{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T19:47:46Z","timestamp":1776109666376,"version":"3.50.1"},"publisher-location":"Cham","reference-count":92,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032075734","type":"print"},{"value":"9783032075741","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:00:00Z","timestamp":1760140800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:00:00Z","timestamp":1760140800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07574-1_7","type":"book-chapter","created":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T09:09:43Z","timestamp":1760087383000},"page":"153-177","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Turning to\u00a0Online Forums for\u00a0Legal Information: A Case Study of\u00a0GDPR\u2019s Legitimate Interests"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4753-3889","authenticated-orcid":false,"given":"Lin","family":"Kyi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0712-2038","authenticated-orcid":false,"given":"Cristiana","family":"Santos","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7042-7232","authenticated-orcid":false,"given":"Sushil Ammanaghatta","family":"Shivakumar","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8735-4810","authenticated-orcid":false,"given":"Franziska","family":"Roesner","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8083-0976","authenticated-orcid":false,"given":"Asia","family":"Biega","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,11]]},"reference":[{"key":"7_CR1","unstructured":"Opinion 2\/2010 on online behavioural advertising (2010). https:\/\/ec.europa.eu\/justice\/article-29\/documentation\/opinion-recommendation\/files\/2010\/wp171_en.pdf"},{"key":"7_CR2","unstructured":"Case 582\/14 \u2013 Patrick Breyer v Germany. Court of Justice of the European Union ECLI:EU:C:2016:779 (2016)"},{"key":"7_CR3","unstructured":"Case C-434\/16 - Peter Nowak v Data Protection Commissioner. Court of Justice of the European Union ECLI:EU:C:2017:994 (2017)"},{"key":"7_CR4","unstructured":"GDPR for Developers (2025). https:\/\/gdpr4devs.com\/"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Acar, Y., Backes, M., Fahl, S., Kim, D., Mazurek, M.L., Stransky, C.: You get where you\u2019re looking for: the impact of information sources on code security. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 289\u2013305. IEEE (2016)","DOI":"10.1109\/SP.2016.25"},{"key":"7_CR6","unstructured":"Decision on the merits 21\/2022 of 2 February 2022 Complaint relating to Transparency & Consent Framework (2022)"},{"key":"7_CR7","unstructured":"Armstrong, K.: Chatgpt: Us lawyer admits using ai for case research (2023)"},{"key":"7_CR8","unstructured":"Atwood, J.: Attribution required (2009)"},{"key":"7_CR9","doi-asserted-by":"publisher","DOI":"10.1093\/oso\/9780198847977.001.0001","volume-title":"The Right to Erasure in EU Data Protection Law","author":"J Ausloos","year":"2020","unstructured":"Ausloos, J.: The Right to Erasure in EU Data Protection Law. Oxford University Press, Oxford (2020)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Bacchelli, A., Ponzanelli, L., Lanza, M.: Harnessing stack overflow for the ide. In: 2012 Third International Workshop on Recommendation Systems for Software Engineering (RSSE), pp. 26\u201330. IEEE (2012)","DOI":"10.1109\/RSSE.2012.6233404"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Barakat, H., Redmiles, E.M.: Community under surveillance: impacts of marginalization on an online labor forum. In: Proceedings of the International AAAI Conference on Web and Social Media, vol. 16, pp. 12\u201321 (2022)","DOI":"10.1609\/icwsm.v16i1.19268"},{"issue":"3","key":"7_CR12","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/s10664-012-9231-y","volume":"19","author":"A Barua","year":"2014","unstructured":"Barua, A., Thomas, S.W., Hassan, A.E.: What are developers talking about? an analysis of topics and trends in stack overflow. Empir. Softw. Eng. 19(3), 619\u2013654 (2014)","journal-title":"Empir. Softw. Eng."