Exploring privacy requirements gap between developers and end users

Context: Privacy policies document the privacy requirements guiding developers. Though privacy policies analysis has drawn increasing attention recently, how end users perceive privacy requirements has been less explored.Objective: We empirically explore the privacy requirements gap between developers and end users to derive beneficial insights into users' privacy concerns to support maintenance.Method: We present a semi-automatic privacy requirements gap analysis framework based on text mining including information retrieval, topic modeling, and computational linguistic techniques. Results: The preliminary results of applying our framework to Facebook show that: (1) topic comparison reveals that both privacy related reviews and policy statements involve privacy requirements types of collection, usage, and disclosure as well as account security. The retention requirements are almost not mentioned in reviews as they are hard to be directly perceived; (2) content comparisons reveal that though overlapping with the privacy policy statements, reviews are more general, informal, and negative in wording.Conclusion: The illustrative example with Facebook demonstrates the potential usage of our framework in informing software maintenance, e.g., privacy relevant testing and privacy policy refinement.