Since the introduction of the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), software developers increasingly have to make privacy-related decisions during system design and implementation. However, past research showed that they often lack legal expertise and struggle with privacy-compliant development. To shed light on how effective current information sources are in supporting them with privacy-sensitive implementation, we conducted a qualitative study with 30 developers. Participants were presented with a privacy-sensitive scenario and asked to identify privacy issues and suggest measures using their knowledge, online resources, and an AI assistant. We observed developers' decision-making in think-aloud sessions and discussed it in follow-up interviews. We found that participants struggled with all three sources: personal knowledge was insufficient, web content was often too complex, and while AI assistants provided clear and user-tailored responses, they lacked contextual relevance and failed to identify scenario-specific issues. Our study highlights major shortcomings in existing support for privacy-related development tasks. Based on our findings, we discuss the need for more accessible, understandable, and actionable privacy resources for developers.

翻译：自欧洲《通用数据保护条例》（GDPR）和《加州消费者隐私法案》（CCPA）实施以来，软件开发者在系统设计与实现过程中越来越多地需要做出与隐私相关的决策。然而，既往研究表明，他们往往缺乏法律专业知识，在实现隐私合规开发方面面临困难。为阐明当前信息源在支持隐私敏感实现方面的有效性，我们对30名开发者开展了一项定性研究。参与者被给予一个隐私敏感场景，并被要求运用自身知识、在线资源及AI助手来识别隐私问题并提出应对措施。我们通过有声思维会话观察了开发者的决策过程，并在后续访谈中进行了讨论。研究发现，参与者在所有三种信息源上都遇到困难：个人知识储备不足，网络内容通常过于复杂，而AI助手虽能提供清晰且针对用户定制的回答，却缺乏情境相关性，未能识别出场景特有的问题。本研究揭示了现有隐私相关开发任务支持机制存在的主要缺陷。基于研究结果，我们讨论了为开发者提供更易获取、易于理解且具备可操作性的隐私资源的必要性。