Abstract
Users have the right to know how their software works, what data it collects about them and how this data is used. This is a legal requirement under General Data Protection Regulation (GDPR) and fosters users’ trust in the system. Transparency, when used correctly, is a tool to achieve this. The adoption of agile approaches, focused on coding and rapidly evolving functionality in situations where requirements are unclear or fast changing, poses new problems for the systematic elicitation and implementation of transparency requirements which are driven by, but lag behind, the functionality. We propose requirements patterns addressing GDPR’s principle of transparency by default, i.e., through a systematic and structured approach based on the artefacts of agile development. We present a case study using a SCRUM process to demonstrate the effectiveness and usability of the patterns.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1.
- 2.
Ibid., Art. 12(1).
- 3.
Ibid., Art. 15(1)(a).
- 4.
Ibid., Art. 13(1)(c) and Art. 14(1)(c).
- 5.
Ibid., Art. 19.
- 6.
- 7.
Even though the task of eliciting and analysing requirements can be assigned to different roles depending on the specific development process, in our context the distinction between such roles is not relevant. For example, in agile processes the product owner is responsible for requirements elicitation, but the scrum master and scrum team are involved in requirements analysis.
- 8.
GDPR, Art. 5(1)(c).
- 9.
- 10.
- 11.
- 12.
References
Cappelli, C., Leite, J.: Software transparency. Bus. Inf. Syst. Eng. 2, 127–139 (2010). https://doi.org/10.1007/s12599-010-0102-z
Drury, M., Conboy, K., Power, K.: Obstacles to decision making in agile software development teams. J. Syst. Softw. 85(6), 1239–1254 (2012)
Eberlein, A., Leite, J.: Agile requirements definition: a view from requirements engineering. In: Proceedings of the International Workshop on Time-Constrained Requirements Engineering, pp. 4–8 (2002)
Erickson, J., Lyytinen, K., Siau, K.: Agile modeling, agile software development, and extreme programming: the state of research. J. Database Manag. (JDM) 16(4), 88–100 (2005)
Herrnfeld, H.H.: Article 67 data protection by design and by default. In: European Public Prosecutor’s Office, pp. 513–514. Nomos Verlagsgesellschaft mbH & Co. KG (2020)
Hoffmann, A., Söllner, M., Hoffmann, H., Leimeister, J.M.: Towards trust-based software requirement patterns. In: 2nd IEEE International Workshop on Requirements Patterns, pp. 7–11. IEEE (2012)
Hosseini, M., Shahri, A., Phalp, K., Ali, R.: Foundations for transparency requirements engineering. In: Daneva, M., Pastor, O. (eds.) REFSQ 2016. LNCS, vol. 9619, pp. 225–231. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30282-9_15
Hosseini, M., Shahri, A., Phalp, K., Ali, R.: A modelling language for transparency requirements in business information systems. In: Nurcan, S., Soffer, P., Bajec, M., Eder, J. (eds.) CAiSE 2016. LNCS, vol. 9694, pp. 239–254. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39696-5_15
Kim, D.J., Ferrin, D.L., Rao, H.R.: A trust-based consumer decision-making model in electronic commerce: the role of trust, perceived risk, and their antecedents. Decis. Support Syst. 44(2), 544–564 (2008)
Kizilcec, R.F.: How much information? Effects of transparency on trust in an algorithmic interface. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 2390–2395 (2016)
Loizides, F., Winckler, M., Chatterjee, U., Abdelnour-Nocera, J., Parmaxi, A.: Human Computer Interaction and Emerging Technologies: Workshop Proceedings from the INTERACT 2019 Workshops. Cardiff University Press (2020)
Meis, R., Heisel, M.: Computer-aided identification and validation of privacy requirements. Information 7(2), 28 (2016)
Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_15
Moyano, F., Fernandez-Gago, C., Lopez, J.: Building trust and reputation in: a development framework for trust models implementation. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 113–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38004-4_8
Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)
Murmann, P., Karegar, F.: From design requirements to effective privacy notifications: empowering users of online services to make informed decisions. Int. J. Hum.-Comput. Interact. 1–26 (2021)
Palomares Bonache, C.: Definition and use of software requirement patterns in requirements engineering activities. In: Proceedings of REFSQ 2011 Workshops, REFSQ 2011 Empirical Track, and REFSQ 2014 Doctoral Symposium, pp. 60–66 (2014)
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)
GSMA Mobile Privacy: Consumer research insights and considerations for policymakers (2014)
Rossi, A., Lenzini, G.: Transparency by design in data-informed research: a collection of information design patterns. Comput. Law Secur. Rev. 37, 105402 (2020)
Schwab, K., Marcus, A., Oyola, J., Hoffman, W., Luzi, M.: Personal data: the emergence of a new asset class. In: An Initiative of the World Economic Forum (2011)
Söllner, M., Hoffmann, A., Hoffmann, H., Leimeister, J.M.: How to use behavioral research insights on trust for HCI system design. In: CHI 2012 Extended Abstracts on Human Factors in Computing Systems, pp. 1703–1708. ACM (2012)
Verizon Enterprise Solutions: Verizon 2014 data breach investigations report. verizon.com (2016)
Spagnuelo, D., Bartolini, C., Lenzini, G.: Qualifying and measuring transparency: a medical data system case study. Comput. Secur. 91, 101717 (2020)
Spagnuelo, D., Ferreira, A., Lenzini, G.: Transparency enhancing tools and the GDPR: do they match? In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2019. CCIS, vol. 1221, pp. 162–185. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-49443-8_8
Tu, Y.-C., Tempero, E., Thomborson, C.: An experiment on the impact of transparency on the effectiveness of requirements documents. Empir. Softw. Eng. 21(3), 1035–1066 (2015). https://doi.org/10.1007/s10664-015-9374-8
Turilli, M., Floridi, L.: The ethics of information transparency. Ethics Inf. Technol. 11(2), 105–112 (2009). https://doi.org/10.1007/s10676-009-9187-9
Withall, S.: Software Requirement Patterns. Pearson Education (2007)
Zhu, K.: Information transparency in electronic marketplaces: why data transparency may hinder the adoption of B2B exchanges. Electron. Mark. 12(2), 92–99 (2002)
Acknowledgement
The research is supported by University of Leicester. We also would like to thank Dr Mahmood Hosseini for the valuable input and Spirit Healthcare team for their collaboration, experience.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zieni, B., Spagnuelo, D., Heckel, R. (2021). Transparency by Default: GDPR Patterns for Agile Development. In: Kö, A., Francesconi, E., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2021. Lecture Notes in Computer Science(), vol 12926. Springer, Cham. https://doi.org/10.1007/978-3-030-86611-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-86611-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86610-5
Online ISBN: 978-3-030-86611-2
eBook Packages: Computer ScienceComputer Science (R0)