how consent for handling of such data may be given. Prior literature focused on how this works in operation, but lacks a perspective of the impact on the software development process. extbf{Objective:} Within our work, we will address this gap and explore how software development itself is impacted. We want to understand which data protection-related issues are reported, who reports them, and how developers react to such issues. extbf{Method:} We will conduct an exploratory study based on issues that are reported with respect to data protection in open source software on GitHub. We will determine the roles of the actors involved, the status of such issues, and we use inductive coding to understand the data protection issues. We qualitatively analyze the issues as part of the inductive coding and further explore the reasoning for resolutions. We quantitatively analyze the relation between the roles, resolutions, and data protection issues to understand correlations.
Problem

Research questions and friction points this paper is trying to address.

Examining data protection regulations' impact on software development processes
Identifying who reports and discusses personal data issues in GitHub projects
Analyzing developer reactions and resolutions to data protection issues
Innovation

Methods, ideas, or system contributions that make the work stand out.

Inductive coding analyzed GitHub issues
Quantitative analysis linked roles and resolutions
Studied GDPR impact on development discussions
🔎 Similar Papers
No similar papers found.
A
Anne Hennig
Karlsruhe Institute of Technology
L
L. Schulte
University of Passau
Steffen Herbold
Steffen Herbold
University of Passau
O
O. Kulyk
IT University of Copenhagen
P
Peter Mayer
University of Southern Denmark