},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Beadle, K., et al.: SoK: a privacy framework for security research using social media data. In: 2025 IEEE Symposium on Security and Privacy (SP), pp. 1178\u20131196. IEEE (2025)","DOI":"10.1109\/SP61157.2025.00145"},{"issue":"3","key":"7_CR14","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1080\/01972243.2019.1583296","volume":"35","author":"K Bednar","year":"2019","unstructured":"Bednar, K., Spiekermann, S., Langheinrich, M.: Engineering privacy by design: are engineers ready to live up to the challenge? Inf. Soc. 35(3), 122\u2013142 (2019)","journal-title":"Inf. Soc."},{"key":"7_CR15","unstructured":"Belanger, A.: Air canada has to honor a refund policy its chatbot made up (2024). https:\/\/www.wired.com\/story\/air-canada-chatbot-refund-policy\/"},{"key":"7_CR16","unstructured":"European Data\u00a0Protection Board. Opinion 4\/2007 on the concept of personal data (WP 136), adopted on 20.06.2007 (2007)"},{"key":"7_CR17","unstructured":"European Data\u00a0Protection Board. Guidelines 2\/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (2019)"},{"key":"7_CR18","unstructured":"European Data\u00a0Protection Board. Guidelines 5\/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) (2020)"},{"issue":"2","key":"7_CR19","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","volume":"3","author":"V Braun","year":"2006","unstructured":"Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77\u2013101 (2006)","journal-title":"Qual. Res. Psychol."},{"issue":"2","key":"7_CR20","doi-asserted-by":"publisher","first-page":"105","DOI":"10.18261\/issn.2387-3299-2017-02-03","volume":"4","author":"LA Bygrave","year":"2017","unstructured":"Bygrave, L.A.: Data protection by design and by default: deciphering the EU\u2019s legislative requirements. Oslo Law Rev. 4(2), 105\u2013120 (2017)","journal-title":"Oslo Law Rev."},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"CNIL. D\u00e9lib\u00e9ration san-2020-018 (2020)","DOI":"10.1088\/1475-7516\/2020\/02\/018"},{"key":"7_CR22","unstructured":"Data\u00a0Protection Commission. Data protection commission announces conclusion of two inquiries into meta Ireland (2023)"},{"key":"7_CR23","unstructured":"Commission Nationale de l\u2019Informatique et des Libert\u00e9s (CNIL). GDPR Developer\u2019s Guide (2020). https:\/\/www.cnil.fr\/en\/gdpr-developers-guide"},{"key":"7_CR24","unstructured":"Commission Nationale de l\u2019Informatique et des Libert\u00e9s (CNIL). Ouverture et r\u00e9utilisation de donn\u00e9es personnelles sur Internet: la CNIL publie ses recommandations (2024). https:\/\/www.cnil.fr\/fr\/ouverture-et-reutilisation-de-donnees-personnelles-sur-internet-la-cnil-publie-ses-recommandations"},{"key":"7_CR25","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2025.112541","volume":"230","author":"L Silva","year":"2025","unstructured":"Silva, L., Samhi, J., Khomh, F.: LLMs and stack overflow discussions: reliability, impact, and challenges. J. Syst. Softw. 230, 112541 (2025)","journal-title":"J. Syst. Softw."},{"key":"7_CR26","unstructured":"Irish DPA. Data protection commission reference: In-21-4-2 in the matter of meta platforms ireland ltd. (formerly facebook ireland ltd.) (2022)"},{"key":"7_CR27","unstructured":"Polish DPA. Decision zspr.421.3.2018 (2019)"},{"key":"7_CR28","first-page":"1","volume":"33","author":"B Dym","year":"2020","unstructured":"Dym, B., Fiesler, C.: Ethical and privacy considerations for research using online fandom data. Transformat. Works Cult. 33, 1\u201319 (2020)","journal-title":"Transformat. Works Cult."},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"European Data Protection\u00a0Board (EDPB). Opinion 5\/2019 on the interplay between the eprivacy directive and the gdpr, in particular regarding the competence, tasks and powers of data protection authorities (2019)","DOI":"10.21552\/edpl\/2019\/2\/12"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Emami-Naeini, P., Dixon, H., Agarwal, Y., Cranor, L.F.: Exploring how privacy and security factor into iot device purchase behavior. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI \u201919, pp. 1\u201312. Association for Computing Machinery, New York (2019)","DOI":"10.1145\/3290605.3300764"},{"key":"7_CR31","unstructured":"European Commission. 