🤖 AI Summary
This study investigates how data protection regulations (e.g., GDPR, CCPA) impact open-source software (OSS) development practices, focusing on the reporting, discussion, and resolution of personal-data-related issues in GitHub projects. Using an exploratory empirical approach—combining inductive thematic coding, annotating reporter roles and issue states, and conducting relevance-based statistical analysis—the authors systematically identify six recurrent categories of data protection issues. Results show that such issues are predominantly reported by non-core contributors; resolution rates are low and rely heavily on non-technical negotiation rather than code-level fixes; and a structural tension exists between regulatory compliance requirements and OSS development culture. This work is the first to empirically demonstrate how data protection obligations are substantively embedded within OSS development workflows, thereby bridging regulatory compliance and OSS engineering practice. It provides foundational evidence and design insights for developing compliance-aware open-source governance mechanisms.
📝 Abstract
extbf{Context:} Data protection regulations such as the GDPR and the CCPA affect how software may handle the personal data of its users and how consent for handling of such data may be given. Prior literature focused on how this works in operation, but lacks a perspective of the impact on the software development process. extbf{Objective:} Within our work, we will address this gap and explore how software development itself is impacted. We want to understand which data protection-related issues are reported, who reports them, and how developers react to such issues. extbf{Method:} We will conduct an exploratory study based on issues that are reported with respect to data protection in open source software on GitHub. We will determine the roles of the actors involved, the status of such issues, and we use inductive coding to understand the data protection issues. We qualitatively analyze the issues as part of the inductive coding and further explore the reasoning for resolutions. We quantitatively analyze the relation between the roles, resolutions, and data protection issues to understand correlations.