pith. sign in

arxiv: 2604.24982 · v1 · submitted 2026-04-27 · 💻 cs.HC

"We Wanted to Do Better Than the Law": Exploring UI/UX Designers' Privacy Advocacy in Practice

Keyu Yao , Jinghui Cheng , Jin L.C. Guo This is my paper

Pith reviewed 2026-05-08 02:02 UTC · model grok-4.3

classification 💻 cs.HC
keywords UI/UX designprivacy advocacyuser experienceteam collaborationprivacy implementationdesign challengesorganizational factors
0
0 comments X

The pith

UI/UX designers who advocate for privacy navigate personal values, team negotiations, and business pressures through adaptive strategies.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

UI/UX designers hold responsibility for shaping product interfaces and experiences that determine privacy outcomes. The paper draws on interviews with twelve privacy-advocating designers to examine how they form privacy values and put them into practice. Personal and contextual factors determine the weight designers give to privacy. In team settings, challenges emerge from the need to negotiate with developers, product managers, and marketing staff over competing priorities. Designers respond with adaptive methods that let them advance privacy goals while managing business, team, and technical constraints.

Core claim

Through semi-structured interviews, the study establishes that personal and contextual factors shape designers' valuation of privacy, that the challenges of prioritizing privacy are collaborative and arise in negotiations with other stakeholders, and that designers navigate resulting tensions between business goals, team dynamics, and technical development by using adaptive methods to maintain privacy focus.

What carries the argument

Designers' adaptive methods for negotiating privacy priorities within cross-functional teams facing business, team, and technical constraints.

If this is right

  • A user-centered approach is needed to support privacy-aware design.
  • Organizational-level changes can reduce barriers to privacy prioritization.
  • Designer-centric tools can bridge knowledge gaps between designers and privacy requirements.
  • Community building among designers can strengthen privacy advocacy efforts.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The reported negotiation tactics could be turned into targeted training modules for design teams.
  • Similar interview studies with developers and product managers might reveal whether the same tensions appear from other roles.
  • The findings suggest that privacy tools should focus on facilitating cross-team discussions rather than solely on technical compliance.

Load-bearing premise

The experiences reported by twelve self-selected privacy-advocating designers accurately represent the range of practices and can guide general recommendations for supporting privacy-aware design.

What would settle it

A broader survey of UI/UX designers finding that most do not report personal or contextual influences on privacy values, do not face collaborative challenges, or do not use adaptive methods would undermine the central claims.

Figures

Figures reproduced from arXiv: 2604.24982 by Jinghui Cheng, Jin L.C. Guo, Keyu Yao.

Figure 1
Figure 1. Figure 1: Our findings on the core values of UI/UX designers regarding privacy, the factors that shape their view at source ↗
read the original abstract

Designers hold primary responsibility for shaping the user interface (UI) and user experience (UX) of a product. This role goes beyond aesthetics and usability, extending to the privacy outcomes of user experience, which often emerge through collaboration with other stakeholders such as developers, product managers, and marketing teams. Previous studies on enhancing privacy for technological products primarily focused on the roles of developers -- understanding their needs and challenges -- but limited effort is devoted to examining how UI/UX designers consider and approach privacy in their work. Through 12 semi-structured interviews with privacy-advocating UI/UX designers, we explore the perceptions, influencing factors, challenges, and adaptive methods they use regarding privacy implementation. We pay special attention to how these challenges and adaptations play out in team-based settings where decisions are negotiated together. Our study reveals how personal and contextual factors shape designers' value of privacy, the collaborative nature of the challenges designers face when trying to prioritize privacy, and how they navigate tensions between business goals, team dynamics, and technical development. Based on our findings, we discuss implications for advocating a user-centered approach for supporting privacy-aware design, suggestions for organizational-level changes and bridging knowledge gaps through designer-centric tools and community building.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript reports results from 12 semi-structured interviews with privacy-advocating UI/UX designers. It describes how personal and contextual factors shape designers' valuation of privacy, the collaborative challenges that arise when attempting to prioritize privacy in team settings with developers, product managers, and other stakeholders, and the adaptive strategies designers use to navigate tensions between privacy goals, business objectives, team dynamics, and technical development. The paper concludes with implications for user-centered support of privacy-aware design, organizational changes, designer-centric tools, and community building.