2018 Reform of EU data protection rules (2018). https:\/\/ec.europa.eu\/commission\/sites\/beta-political\/files\/data-protection-factsheet-changes_en.pdf"},{"key":"7_CR32","unstructured":"European Court of Justice. Case C-252\/21: Request for a preliminary ruling from the Oberlandesgericht D\u00fcsseldorf (Germany) lodged on 22 April 2021 \u2013 Facebook Inc. and Others v Bundeskartellamt (2023)"},{"key":"7_CR33","unstructured":"European Data Protection Board. Guidelines 07\/2020 on the concepts of controller and processor in the GDPR Version 1.0 (2020). https:\/\/edpb.europa.eu\/our-work-tools\/public-consultations-art-704\/2020\/guidelines-072020-concepts-controller-and-processor_en"},{"key":"7_CR34","unstructured":"European Data Protection Board (EDPB). Opinion 06\/2014 on the notion of legitimate interests of the data controller under article 7 of directive 95\/46\/ec (wp 217) (2014)"},{"key":"7_CR35","unstructured":"European Data Protection Board (EDPB). Guidelines 05\/2020 on consent under regulation 2016\/679 (2020)"},{"key":"7_CR36","unstructured":"European Data Protection Board (EDPB). SME Data Protection Guide (2023). https:\/\/www.edpb.europa.eu\/sme-data-protection-guide\/home_en"},{"key":"7_CR37","unstructured":"European Data Protection Board (EDPB). Guidelines 1\/2024 on processing of personal data based on Article 6(1)(f) GDPR (2024). https:\/\/www.edpb.europa.eu\/system\/files\/2024-10\/edpb_guidelines_202401_legitimateinterest_en.pdf"},{"key":"7_CR38","unstructured":"Law\u00a0Stack Exchange. General disclaimer (2023)"},{"key":"7_CR39","unstructured":"Stack Exchange. How does accepting an answer work? (2019)"},{"key":"7_CR40","unstructured":"Stack Exchange. Academic papers using stack exchange data (2022)"},{"issue":"3","key":"7_CR41","doi-asserted-by":"publisher","first-page":"843","DOI":"10.54648\/COLA2014063","volume":"51","author":"F Ferretti","year":"2014","unstructured":"Ferretti, F.: Data protection and the legitimate interest of data controllers: much ado about nothing or the winter of rights? Common Mark. Law Rev. 51(3), 843\u2013868 (2014)","journal-title":"Common Mark. Law Rev."},{"key":"7_CR42","first-page":"2021","volume":"44\u201361","author":"M Finck","year":"2021","unstructured":"Finck, M., Biega, A.J.: Reviving purpose limitation and data minimisation in data-driven systems. Technol. Regulat. 44\u201361, 2021 (2021)","journal-title":"Technol. Regulat."},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Fischer, F., et al.: Stack overflow considered harmful? the impact of copy &paste on android application security. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 121\u2013136. IEEE (2017)","DOI":"10.1109\/SP.2017.31"},{"key":"7_CR44","unstructured":"Fouad, Y,\u00a0Lodder, A.,\u00a0Hurdey, J., et\u00a0al.: A lawful basis for online proctoring (2018)"},{"issue":"4","key":"7_CR45","doi-asserted-by":"publisher","first-page":"1640","DOI":"10.1177\/1461444817702397","volume":"20","author":"D Greene","year":"2018","unstructured":"Greene, D., Shilton, K.: Platform privacies: governance, collaboration, and the different meanings of \u201cprivacy\u2019\u2019 in iOS and Android development. New Media Soc. 20(4), 1640\u20131657 (2018)","journal-title":"New Media Soc."},{"key":"7_CR46","doi-asserted-by":"crossref","unstructured":"Habib, H., et al.: \u201cIt\u2019s a Scavenger Hunt\": usability of websites\u2019 opt-out and data deletion choices. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI \u201920, pp. 1\u201312. Association for Computing Machinery, New York (2020)","DOI":"10.1145\/3313831.3376511"},{"key":"7_CR47","doi-asserted-by":"crossref","unstructured":"H\u00e4m\u00e4l\u00e4inen, P., Tavast, M., Kunnari, A.: Evaluating large language models in generating synthetic hci research data: a case study. In: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, pp. 1\u201319 (2023)","DOI":"10.1145\/3544548.3580688"},{"key":"7_CR48","doi-asserted-by":"crossref","unstructured":"Horstmann, S.A., Domiks, S., Gutfleisch, M., Tran, M., Acar, Y., Moonsamy, V., Naiakshina, A.: Those things are written by lawyers, and programmers are reading that. Mapping the communication gap between software developers and privacy experts. Proc. Priv. Enhan. Technol. (2024)","DOI":"10.56553\/popets-2024-0010"},{"key":"7_CR49","doi-asserted-by":"crossref","unstructured":"Horstmann, S.A., et al.: \u201cSorry for Bugging you so much.