The Good, the Bad, and the (Un)Usable: A Rapid Literature Review on Privacy as Code

Start Page
173
End Page
178
Citation
18th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering, CHASE 2025
Contribution to Conference
18th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering, CHASE 2025  
Publisher DOI
10.1109/CHASE66643.2025.00028
Scopus ID
2-s2.0-105009066805
ISBN of container
9798331538712
Privacy and security are central to the design of information systems endowed with sound data protection and cyber resilience capabilities. Still, developers often struggle to incorporate these properties into software projects as they either lack proper cybersecurity training or do not consider them a priority. Prior work has tried to support privacy and security engineering activities through threat modeling methods for scrutinizing flaws in system architectures. Moreover, several techniques for the automatic identification of vulnerabilities and the generation of secure code implementations have also been proposed in the current literature. Conversely, such as-code approaches seem under-investigated in the privacy domain, with little work elaborating on (i) the automatic detection of privacy properties in source code or (ii) the generation of privacy-friendly code. In this work, we seek to characterize the current research landscape of Privacy as Code (PaC) methods and tools by conducting a rapid literature review. Our results suggest that PaC research is in its infancy, especially regarding the performance evaluation and usability assessment of the existing approaches. Based on these findings, we outline and discuss prospective research directions concerning empirical studies with software practitioners, the curation of benchmark datasets, and the role of generative AI technologies.
Subjects
automated software engineering
privacy as code
privacy engineering
rapid literature review
usability
DDC Class
004: Computer Sciences