Significance. If the themes hold after methodological strengthening, the work usefully extends privacy research in HCI beyond its predominant focus on developers by documenting designers' advocacy practices and team-based negotiations. The emphasis on collaborative challenges and adaptive methods is a concrete contribution that could inform practical interventions, though the purposive sample restricts the scope of any general recommendations.

major comments (2)
  1. [Methods] Methods: The manuscript provides no details on the recruitment channels, screening criteria, participant demographics (beyond the privacy-advocacy filter), interview protocol, or the thematic analysis process (e.g., codebook development, saturation criteria, or how quotes were selected). These omissions are load-bearing because the central claims about personal/contextual factors, collaborative challenges, and navigation strategies rest entirely on the interpretive steps applied to the 12 transcripts.
  2. [Findings and Discussion] Findings and Discussion: The reported themes and implications for organizational changes and designer-centric tools are derived exclusively from a purposive sample of self-identified privacy advocates. The manuscript does not present evidence or discussion of how these patterns might differ (or be absent) among designers who do not prioritize privacy, which directly limits the defensibility of extrapolating the observed tensions and adaptations to typical UI/UX practice.
minor comments (1)
  1. [Abstract] Abstract: The claim that the study 'reveals how personal and contextual factors shape designers' value of privacy' would be clearer if the abstract briefly noted the sample's advocacy orientation rather than presenting the findings as broadly representative of designers.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on methodological transparency and the scope of our claims. We address each major comment below and will revise the manuscript accordingly.

read point-by-point responses

  1. Referee: [Methods] Methods: The manuscript provides no details on the recruitment channels, screening criteria, participant demographics (beyond the privacy-advocacy filter), interview protocol, or the thematic analysis process (e.g., codebook development, saturation criteria, or how quotes were selected). These omissions are load-bearing because the central claims about personal/contextual factors, collaborative challenges, and navigation strategies rest entirely on the interpretive steps applied to the 12 transcripts.

    Authors: We agree that the current Methods section lacks necessary detail for transparency and replicability. In the revised manuscript we will expand it to describe: recruitment channels (LinkedIn groups, design Slack communities, and privacy-focused forums), screening criteria (self-identification as privacy advocates plus minimum years of professional experience), a full demographics table, the complete semi-structured interview guide with example questions, and the thematic analysis procedure including iterative codebook development, saturation criteria, and rationale for quote selection. These additions directly address the load-bearing concern. revision: yes

  2. Referee: [Findings and Discussion] Findings and Discussion: The reported themes and implications for organizational changes and designer-centric tools are derived exclusively from a purposive sample of self-identified privacy advocates. The manuscript does not present evidence or discussion of how these patterns might differ (or be absent) among designers who do not prioritize privacy, which directly limits the defensibility of extrapolating the observed tensions and adaptations to typical UI/UX practice.

    Authors: The study was deliberately designed with a purposive sample of privacy advocates to surface the specific practices, values, and negotiation strategies of designers who actively work beyond legal minimums; this focus is stated in the abstract, introduction, and research questions. We do not claim generalizability to all UI/UX designers. In revision we will add an explicit Limitations subsection that (a) reiterates the purposive nature of the sample, (b) notes the absence of comparative data from non-advocates, and (c) frames the implications for tools and organizational change as supports that could amplify advocacy rather than universal prescriptions. Future comparative work is identified as needed. revision: partial

Circularity Check

0 steps flagged

No circularity: claims derive directly from interview data

full rationale

This is a qualitative interview study with no equations, parameters, predictions, or derivations. The central claims about designers' privacy values, collaborative challenges, and navigation of tensions are presented as emerging from thematic analysis of the 12 semi-structured interviews. No step reduces by construction to a fitted input, self-citation chain, or renamed ansatz; the paper is self-contained against its own described data collection and analysis process.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on standard assumptions of qualitative research: that semi-structured interviews capture authentic perceptions and that thematic analysis yields transferable insights about design practice.

