Data Privacy in Software Practice: Brazilian Developers' Perspectives

Data privacy is an essential principle of information security, aimed at protecting sensitive data from unauthorized access and information leaks. As software systems advance, the volume of personal information also grows exponentially. Therefore, incorporating privacy engineering practices during development is vital to ensure data integrity, confidentiality, and compliance with legal regulations, such as the General Data Protection Regulation (GDPR). However, there is a gap in understanding developers' awareness of data privacy, their perceptions of the implementation of privacy strategies, and the influence of organizational factors on this adoption. Thus, this paper aims to explore the level of awareness among Brazilian developers regarding data privacy and their perceptions of the implementation strategies adopted to ensure data privacy. Additionally, we seek to understand how organizational factors influence the adoption of data privacy practices. To this end, we surveyed 88 Brazilian developers with privacy-related work experience. We got 21 statements grouped into three topics to measure the Brazilian developers' awareness of data privacy in software. Our statistical analysis reveals substantial gaps between groups, e.g., developers have Direct v.s. Indirect data privacy-related work experience. We also reveal some data privacy strategies, e.g., Encryption, are both widely used and perceived as highly important, others, such as Turning off data collection, highlight strategies where ease of use does not necessarily lead to widespread adoption. Finally, we identified that the absence of dedicated privacy teams correlates with a lower perceived priority and less investment in tools. Even in organizations that recognize the importance of privacy. Our findings offer insights into how Brazilian developers perceive and implement data privacy practices, emphasizing the critical role organizational culture plays in decision-making regarding privacy. We hope that our findings will contribute to improving privacy practices within the software development community, particularly in contexts similar to Brazil. (AU)