At first glance, research based on mining software repositories (MSR) does not seem to be linked with privacy concerns. But when you analyze common MSR-related activities in some detail, privacy issues arise, even in the case of mining public data. GDPR (European Union General Data Protection Regulation), CCPA (California Consumer Privacy Act) and other international regulations on privacy may affect researchers dealing with personal data. Even if the data is public. Even if it was uploaded by individuals themselves, with perfect knowledge about what they were doing. Even if the researcher is in a different country of those enacting the regulations.

This talk will explain which research activities related to MSR are potentially of concern with respect to privacy issues, to which extent researchers should be concerned, and how we should deal with those concerns to ensure we minimize the potential legal and ethical effects.