\u201d Exploring developers\u2019 behavior towards privacy-compliant implementation. In: 2025 IEEE Symposium on Security and Privacy (SP), pp. 1215\u20131233 (2025)","DOI":"10.1109\/SP61157.2025.00146"},{"key":"7_CR50","unstructured":"Information Commissioner\u2019s Office. Data controllers and data processors: what the difference is and what the governance implications are (2018). https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/controllers-and-processors\/"},{"key":"7_CR51","doi-asserted-by":"publisher","first-page":"168","DOI":"10.21552\/edpl\/2018\/2\/7","volume":"4","author":"L Jasmontaite","year":"2018","unstructured":"Jasmontaite, L., Kamara, I., Zanfir-Fortuna, G., Leucci, S.: Data protection by design and by default: framing guiding principles into legal obligations in the GDPR. Eur. Data Prot. L. Rev. 4, 168 (2018)","journal-title":"Eur. Data Prot. L. Rev."},{"issue":"12","key":"7_CR52","first-page":"35","volume":"4","author":"I Kamara","year":"2018","unstructured":"Kamara, I., Hert, P.: Understanding the balancing act behind the legitimate interest of the controller ground: a pragmatic approach. Brussels Priv. Hub 4(12), 35 (2018)","journal-title":"Brussels Priv. Hub"},{"key":"7_CR53","unstructured":"Kollnig, K., et al.: A fait accompli? an empirical study into the absence of consent to third-party tracking in android apps. In: Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pp. 181\u2013196 (2021)"},{"key":"7_CR54","doi-asserted-by":"crossref","unstructured":"Kuner, C., Bygrave, L.A., Docksey, C., Drechsler, L., Tosoni, L.: The eu general data protection regulation: a commentary\/update of selected articles. Update of Selected Articles (May 4, 2021) (2021)","DOI":"10.2139\/ssrn.3839645"},{"key":"7_CR55","doi-asserted-by":"crossref","unstructured":"Kyi, L., et al.: Investigating deceptive design in GDPR\u2019s legitimate interest. In: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, pp. 1\u201315 (2023)","DOI":"10.1145\/3544548.3580637"},{"key":"7_CR56","unstructured":"LG M\u00fcnchen I (Regional Court Munich I). Verletzung des Pers\u00f6nlichkeitsrechts durch Datenschutzversto\u00df (Violation of the right of personality due to data protection infringement) (2022). https:\/\/www.gesetze-bayern.de\/Content\/Document\/Y-300-Z-BECKRS-B-2022-N-612?hl=true"},{"issue":"CSCW3","key":"7_CR57","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3432919","volume":"4","author":"T Li","year":"2021","unstructured":"Li, T., Louie, E., Dabbish, L., Hong, J.I.: How developers talk about personal data and what it means for user privacy: a case study of a developer forum on reddit. Proc. ACM Hum.-Comput. Interact. 4(CSCW3), 1\u201328 (2021)","journal-title":"Proc. ACM Hum.-Comput. Interact."},{"key":"7_CR58","unstructured":"Liepina, R., et al.: Gdpr privacy policies in claudette: challenges of omission, context and multilingualism. In: ASAIL@ICAIL (2019)"},{"issue":"3","key":"7_CR59","doi-asserted-by":"publisher","first-page":"334","DOI":"10.1080\/1369118X.2011.641993","volume":"15","author":"A Markham","year":"2012","unstructured":"Markham, A.: Fabrication as ethical practice: qualitative inquiry in ambiguous internet contexts. Inf. Commun. Soc. 15(3), 334\u2013353 (2012)","journal-title":"Inf. Commun. Soc."},{"key":"7_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/978-3-030-55196-4_10","volume-title":"Privacy Technologies and Policy","author":"C Matte","year":"2020","unstructured":"Matte, C., Santos, C., Bielova, N.: Purposes in IAB Europe\u2019s TCF: which legal basis and how are they used by\u00a0advertisers? In: Antunes, L., Naldi, M., Italiano, G.F., Rannenberg, K., Drogkaris, P. (eds.) APF 2020. LNCS, vol. 12121, pp. 163\u2013185. