{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T05:54:01Z","timestamp":1774418041957,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":26,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,9,19]],"date-time":"2022-09-19T00:00:00Z","timestamp":1663545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Bayerisches Forschungsinstitut f\u00fcr Digitale Transformation"},{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["01IS17049"],"award-info":[{"award-number":["01IS17049"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,9,19]]},"DOI":"10.1145\/3544902.3546234","type":"proceedings-article","created":{"date-parts":[[2022,9,7]],"date-time":"2022-09-07T04:07:45Z","timestamp":1662523665000},"page":"261-271","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative Study"],"prefix":"10.1145","author":[{"given":"Oleksandra","family":"Klymenko","sequence":"first","affiliation":[{"name":"Department of Informatics, Technical University of Munich, Germany"}]},{"given":"Oleksandr","family":"Kosenkov","sequence":"additional","affiliation":[{"name":"fortiss GmbH, Germany"}]},{"given":"Stephen","family":"Meisenbacher","sequence":"additional","affiliation":[{"name":"Department of Informatics, Technical University of Munich, Germany"}]},{"given":"Parisa","family":"Elahidoost","sequence":"additional","affiliation":[{"name":"fortiss GmbH, Germany"}]},{"given":"Daniel","family":"Mendez","sequence":"additional","affiliation":[{"name":"Blekinge Institute of Technology, Sweden"}]},{"given":"Florian","family":"Matthes","sequence":"additional","affiliation":[{"name":"Department of Informatics, Technical University of Munich, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,9,19]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-021-01544-1"},{"key":"#cr-split#-e_1_3_2_1_2_1.1","doi-asserted-by":"crossref","unstructured":"Micah Altman Aloni Cohen Kobbi Nissim and Alexandra Wood. 2020. What a Hybrid Legal-Technical Analysis Teaches Us About Privacy Regulation: The Case of Singling Out. SSRN Electronic Journal(2020). https:\/\/doi.org\/10.2139\/ssrn.3681729 10.2139\/ssrn.3681729","DOI":"10.2139\/ssrn.3681729"},{"key":"#cr-split#-e_1_3_2_1_2_1.2","doi-asserted-by":"crossref","unstructured":"Micah Altman Aloni Cohen Kobbi Nissim and Alexandra Wood. 2020. What a Hybrid Legal-Technical Analysis Teaches Us About Privacy Regulation: The Case of Singling Out. SSRN Electronic Journal(2020). https:\/\/doi.org\/10.2139\/ssrn.3681729","DOI":"10.2139\/ssrn.3681729"},{"key":"e_1_3_2_1_3_1","unstructured":"Virginia Braun and Victoria Clarke. 2012. Thematic analysis.(2012).  Virginia Braun and Victoria Clarke. 2012. Thematic analysis.(2012)."},{"key":"e_1_3_2_1_4_1","volume-title":"Experimental and quasi-experimental designs for research","author":"Campbell T","unstructured":"Donald\u00a0 T Campbell and Julian\u00a0 C Stanley . 2015. Experimental and quasi-experimental designs for research . Ravenio Books . Donald\u00a0T Campbell and Julian\u00a0C Stanley. 2015. Experimental and quasi-experimental designs for research. Ravenio Books."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.3390\/s22072763"},{"key":"e_1_3_2_1_6_1","volume-title":"Quasi-experimentation: Design and analysis for field settings. Rand McNally.","author":"Cook D","year":"1979","unstructured":"Thomas\u00a0 D Cook and Donald\u00a0Thomas Campbell . 1979 . Quasi-experimentation: Design and analysis for field settings. Rand McNally. Thomas\u00a0D Cook and Donald\u00a0Thomas Campbell. 1979. Quasi-experimentation: Design and analysis for field settings. Rand McNally."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1093\/idpl\/ipw008"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.2501\/IJMR-2017-050"},{"key":"e_1_3_2_1_9_1","unstructured":"Graham Greenleaf. 2019. Global data privacy laws 2019: 132 national laws & many bills. (2019).  Graham Greenleaf. 2019. Global data privacy laws 2019: 132 national laws & many bills. (2019)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.37"},{"key":"e_1_3_2_1_11_1","unstructured":"HHS. 2010. Do the standards of the Security Rule require use of specific technologies?https:\/\/www.hhs.gov\/hipaa\/for-professionals\/faq\/2011\/do-the-standards-of-the-security-rule-require-use-of-specific-technologies\/index.html Last Modified: 2021-06-28T08:59:34-0400.  