| Summary: | Modern privacy legislation covers a broad data scope and introduces technically challenging data management requirements. Computer science research has emerged to resolve technical challenges, but proposed system designs could benefit from deeper understandings of user workflows. Existing qualitative work to understand privacy compliance on the ground gives both reason for optimism and alarm. There is a growing community of knowledgeable privacy professionals, but their effectiveness is hindered by organizational dynamics. We conduct 10 semi-structured interviews of privacy experts to further understand challenges faced by privacy practitioners. We find key challenges arising primarily from misaligned organizational incentives and difficulty in policy interpretation. We urge organizations to invest in and empower privacy engineers, researchers to explore different design directions, and policymakers to enable greater user recourse against corporations. We hope our work can help enable privacy respecting institutions and systems.
|
|---|