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-55196-4_10"},{"issue":"3","key":"7_CR61","doi-asserted-by":"publisher","first-page":"276","DOI":"10.11613\/BM.2012.031","volume":"22","author":"ML McHugh","year":"2012","unstructured":"McHugh, M.L.: Interrater reliability: the kappa statistic. Biochemia medica 22(3), 276\u2013282 (2012)","journal-title":"Biochemia medica"},{"key":"7_CR62","unstructured":"Norwegian DPA against Meta Platfroms Case 21\/03530-16 (2023)"},{"key":"7_CR63","unstructured":"noyb.eu. GDPRhub (2025). https:\/\/gdprhub.eu\/"},{"key":"7_CR64","unstructured":"European\u00a0Court of\u00a0Justice. Case c\u2011210\/16 wirtschaftsakademie schleswig-holstein, ecli:eu:c:2018:388 (2018)"},{"key":"7_CR65","unstructured":"European\u00a0Court of\u00a0Justice. Case c-40\/17 fashion id gmbh & co.kg v verbraucherzentrale nrw ev, ecli:eu:c:2019:629 (2019)"},{"key":"7_CR66","unstructured":"European\u00a0Court of\u00a0Justice. Case c-673\/17 verbraucherzentrale bundesverband v. planet49, ecli:eu:c:2019:801 (2019)"},{"key":"7_CR67","unstructured":"Information\u00a0Commissioner\u2019s Office. Guidance on the use of cookies and similar technologies (2019). https:\/\/ico.org.uk\/media\/for-organisations\/guide-to-pecr\/guidance-on-the-use-of-cookies-and-similar-technologies-1-0.pdf"},{"key":"7_CR68","unstructured":"Parnin, C., Treude, C., Grammel, L., Storey, M.A.: Crowd documentation: exploring the coverage and the dynamics of API discussions on stack overflow. Georgia Institute of Technology, Tech. Rep. 11 (2012)"},{"key":"7_CR69","unstructured":"Parsons, J., Schrider, M., Ogunlela, O., Ghanavati, S.: Understanding developers privacy concerns through reddit thread analysis. In: Joint Proceedings of REFSQ-2023 Workshops (2023)"},{"key":"7_CR70","unstructured":"Article 29\u00a0Working Party. Opinion 2\/2010 on online behavioural advertising (2010)"},{"key":"7_CR71","unstructured":"Article 29\u00a0Working Party. Opinion 04\/2012 on cookie consent exemption (WP 194) (2012)"},{"key":"7_CR72","unstructured":"Article 29\u00a0Working Party. Google Spain SL and Google Inc. v Agencia Espa\u00f1ola de Protecci\u00f3n de Datos (AEPD) and Mario Costeja Gonz\u00e1lez (2014)"},{"key":"7_CR73","unstructured":"Article 29\u00a0Working Party. Guidelines on transparency under Regulation 2016\/679, WP260 rev.01 (2016)"},{"key":"7_CR74","doi-asserted-by":"crossref","unstructured":"Proferes, N., Jones, N., Gilbert, S., Fiesler, C., Zimmer, M.: Studying reddit: a systematic overview of disciplines, approaches, methods, and ethics. Social Media + Society 7(2), 20563051211019004 (2021)","DOI":"10.1177\/20563051211019004"},{"key":"7_CR75","unstructured":"Sanh, V., et\u00a0al.: Multitask prompted training enables zero-shot task generalization. In: International Conference on Learning Representations (2022)"},{"key":"7_CR76","doi-asserted-by":"crossref","unstructured":"Santos, C., Bielova, N., Matte, C.: Are cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners. Technol. Regul. 91\u2013135 (2020)","DOI":"10.71265\/g317tv72"},{"key":"7_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/978-3-030-76663-4_3","volume-title":"Privacy Technologies and Policy","author":"C Santos","year":"2021","unstructured":"Santos, C., Nouwens, M., Toth, M., Bielova, N., Roca, V.: Consent management platforms under the GDPR: processors and\/or controllers? In: Gruschka, N., Antunes, L.F.C., Rannenberg, K., Drogkaris, P. (eds.) APF 2021. LNCS, vol. 12703, pp. 47\u201369. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-76663-4_3"},{"key":"7_CR78","doi-asserted-by":"crossref","unstructured":"Senarath, A., Arachchilage, N.A.G.: Why developers cannot embed privacy into software systems? An empirical investigation. In: Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018, pp. 211\u2013216 (2018)","DOI":"10.1145\/3210459.3210484"},{"key":"7_CR79","doi-asserted-by":"crossref","unstructured":"Shanmugam, D., Diaz, F., Shabanian, S., Finck, M., Biega, A.: Learning to limit data collection via scaling laws: A computational interpretation for the legal principle of data minimization. In: 2022 ACM Conference on Fairness, Accountability, and Transparency, pp. 839\u2013849 (2022)","DOI":"10.1145\/3531146.3533148"},{"issue":"7","key":"7_CR80","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/2209249.2209263","volume":"55","author":"S