HHS. 2010. Do the standards of the Security Rule require use of specific technologies?https:\/\/www.hhs.gov\/hipaa\/for-professionals\/faq\/2011\/do-the-standards-of-the-security-rule-require-use-of-specific-technologies\/index.html Last Modified: 2021-06-28T08:59:34-0400."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2578903.2579162"},{"key":"e_1_3_2_1_13_1","volume-title":"Meet GDPR Requirements. In AMCIS.","author":"Huth Dominik","year":"2019","unstructured":"Dominik Huth and Florian Matthes . 2019 . \u201d Appropriate Technical and Organizational Measures\u201d: Identifying Privacy Engineering Approaches to Meet GDPR Requirements. In AMCIS. Dominik Huth and Florian Matthes. 2019. \u201dAppropriate Technical and Organizational Measures\u201d: Identifying Privacy Engineering Approaches to Meet GDPR Requirements. In AMCIS."},{"key":"e_1_3_2_1_14_1","volume-title":"Aernout\u00a0H","author":"Koops Bert-Jaap","unstructured":"Bert-Jaap Koops . 2006. Should ICT Regulation Be Technology-Neutral?In Starting Points for ICT Regulation , Aernout\u00a0H .J. Schmidtand Philip\u00a0E. van Tongeren (Eds.). Vol.\u00a09. T.M.C. Asser Press , The Hague, 77\u2013108. https:\/\/doi.org\/10.1007\/978-90-6704-665-7_4 Series Title : Information Technology and Law Series . 10.1007\/978-90-6704-665-7_4 Bert-Jaap Koops. 2006. Should ICT Regulation Be Technology-Neutral?In Starting Points for ICT Regulation, Aernout\u00a0H.J. Schmidtand Philip\u00a0E. van Tongeren (Eds.). Vol.\u00a09. T.M.C. Asser Press, The Hague, 77\u2013108. https:\/\/doi.org\/10.1007\/978-90-6704-665-7_4 Series Title: Information Technology and Law Series."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3484191"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2013.6636702"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-27813-7_6"},{"key":"e_1_3_2_1_19_1","volume-title":"The right of privacy. Harvard Law Review","author":"Rubenfeld Jed","year":"1989","unstructured":"Jed Rubenfeld . 1989. The right of privacy. Harvard Law Review ( 1989 ), 737\u2013807. Jed Rubenfeld. 1989. The right of privacy. Harvard Law Review (1989), 737\u2013807."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.21552\/edpl\/2021\/1\/16"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3267357.3267368"},{"key":"e_1_3_2_1_22_1","volume-title":"ANALYSIS: Three Years Later, GDPR Compliance Still a Challenge. https:\/\/news.bloomberglaw.com\/bloomberg-law-analysis\/analysis-three-years-later-gdpr-compliance-still-a-challenge","author":"Smith Mark","year":"2021","unstructured":"Mark Smith and Jacquelyn Palmer . 2021 . ANALYSIS: Three Years Later, GDPR Compliance Still a Challenge. https:\/\/news.bloomberglaw.com\/bloomberg-law-analysis\/analysis-three-years-later-gdpr-compliance-still-a-challenge Mark Smith and Jacquelyn Palmer. 2021. ANALYSIS: Three Years Later, GDPR Compliance Still a Challenge. https:\/\/news.bloomberglaw.com\/bloomberg-law-analysis\/analysis-three-years-later-gdpr-compliance-still-a-challenge"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2008.88"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-64148-1_24"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.5325\/jinfopoli.11.2021.0063"},{"key":"e_1_3_2_1_26_1","unstructured":"Christian Zimmermann. 2020. Automation Potentials in Privacy Engineering. Open Identity Summit 2020(2020).  Christian Zimmermann. 2020. Automation Potentials in Privacy Engineering. Open Identity Summit 2020(2020)."}],"event":{"name":"ESEM '22: ACM \/ IEEE International Symposium on Empirical Software Engineering and Measurement","location":"Helsinki Finland","acronym":"ESEM '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 16th ACM \/ IEEE International Symposium on Empirical Software Engineering and Measurement"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3544902.3546234","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3544902.3546234","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:07Z","timestamp":1750186807000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3544902.3546234"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,19]]},"references-count":26,"alternative-id":["10.1145\/3544902.3546234","10.1145\/3544902"],"URL":"https:\/\/doi.org\/10.1145\/3544902.3546234","relation":{},"subject":[],"published":{"date-parts":[[2022,9,19]]},"assertion":[{"value":"2022-09-19","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}