axioms (1)
  • domain assumption UI/UX designers hold primary responsibility for shaping privacy outcomes through collaboration with other stakeholders
    Stated directly in the abstract as the premise for focusing on designers rather than developers alone.

pith-pipeline@v0.9.0 · 5521 in / 1176 out tokens · 51936 ms · 2026-05-08T02:02:47.060353+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

53 extracted references · 45 canonical work pages

  1. [1]

    Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy , Vol. 1, No. 1, Article . Publication date: April 2026. 16 Keyu Yao, Jinghui Cheng, and Jin L.C. Guo Nudging. InProceedings of the 3...

    work page doi:10.1145/2702123.2702210 2015

  2. [2]

    Vinícius Camargo Andrade, Rhodrigo Deda Gomes, Sheila Reinehr, Cinthia Obladen De Almendra Freitas, and Andreia Malucelli. 2023. Privacy by Design and Software Engineering: a Systematic Literature Review. InProceedings of the XXI Brazilian Symposium on Software Quality(Curitiba, Brazil)(SBQS ’22). Association for Computing Machinery, New York, NY, USA, Ar...

    work page doi:10.1145/3571473.3571480 2023

  3. [3]

    Florian Bemmann, Helena Stoll, and Sven Mayer. 2024. Privacy Slider: Fine-Grain Privacy Control for Smartphones. Proc. ACM Hum.-Comput. Interact.8, MHCI, Article 272 (Sept. 2024), 31 pages. doi:10.1145/3676519

    work page doi:10.1145/3676519 2024

  4. [4]

    Alexander Bleier, Avi Goldfarb, and Catherine Tucker. 2020. Consumer privacy and the future of data-based innovation and marketing.International Journal of Research in Marketing37, 3 (2020), 466–480. doi:10.1016/j.ijresmar.2020.03.006

    work page doi:10.1016/j.ijresmar.2020.03.006 2020

  5. [5]

    2021.Thematic analysis

    Virginia Braun and Victoria Clarke. 2021.Thematic analysis. SAGE Publications, London, England

    2021

  6. [6]

    Office of the Attorney General California Department of Justice. 2024. California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa. Accessed: 2024-03-13

    2024

  7. [7]

    Evan Caragay, Katherine Xiong, Jonathan Zong, and Daniel Jackson. 2024. Beyond Dark Patterns: A Concept-Based Framework for Ethical Software Design. InProceedings of the 2024 CHI Conference on Human Factors in Computing Systems(Honolulu, HI, USA)(CHI ’24). Association for Computing Machinery, New York, NY, USA, Article 291, 16 pages. doi:10.1145/3613904.3642781

    work page doi:10.1145/3613904.3642781 2024

  8. [8]

    George Chalhoub and Ivan Flechais. 2022. Data Protection at a Discount: Investigating the UX of Data Protection from User, Designer, and Business Leader Perspectives.Proc. ACM Hum.-Comput. Interact.6, CSCW2, Article 436 (Nov. 2022), 36 pages. doi:10.1145/3555537

    work page doi:10.1145/3555537 2022

  9. [9]

    Pivonka, and Jingning Chen

    Shruthi Sai Chivukula, Colin Gray, Ziqing Li, Anne C. Pivonka, and Jingning Chen. 2024. Surveying a Landscape of Ethics-Focused Design Methods.ACM J. Responsib. Comput.1, 3, Article 22 (Sept. 2024), 32 pages. doi:10.1145/3678988

    work page doi:10.1145/3678988 2024

  10. [10]

    Shruthi Sai Chivukula, Chris Rhys Watkins, Rhea Manocha, Jingle Chen, and Colin M. Gray. 2020. Dimensions of UX Practice that Shape Ethical Awareness. InProceedings of the 2020 CHI Conference on Human Factors in Computing Systems(Honolulu, HI, USA)(CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–13. doi:10.1145/ 3313831.3376459

    work page arXiv 2020

  11. [11]

    Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A Critical Analysis of Privacy Design Strategies. In2016 IEEE Security and Privacy Workshops (SPW). IEEE Computer Society, 33–40. doi:10.1109/SPW.2016.23

    work page doi:10.1109/spw.2016.23 2016

  12. [12]

    2023.Bill C-27: Consumer Privacy Protection Act

    Department of Justice Canada. 2023.Bill C-27: Consumer Privacy Protection Act. Technical Report. Government of Canada. https://www.justice.gc.ca/eng/csj-sjc/pl/charter-charte/c27_1.html

    2023

  13. [13]

    Verena Distler, Gabriele Lenzini, Carine Lallemand, and Vincent Koenig. 2021. The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely. InProceedings of the New Security Paradigms Workshop 2020 (Online, USA)(NSPW ’20). Association for Computing Machinery, New York, NY, USA, 45–58. doi:10.1145/3442167. 3442173

    work page doi:10.1145/3442167 2021

  14. [14]

    European Parliament and Council of the European Union. 2016. General Data Protection Regulation. https://gdpr- info.eu

    2016

  15. [15]

    Batya Friedman. 1996. Value-sensitive design.interactions3, 6 (1996), 16–23

    1996

  16. [16]

    Gray and Shruthi Sai Chivukula

    Colin M. Gray and Shruthi Sai Chivukula. 2019. Ethical Mediation in UX Practice. InProceedings of the 2019 CHI Conference on Human Factors in Computing Systems(Glasgow, Scotland Uk)(CHI ’19). Association for Computing Machinery, New York, NY, USA, 1–11. doi:10.1145/3290605.3300408

    work page doi:10.1145/3290605.3300408 2019

  17. [17]

    Asshole Designers

    Colin M. Gray, Shruthi Sai Chivukula, and Ahreum Lee. 2020. What Kind of Work Do "Asshole Designers" Create? Describing Properties of Ethical Concern on Reddit. InProceedings of the 2020 ACM Designing Interactive Systems Conference(Eindhoven, Netherlands)(DIS ’20). Association for Computing Machinery, New York, NY, USA, 61–73. doi:10.1145/3357236.3395486

    work page doi:10.1145/3357236.3395486 2020

  18. [18]

    Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L

    Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs. 2018. The Dark (Patterns) Side of UX Design. InProceedings of the 2018 CHI Conference on Human Factors in Computing Systems(Montreal QC, Canada)(CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–14. doi:10.1145/3173574.3174108

    work page doi:10.1145/3173574.3174108 2018

  19. [19]

    Johanna Gunawan, Amogh Pradeep, David Choffnes, Woodrow Hartzog, and Christo Wilson. 2021. A Comparative Study of Dark Patterns Across Web and Mobile Modalities.Proc. ACM Hum.-Comput. Interact.5, CSCW2, Article 377 (Oct. 2021), 29 pages. doi:10.1145/3479521

    work page doi:10.1145/3479521 2021

  20. [20]

    Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2018. Privacy by designers: software developers’privacy mindset.Empirical Software Engineering23, 1 (2018), 259–289. doi:10.1007/s10664-017-9517-1

    work page doi:10.1007/s10664-017-9517-1 2018

  21. [21]

    Those things are written by lawyers, and programmers are reading that

    Stefan Albert Horstmann, Samuel Domiks, Marco Gutfleisch, Mindy Tran, Yasemin Acar, Veelasha Moonsamy, and Alena Naiakshina. 2024. “Those things are written by lawyers, and programmers are reading that. ” Mapping the Communication Gap Between Software Developers and Privacy Experts.Proc. Priv. Enhancing Technol.2024, 1 (2024), 151–170. doi:10.56553/POPETS...

    work page doi:10.56553/popets-2024-0010 2024

  22. [22]

    Alexander Jones and Volker Thoma and. 2019. Determinants for Successful Agile Collaboration between UX Designers and Software Developers in a Complex Organisation.International Journal of Human–Computer Interaction35, 20 (2019), 1914–1935. doi:10.1080/10447318.2019.1587856

    work page doi:10.1080/10447318.2019.1587856 2019

  23. [23]

    Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon.Computers & Security64 (2017), 122–134. doi:10.1016/j.cose.2015.07.002

    work page doi:10.1016/j.cose.2015.07.002 2017

  24. [24]

    David Leimstädtner, Peter Sörries, and Claudia Müller-Birn. 2023. Investigating Responsible Nudge Design for Informed Decision-Making Enabling Transparent and Reflective Decision-Making. InProceedings of Mensch Und Computer 2023(Rapperswil, Switzerland)(MuC ’23). Association for Computing Machinery, New York, NY, USA, 220–236. doi:10.1145/3603555.3603567

    work page doi:10.1145/3603555.3603567 2023

  25. [25]

    Germán Leiva, Nolwenn Maudet, Wendy Mackay, and Michel Beaudouin-Lafon. 2019. Enact: Reducing De- signer–Developer Breakdowns When Prototyping Custom Interactions.ACM Trans. Comput.-Hum. Interact.26, 3, Article 19 (May 2019), 48 pages. doi:10.1145/3310276

    work page doi:10.1145/3310276 2019

  26. [26]

    Lanjing Liu, Xiaozheng Wang, Shaddi Hasan, and Yaxing Yao. 2025. Co-Design Privacy Notice and Controls with Children. InProceedings of the Extended Abstracts of the CHI Conference on Human Factors in Computing Systems (CHI EA ’25). Association for Computing Machinery, New York, NY, USA, Article 137, 7 pages. doi:10.1145/3706599.3719886

    work page doi:10.1145/3706599.3719886 2025

  27. [27]

    Yuwen Lu, Chao Zhang, Yuewen Yang, Yaxing Yao, and Toby Jia-Jun Li. 2024. From Awareness to Action: Exploring End-User Empowerment Interventions for Dark Patterns in UX.Proc. ACM Hum.-Comput. Interact.8, CSCW1, Article 59 (April 2024), 41 pages. doi:10.1145/3637336

    work page doi:10.1145/3637336 2024

  28. [28]

    Mathur, G

    Arunesh Mathur, Gunes Acar, Michael J. Friedman, Eli Lucherini, Jonathan Mayer, Marshini Chetty, and Arvind Narayanan. 2019. Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites.Proc. ACM Hum.-Comput. Interact.3, CSCW, Article 81 (Nov. 2019), 32 pages. doi:10.1145/3359183

    work page doi:10.1145/3359183 2019

  29. [29]

    Arunesh Mathur, Mihir Kshirsagar, and Jonathan Mayer. 2021. What Makes a Dark Pattern... Dark? Design Attributes, Normative Considerations, and Measurement Methods. InProceedings of the 2021 CHI Conference on Human Factors in Computing Systems(Yokohama, Japan)(CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 360, 18 pages. doi:10....

    work page doi:10.1145/3411764.3445610 2021

  30. [30]

    Nick Merrill. 2020. Security Fictions: Bridging Speculative Design and Computer Security. InProceedings of the 2020 ACM Designing Interactive Systems Conference(Eindhoven, Netherlands)(DIS ’20). Association for Computing Machinery, New York, NY, USA, 1727–1735. doi:10.1145/3357236.3395451

    work page doi:10.1145/3357236.3395451 2020

  31. [31]

    Arvind Narayanan, Arunesh Mathur, Marshini Chetty, and Mihir Kshirsagar. 2020. Dark Patterns: Past, Present, and Future: The evolution of tricky user interfaces.Queue18, 2 (May 2020), 67–92. doi:10.1145/3400899.3400901

    work page doi:10.1145/3400899.3400901 2020

  32. [32]

    Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal. 2020. Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence. InProceedings of the 2020 CHI Conference on Human Factors in Computing Systems(Honolulu, HI, USA)(CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–13. doi:10.1145/...

    work page doi:10.1145/3313831.3376321 2020

  33. [33]

    Leysan Nurgalieva, Alisa Frik, and Gavin Doherty. 2023. A Narrative Review of Factors Affecting the Implementation of Privacy and Security Practices in Software Development.ACM Comput. Surv.55, 14s, Article 320 (July 2023), 27 pages. doi:10.1145/3589951

    work page doi:10.1145/3589951 2023

  34. [34]

