Data Protection in Software Development

Legal experts and software developers must work hand in hand to fulfill the necessary data protection requirements and implement software that is legally compliant. In a collaborative research project with the company Meta, three researchers from the Cluster of Excellence "CASA - Cyber Security in the Age of Large-Scale Adversaries" from the Research HUBs C and D are investigating how the interactions between the two groups can be improved further by conducting a series of user studies and tool development.

Assistant Professor Dr. Alena Naiakshina, Professor Dr. M. Angela Sasse and Dr. Veelasha Moonsamy are investigating how the interaction between legal experts and software developers can be further improved. Copyright: RUB, Marquard.

Whether data economy, data security or data minimization: They are all central pillars of data protection and thus serve to protect individuals and data abuse. Legal experts are responsible for safeguarding these requirements. Software developers are the technical designers of data protection and face the challenge of implementing the prescribed data protection principles in applications and systems.

Three CASA Principal Investigators (PIs) Dr. Veelasha Moonsamy, Assistant Professor Dr. Alena Naiakshina and Professor Dr. M. Angela Sasse (Ruhr-Universität Bochum, RUB) are researching in a joint project with Professor Dr. Yasemin Acar (George Washington University, GWU) and the technology company Meta (formerly Facebook) how software developers in particular can be supported in implementing and complying with complex data protection requirements.

"There is currently a gap in knowledge in terms of understanding how legal experts involved in the Privacy Review process interact with software developers who are implementing privacy measures and mitigating privacy risks", says Dr. Veelasha Moonsamy, describing the starting point of the study. The complex requirements, such as those set out in the European General Data Protection Regulation (GDPR), have to be implemented. The technical scope and possibilities are usually much more extensive than what is legally permissible.

"In our study, we conduct several interviews with legal experts for data protection and software developers and use the insights gained to develop a tool that can act as a translation layer between the legal experts and the software developers," Moonsamy explains the procedure.

The RUB researchers are project partners in this research project. The funding of Meta in the amount of $70.000 was received by GWU.

Press contact
Prof. Dr. M. Angela Sasse
Chair of  Human-Centred Security
Faculty of Computer Science
Ruhr-Universität Bochum
Phone: +49 234 32 25888
Email: Martina.Sasse(at)

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.