How Do Software Engineers Feel About Data Privacy?

Through our Fides open-source product, we at Ethyca are betting that software engineers are the frontline privacy practitioners of the future. But are engineers ready to take on this important responsibility for internet citizens everywhere?

To be fully confident in our hypothesis, we asked them this question ourselves. It turns out that not only do software engineers already believe that privacy operations constitute an important part of their job, they believe that better devtools for tackling privacy in the Software Development Lifecycle are the best way to truly solve today’s biggest privacy challenges.

Let’s dive into what we found about software engineering attitudes towards privacy and privacy operations.

The Role Of Privacy Engineering Today And Tomorrow

At Ethyca, we’re keenly aware that the data privacy landscape is still maturing. Our own data shows businesses are investing more and more resources into privacy operations. This takes the form of people and technologies to build sophisticated data teams, and systems that comply with global privacy regulations.

We think this is a step in the right direction – especially since we Ethycans emphatically believe that the best way to solve modern privacy challenges is through a Privacy-as-Code approach. That’s why we’ve created Fides – the open-source privacy engineering platform that provides tools for software engineers to embed privacy in any tech stack.

Our hypotheses on the need for better privacy engineering tools are based on two main assumptions:

• Software engineers are essential drivers of privacy-related outcomes. This is evident in the growing enthusiasm around privacy engineering, the rise of privacy engineering evangelists (like Nishant Bhajaria, whose recent book Data Privacy: A Runbook for Engineers, is making all kinds of waves advocating for better privacy engineering practices), and more.
• Software engineering as a profession is on its way to becoming a key privacy stakeholder in every business. The job is adopting a larger number of privacy-related responsibilities, which will continue to grow in importance and magnitude as global privacy requirements expand.

With software engineers’ increased involvement in data privacy operations, their attitudes toward privacy remain a topic of longstanding debate. Of course, our team at Ethyca believes that engineers are ready and willing to become the new champions of privacy. If we didn’t, we wouldn’t have created the world’s first open-source privacy engineering platform to help solve the world’s most pressing privacy challenges. But what about software engineers themselves? Are they as enthusiastic about this idea as we are?

It’s a worthwhile question to ask. That’s why we sought out 337 professional software engineers to ask them how they feel about business privacy challenges and possible solutions to those challenges.

This blog post will discuss key findings from our original research, which generally reflects software developers’ outlook on the state of privacy solutions today. We’ll also highlight some meaningful takeaways from their responses so that organizations can improve on their proactive privacy solutions and help protect users’ data rights.

Methodology

Before we dive into our findings, let’s explain how we conducted our survey.

• We asked 337 software engineers a series of questions about their job responsibilities and how they relate to data privacy and privacy engineering.
• Most of the software engineers we polled work at organizations with more than 1000 employees.
• More than half of our respondents have had 10+ years of experience in software development.

Based on our respondents’ answers, we can infer some interesting conclusions about how software engineers view data privacy practices today, and how they think those practices could be improved.

Privacy Tasks Are Becoming Widespread In Engineering Roles

First, we asked software engineers about their involvement in solving privacy-related tasks.

Nearly half of the developers we surveyed (48%) claimed that they currently work with data privacy platforms. When asked about the data governance and privacy tasks they perform, “managing data access control” (44%), “data subject requests” (36%), and “data erasure requests” (30%) ranked in the top three.

The fact that almost half of our respondents are spending time on common data privacy issues, like access control and subject rights orchestration, is worth pausing to consider.

Historically, lawyers have been primarily responsible for complying with global privacy laws. Of course, legal teams still play a vital role in creating respectful privacy systems. But software engineers are playing a bigger role in this mission, too. They are becoming key stakeholders in maintaining privacy-respecting standards within organizations.

Software Engineers Believe Privacy Is A Necessary Part Of Their Job

Not only are software engineers tasked with solving their organizations’ privacy problems, they also strongly believe that privacy work is an integral part of their job. In other words, the majority of the engineers we surveyed believe that privacy work is part of the job description.

However, even though software engineers are adopting more privacy-related responsibilities, and believe in the importance of this work in their role, they are less than satisfied with the current privacy processes in place.

Less than half (44%) of the developers we asked responded that they are “fully satisfied” with the process of “managing data access control.” Only 32% are “fully satisfied” with the processes for data subject requests, and 21% are “fully satisfied” with processes for data erasure requests.

From what we already know about the privacy landscape, we might infer that the biggest challenges organizations face is scaling their privacy practices, keeping track of new regulations, and maintaining compliance with an ever-evolving data stack. In short, few organizations have yet managed to solve these problems efficiently. Especially since it often involves tedious and unglamorous work from software engineers and legal collaborators.

In other words, the considerable majority of software engineers are at best only somewhat satisfied with the way privacy problems are currently being handled. It looks like there’s plenty of room to improve the way engineers work on privacy.

Software Engineers Want A Privacy Engineering Platform

Based on our research, we found that most developers are in resounding agreement: 85% agreed that organizations need to proactively address privacy, and that privacy should be considered as a part of systems design.

Software engineers believe that it should be easier to create privacy-respecting technologies, and that privacy should be treated as a core business requirement. Their responses show that they are ready and willing to embrace their role as frontline privacy practitioners. The majority of engineers we surveyed believe it’s time to shift privacy left and make privacy a part of the Software Development Lifecycle.

Thankfully, proactive privacy is possible. There are an increasing number of technologies that help technical and legal teams implement a Privacy-as-Code approach in their organization. Our team at Ethyca built Fides to do just that – to provide developers with a suite of tools that make it easy to embed privacy into their code.

Using a Privacy-as-Code approach will make it easier for software engineers, legal teams, and organizations to stay compliant with evolving privacy regulations, and protect users’ data rights. The thesis behind Fides appears to be borne out by the beliefs of software engineers who increasingly work on the front lines of privacy operations. In their opinions, Fides’ proactive approach to making privacy a part of systems design is the best way to conclusively solve the biggest challenges in privacy today.