    Hernan Palombo, Armin Ziaie Tabari, Daniel Lende, Jay Ligatti, and Xinming Ou. 2020. An ethnographic understanding of software (in) security and a co-creation model to improve secure software development. InProceedings of the Sixteenth USENIX Conference on Usable Privacy and Security (SOUPS’20). USENIX Association, USA, Article 12, 16 pages. https://dl.ac...

    work page doi:10.5555/3488905.3488917 2020

  35. [35]

    Markatos

    Emmanouil Papadogiannakis, Panagiotis Papadopoulos, Nicolas Kourtellis, and Evangelos P. Markatos. 2021. User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users. InProceedings of the Web Con- ference 2021(Ljubljana, Slovenia)(WWW ’21). Association for Computing Machinery, New York, NY, USA, 2130–2141. doi:10.1145/3442381.3450056

    work page doi:10.1145/3442381.3450056 2021

  36. [36]

    It doesn’t just feel like something a lawyer slapped together

    Rizu Paudel, Ankit Shrestha, Prakriti Dumaru, and Mahdi Nasrullah Al-Ameen. 2023. "It doesn’t just feel like something a lawyer slapped together. " Mental-Model-Based Privacy Policy for Third-Party Applications on Facebook. InCompanion Publication of the 2023 Conference on Computer Supported Cooperative Work and Social Computing (Minneapolis, MN, USA)(CSC...

    work page doi:10.1145/3584931.3606962 2023

  37. [37]

    Maxwell Prybylo, Sara Haghighi, Sai Teja Peddinti, and Sepideh Ghanavati. 2024. Evaluating Privacy Perceptions, Expe- rience, and Behavior of Software Development Teams. InTwentieth Symposium on Usable Privacy and Security (SOUPS 2024). USENIX Association, Philadelphia, PA, 101–120. https://www.usenix.org/conference/soups2024/presentation/ prybylo

    2024

  38. [38]

    Robillard, Deeksha M

    Martin P. Robillard, Deeksha M. Arya, Neil A. Ernst, Jin L. C. Guo, Maxime Lamothe, Mathieu Nassif, Nicole Novielli, Alexander Serebrenik, Igor Steinmacher, and Klaas-Jan Stol. 2024. Communicating Study Design Trade-offs in Software Engineering.ACM Trans. Softw. Eng. Methodol.33, 5, Article 112 (June 2024), 10 pages. doi:10.1145/3649598 , Vol. 1, No. 1, A...

    work page doi:10.1145/3649598 2024

  39. [39]

    Lorena Sánchez Chamorro, Kerstin Bongard-Blanchy, and Vincent Koenig. 2023. Ethical Tensions in UX Design Practice: Exploring the Fine Line Between Persuasion and Manipulation in Online Interfaces. InProceedings of the 2023 ACM Designing Interactive Systems Conference(Pittsburgh, PA, USA)(DIS ’23). Association for Computing Machinery, New York, NY, USA, 2...

    work page doi:10.1145/3563657.3596013 2023

  40. [40]

    Lingareddy, and Marshini Chetty

    Brennan Schaffner, Neha A. Lingareddy, and Marshini Chetty. 2022. Understanding Account Deletion and Relevant Dark Patterns on Social Media.Proc. ACM Hum.-Comput. Interact.6, CSCW2, Article 417 (Nov. 2022), 43 pages. doi:10.1145/3555142

    work page doi:10.1145/3555142 2022

  41. [41]

    Varun Shiri, Maggie Xiong, Jinghui Cheng, and Jin L.C. Guo. 2024. Motivating Users to Attend to Privacy: A Theory- Driven Design Study. InProceedings of the 2024 ACM Designing Interactive Systems Conference(Copenhagen, Denmark) (DIS ’24). Association for Computing Machinery, New York, NY, USA, 258–275. doi:10.1145/3643834.3661544

    work page doi:10.1145/3643834.3661544 2024

  42. [42]

    Nivedita Singh, Yejin Do, Yongsang Yu, Imane Fouad, Jungrae Kim, and Hyoungshick Kim. 2025. Crumbled Cookies: Exploring E-commerce Websites’ Cookie Policies with Data Protection Regulations.ACM Trans. Web19, 1, Article 5 (Jan. 2025), 24 pages. doi:10.1145/3708515

    work page doi:10.1145/3708515 2025

  43. [43]

    Nurse, and Helena Webb

    Sean Sirur, Jason R.C. Nurse, and Helena Webb. 2018. Are We There Yet? Understanding the Challenges Faced in Complying with the General Data Protection Regulation (GDPR). InProceedings of the 2nd International Workshop on Multimedia Privacy and Security(Toronto, Canada)(MPS ’18). Association for Computing Machinery, New York, NY, USA, 88–95. doi:10.1145/3...

    work page doi:10.1145/3267357.3267368 2018

  44. [44]

    Daniel J. Solove. 2020. The Myth of the Privacy Paradox.SSRN Electronic Journal(2020). doi:10.2139/ssrn.3536265

    work page doi:10.2139/ssrn.3536265 2020

  45. [45]

    Secure Software Development Framework (SSDF) Version 1.1,

    Murugiah Souppaya, Karen Scarfone, and Donna Dodson. 2022.Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. Technical Report SP 800-218. National Institute of Standards and Technology (NIST). https://doi.org/10.6028/NIST.SP.800-218 Supersedes: CSWP 13 (04/23/2020)

    work page doi:10.6028/nist.sp.800-218 2022

  46. [46]

    Sarah Spiekermann. 2012. The challenges of privacy by design.Commun. ACM55, 7 (July 2012), 38–40. doi:10.1145/ 2209249.2209263

    work page arXiv 2012

  47. [47]

    Karen M Staller. 2021. Big enough? Sampling in qualitative inquiry.Qualitative Social Work20, 4 (2021), 897–904. doi:10.1177/14733250211024516

    work page doi:10.1177/14733250211024516 2021

  48. [48]

    Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges. InProceedings of the 2021 CHI Conference on Human Factors in Computing Systems(Yokohama, Japan)(CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 693, 15 pages. doi:10.1145/3411764.3445768

    work page doi:10.1145/3411764.3445768 2021

  49. [49]

    2021.Industry unbound: The inside story of privacy, data, and corporate power

    Ari Ezra Waldman. 2021.Industry unbound: The inside story of privacy, data, and corporate power. Cambridge University Press

    2021

  50. [50]

    Wong, Andrew Chong, and R

    Richmond Y. Wong, Andrew Chong, and R. Cooper Aspegren. 2023. Privacy Legislation as Business Risks: How GDPR and CCPA are Represented in Technology Companies’ Investment Risk Disclosures.Proc. ACM Hum.-Comput. Interact. 7, CSCW1, Article 82 (April 2023), 26 pages. doi:10.1145/3579515

    work page doi:10.1145/3579515 2023

  51. [51]

    Bo Zhang and Heng Xu. 2016. Privacy Nudges for Mobile Applications: Effects on the Creepiness Emotion and Privacy Attitudes. InProceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing (San Francisco, California, USA)(CSCW ’16). Association for Computing Machinery, New York, NY, USA, 1676–1690. doi:10.1145/2818048.2820073

    work page doi:10.1145/2818048.2820073 2016

  52. [52]

    Leah Zhang-Kennedy, Maxwell Keleher, and Michaela Valiquette. 2024. Navigating the Gray: Design Practitioners’ Perceptions Toward the Implementation of Privacy Dark Patterns.Proc. ACM Hum.-Comput. Interact.8, CSCW1, Article 97 (April 2024), 26 pages. doi:10.1145/3637374

    work page doi:10.1145/3637374 2024

  53. [53]

    Shoshana Zuboff. 2023. The age of surveillance capitalism. InSocial theory re-wired. Routledge, 203–213. , Vol. 1, No. 1, Article . Publication date: April 2026

    2023