Privacy code review is a critical process that enables developers and legal experts to ensure compliance with data protection regulations. However, the task is challenging due to resource constraints. To address this, we introduce the concept of privacy-relevant methods - specific methods in code that are directly involved in the processing of personal data. We then present an automated approach to assist in code review by identifying and categorizing these privacy-relevant methods in source code. Using static analysis, we identify a set of methods based on their occurrences in 50 commonly used libraries. We then rank these methods according to their frequency of invocation with actual personal data in the top 30 GitHub applications. The highest-ranked methods are the ones we designate as privacy-relevant in practice. For our evaluation, we examined 100 open-source applications and found that our approach identifies fewer than 5% of the methods as privacy-relevant for personal data processing. This reduces the time required for code reviews. Case studies on Signal Desktop and Cal.com further validate the effectiveness of our approach in aiding code reviewers to produce enhanced reports that facilitate compliance with privacy regulations.

翻译：隐私代码审查是一个关键流程，使开发者和法律专家能够确保障数据保护法规的合规性。然而，由于资源限制，这一任务颇具挑战性。为解决此问题，我们引入了隐私相关方法的概念——即代码中直接参与个人数据处理的特定方法。随后，我们提出了一种自动化方法，通过识别和分类源代码中的这些隐私相关方法来辅助代码审查。利用静态分析，我们根据这些方法在50个常用库中的出现情况识别出一组方法。接着，我们根据这些方法在前30个GitHub应用程序中与实际个人数据一起被调用的频率进行排序。排名最高的方法即为我们在实践中认定为隐私相关的方法。在评估中，我们检查了100个开源应用程序，发现我们的方法仅将其中不到5%的方法识别为与个人数据处理相关的隐私方法。这减少了代码审查所需的时间。对Signal Desktop和Cal.com的案例研究进一步验证了我们的方法在帮助代码审查者生成增强报告、促进隐私法规合规性方面的有效性。