Hey devs! Confused by EU privacy law? Pull out the FLASH CARDS

Microsoft and University of Nottingham boffins design a deck of memory-joggers

Microsoft and University of Nottingham researchers say developers should be taught to design privacy and security using flash cards if they find wordy regulation documents onerous.

The team including Redmond's Ewa Luger and the University's Lachlan Urquhart, Tom Rodden, and Michael Golembewski say regulation is out-of-touch and can be better explained with printable image cards.

The deck of cards, available for printing, are geared to push a human-centric approach to systems development in-line with the emergent European General Data Protection Regulation.

"Where once designers and systems architects were only subject to the influence of regulation at the point of product market entry, they are now being called to account from the minute pen hits paper," the research team say in the paper Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process [PDF].

"Privacy and security will soon be expected ‘by design and by default’ – and with this regulatory turn, comes a raft of responsibilities.

"Rather than bolting on onerous terms and conditions or parachuting in lawyers after the fact … what if we were to take our human-centered skills and approaches and methodologically ply them to advance the regulatory field?"

The quartet note that ideation cards have been successful at everything from family counselling to security awareness training, and say it helps define problems within a broader context.

The cards are designed following consultation with the legal community covering areas of privacy, consent, and data breach notification.

It is designed to convey the importance of accuracy over speed in terms of data breach notification; the need to gain meaningful consent from disinterested users, and the difficulty of balancing the commercial gain in personal data against the right to be forgotten.

They tested the deck with 21 programmers, engineers, and system architects of varying experience and found mixed results in terms of individual priorities and how each identified their roles.

Those IT professionals with skill gaps could benefit from some supplemental information in conjunction with the cards, the researchers say.

The team will look to expand the cards beyond the EU context so that it applies to US regulations with further international studies planned. ®

Keep Reading

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild

Patch Tuesday Android, Adobe, SAP, Red Hat join the bug-busting party

Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulns in Windows Defender

Patch Tuesday Redmond keeps us hanging with on-premises Exchange flaw still to be fixed

Not just Microsoft: Auth turns out to be a point of failure for Google's cloud, too

Google has a better track record but the same issue: when authentication breaks, everything breaks

Google Firebase Cloud Messaging offers spam tier for some – no account required, just knowledge of bad security

All that's necessary is willingness to abuse server keys exposed in apps and some technical know-how

How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well

'Try telling leaders of libpng, libjpeg-turbo, openssl, ffmpeg etc they can't make "unilateral" changes to their own projects'

Google, Microsoft pitch in some spare change to keep Mozilla's Web Docs online bible alive

Turns out having coherent API documentation is useful for, well, everyone

Microsoft will adopt Google Chrome's controversial Manifest V3 in Edge

Thought Microsoft would resist Google's ad-friendly tweaks to the browser extension API? Think again

Microsoft flips big Indonesian e-tailer Bukalapak into Azure from Google cloud

Taking a strategic stake in the biz probably helped and shows how big tech is buying into Asia

Biting the hand that feeds IT © 1998–2021