Spiekermann","year":"2012","unstructured":"Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38\u201340 (2012)","journal-title":"Commun. ACM"},{"key":"7_CR81","doi-asserted-by":"crossref","unstructured":"St\u00f6ver, A., et\u00a0al.: How website owners face privacy issues: thematic analysis of responses from a covert notification study reveals diverse circumstances and challenges. Proc. Priv. Enhan. Technol. (2023)","DOI":"10.56553\/popets-2023-0051"},{"key":"7_CR82","doi-asserted-by":"crossref","unstructured":"Tahaei, M., Bernd, J., Rashid, A.: Privacy, permissions, and the health app ecosystem: a stack overflow exploration. In: Proceedings of the 2022 European Symposium on Usable Security, pp. 117\u2013130 (2022)","DOI":"10.1145\/3549015.3555669"},{"key":"7_CR83","doi-asserted-by":"crossref","unstructured":"Tahaei, M., Frik, A., Vaniea, K.: Privacy champions in software teams: understanding their motivations, strategies, and challenges. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, pp. 1\u201315 (2021)","DOI":"10.1145\/3411764.3445768"},{"issue":"2","key":"7_CR84","first-page":"114","volume":"2022","author":"M Tahaei","year":"2022","unstructured":"Tahaei, M., Li, T., Vaniea, K.: Understanding privacy-related advice on stack overflow. Proc. Priv. Enhan. Technol. 2022(2), 114\u2013131 (2022)","journal-title":"Proc. Priv. Enhan. Technol."},{"key":"7_CR85","doi-asserted-by":"crossref","unstructured":"Tahaei, M., Vaniea, K., Saphra, N.: Understanding privacy-related questions on stack overflow. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1\u201314 (2020)","DOI":"10.1145\/3313831.3376768"},{"key":"7_CR86","unstructured":"Taylor-Hiscock, R.: Your complete guide to General Data Protection Regulation (GDPR) compliance. OneTrust Blog (2021)"},{"key":"7_CR87","unstructured":"European Union. Directive 2009\/136\/EC of the European Parliament and of the Council (2009)"},{"key":"7_CR88","doi-asserted-by":"crossref","unstructured":"Vasilescu, B., Filkov, V., Serebrenik, A.: Stack overflow and github: associations between software development and crowdsourced knowledge. In: 2013 International Conference on Social Computing, pp. 188\u2013195. IEEE (2013)","DOI":"10.1109\/SocialCom.2013.35"},{"issue":"2133","key":"7_CR89","doi-asserted-by":"publisher","first-page":"20180083","DOI":"10.1098\/rsta.2018.0083","volume":"376","author":"M Veale","year":"2018","unstructured":"Veale, M., Binns, R., Edwards, L.: Algorithms that remember: model inversion attacks and data protection law. Phil. Trans. R. Soc. A: Math. Phys. Eng. Sci. 376(2133), 20180083 (2018)","journal-title":"Phil. Trans. R. Soc. A: Math. Phys. Eng. Sci."},{"key":"7_CR90","doi-asserted-by":"crossref","unstructured":"Webley, L.: Qualitative approaches to empirical legal research, pp. 926\u2013948. Oxford Handbooks. Oxford University Press, Cambridge (2010)","DOI":"10.1093\/oxfordhb\/9780199542475.013.0039"},{"key":"7_CR91","unstructured":"Winter, T.: How to source developers from Stack Overflow (2021)"},{"issue":"2","key":"7_CR92","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1007\/s10664-018-9634-5","volume":"24","author":"W Yuhao","year":"2019","unstructured":"Yuhao, W., Wang, S., Bezemer, C.-P., Inoue, K.: How do developers utilize source code from stack overflow? Empir. Softw. Eng. 24(2), 637\u2013673 (2019)","journal-title":"Empir. Softw. Eng."}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07574-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T09:10:38Z","timestamp":1760087438000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07574-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,11]]},"ISBN":["9783032075734","9783032075741"],"references-count":92,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07574-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,11]]},"assertion":[{"value":"11 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"APF","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual Privacy Forum","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Frankfurt am Main","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"apf2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/privacyforum.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}