At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
Through our Fides open-source product, we at Ethyca are betting that software engineers are the frontline privacy practitioners of the future. But are engineers ready to take on this important responsibility for internet citizens everywhere?
To be fully confident in our hypothesis, we asked them this question ourselves. It turns out that not only do software engineers already believe that privacy operations constitute an important part of their job, they believe that better devtools for tackling privacy in the Software Development Lifecycle are the best way to truly solve today’s biggest privacy challenges.
Let’s dive into what we found about software engineering attitudes towards privacy and privacy operations.
At Ethyca, we’re keenly aware that the data privacy landscape is still maturing. Our own data shows businesses are investing more and more resources into privacy operations. This takes the form of people and technologies to build sophisticated data teams, and systems that comply with global privacy regulations.
We think this is a step in the right direction – especially since we Ethycans emphatically believe that the best way to solve modern privacy challenges is through a Privacy-as-Code approach. That’s why we’ve created Fides – the open-source privacy engineering platform that provides tools for software engineers to embed privacy in any tech stack.
Our hypotheses on the need for better privacy engineering tools are based on two main assumptions:
With software engineers’ increased involvement in data privacy operations, their attitudes toward privacy remain a topic of longstanding debate. Of course, our team at Ethyca believes that engineers are ready and willing to become the new champions of privacy. If we didn’t, we wouldn’t have created the world’s first open-source privacy engineering platform to help solve the world’s most pressing privacy challenges. But what about software engineers themselves? Are they as enthusiastic about this idea as we are?
It’s a worthwhile question to ask. That’s why we sought out 337 professional software engineers to ask them how they feel about business privacy challenges and possible solutions to those challenges.
This blog post will discuss key findings from our original research, which generally reflects software developers’ outlook on the state of privacy solutions today. We’ll also highlight some meaningful takeaways from their responses so that organizations can improve on their proactive privacy solutions and help protect users’ data rights.
Before we dive into our findings, let’s explain how we conducted our survey.
Based on our respondents’ answers, we can infer some interesting conclusions about how software engineers view data privacy practices today, and how they think those practices could be improved.
First, we asked software engineers about their involvement in solving privacy-related tasks.
Nearly half of the developers we surveyed (48%) claimed that they currently work with data privacy platforms. When asked about the data governance and privacy tasks they perform, “managing data access control” (44%), “data subject requests” (36%), and “data erasure requests” (30%) ranked in the top three.
The fact that almost half of our respondents are spending time on common data privacy issues, like access control and subject rights orchestration, is worth pausing to consider.
Historically, lawyers have been primarily responsible for complying with global privacy laws. Of course, legal teams still play a vital role in creating respectful privacy systems. But software engineers are playing a bigger role in this mission, too. They are becoming key stakeholders in maintaining privacy-respecting standards within organizations.
Not only are software engineers tasked with solving their organizations’ privacy problems, they also strongly believe that privacy work is an integral part of their job. In other words, the majority of the engineers we surveyed believe that privacy work is part of the job description.
However, even though software engineers are adopting more privacy-related responsibilities, and believe in the importance of this work in their role, they are less than satisfied with the current privacy processes in place.
Less than half (44%) of the developers we asked responded that they are “fully satisfied” with the process of “managing data access control.” Only 32% are “fully satisfied” with the processes for data subject requests, and 21% are “fully satisfied” with processes for data erasure requests.
From what we already know about the privacy landscape, we might infer that the biggest challenges organizations face is scaling their privacy practices, keeping track of new regulations, and maintaining compliance with an ever-evolving data stack. In short, few organizations have yet managed to solve these problems efficiently. Especially since it often involves tedious and unglamorous work from software engineers and legal collaborators.
In other words, the considerable majority of software engineers are at best only somewhat satisfied with the way privacy problems are currently being handled. It looks like there’s plenty of room to improve the way engineers work on privacy.
Based on our research, we found that most developers are in resounding agreement: 85% agreed that organizations need to proactively address privacy, and that privacy should be considered as a part of systems design.
Software engineers believe that it should be easier to create privacy-respecting technologies, and that privacy should be treated as a core business requirement. Their responses show that they are ready and willing to embrace their role as frontline privacy practitioners. The majority of engineers we surveyed believe it’s time to shift privacy left and make privacy a part of the Software Development Lifecycle.
Thankfully, proactive privacy is possible. There are an increasing number of technologies that help technical and legal teams implement a Privacy-as-Code approach in their organization. Our team at Ethyca built Fides to do just that – to provide developers with a suite of tools that make it easy to embed privacy into their code.
Using a Privacy-as-Code approach will make it easier for software engineers, legal teams, and organizations to stay compliant with evolving privacy regulations, and protect users’ data rights. The thesis behind Fides appears to be borne out by the beliefs of software engineers who increasingly work on the front lines of privacy operations. In their opinions, Fides’ proactive approach to making privacy a part of systems design is the best way to conclusively solve the biggest challenges in privacy today.
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo