As part of my ongoing research into privacy engineering, I am currently developing a prototype pipeline called the Privacy-SATD Miner. Note: This is an active work-in-progress prototype and is not yet finished.
Privacy as Code
Self-Admitted Technical Debt (SATD) occurs when developers leave comments indicating suboptimal implementation or “hacks” in the codebase. My project adapts the latest MSR 2024 SATD methodologies to specifically detect and analyze privacy-related technical debt in open-source repositories.
The goal is to map these identified technical debts directly to GDPR compliance requirements, bridging the gap between raw developer comments and legal regulatory frameworks.
Infrastructure and Workflow
The prototype currently utilizes a modular, ML-ready infrastructure built on Conda and Python. I’ve designed a validation workflow integrated with Label Studio to enforce dual-annotator verification, ensuring the dataset we build is of high academic quality for future machine learning models.
You can check out the ongoing development on my GitHub repository here: Privacy-SATD.