Skip to main content
SpringerLink
Log in

Transparency by Default: GDPR Patterns for Agile Development

  • Conference paper
  • First Online:
Electronic Government and the Information Systems Perspective (EGOVIS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12926))

Abstract

Users have the right to know how their software works, what data it collects about them and how this data is used. This is a legal requirement under General Data Protection Regulation (GDPR) and fosters users’ trust in the system. Transparency, when used correctly, is a tool to achieve this. The adoption of agile approaches, focused on coding and rapidly evolving functionality in situations where requirements are unclear or fast changing, poses new problems for the systematic elicitation and implementation of transparency requirements which are driven by, but lag behind, the functionality. We propose requirements patterns addressing GDPR’s principle of transparency by default, i.e., through a systematic and structured approach based on the artefacts of agile development. We present a case study using a SCRUM process to demonstrate the effectiveness and usability of the patterns.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1.

  2. 2.

    Ibid., Art. 12(1).

  3. 3.

    Ibid., Art. 15(1)(a).

  4. 4.

    Ibid., Art. 13(1)(c) and Art. 14(1)(c).

  5. 5.

    Ibid., Art. 19.

  6. 6.

    https://github.com/Bara60/Supplementary-info-Transparency.git.

  7. 7.

    Even though the task of eliciting and analysing requirements can be assigned to different roles depending on the specific development process, in our context the distinction between such roles is not relevant. For example, in agile processes the product owner is responsible for requirements elicitation, but the scrum master and scrum team are involved in requirements analysis.

  8. 8.

    GDPR, Art. 5(1)(c).

  9. 9.

    https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.

  10. 10.

    http://www.planalto.gov.br/ccivil_03/_Ato2015-2018/2018/Lei/L13709compilado.htm.

  11. 11.

    https://oag.ca.gov/privacy/ccpa.

  12. 12.

    https://www.ppc.go.jp/en/legal/.

References

  1. Cappelli, C., Leite, J.: Software transparency. Bus. Inf. Syst. Eng. 2, 127–139 (2010). https://doi.org/10.1007/s12599-010-0102-z

    Article  Google Scholar 

  2. Drury, M., Conboy, K., Power, K.: Obstacles to decision making in agile software development teams. J. Syst. Softw. 85(6), 1239–1254 (2012)

    Article  Google Scholar 

  3. Eberlein, A., Leite, J.: Agile requirements definition: a view from requirements engineering. In: Proceedings of the International Workshop on Time-Constrained Requirements Engineering, pp. 4–8 (2002)

    Google Scholar 

  4. Erickson, J., Lyytinen, K., Siau, K.: Agile modeling, agile software development, and extreme programming: the state of research. J. Database Manag. (JDM) 16(4), 88–100 (2005)

    Article  Google Scholar 

  5. Herrnfeld, H.H.: Article 67 data protection by design and by default. In: European Public Prosecutor’s Office, pp. 513–514. Nomos Verlagsgesellschaft mbH & Co. KG (2020)

    Google Scholar 

  6. Hoffmann, A., Söllner, M., Hoffmann, H., Leimeister, J.M.: Towards trust-based software requirement patterns. In: 2nd IEEE International Workshop on Requirements Patterns, pp. 7–11. IEEE (2012)

    Google Scholar 

  7. Hosseini, M., Shahri, A., Phalp, K., Ali, R.: Foundations for transparency requirements engineering. In: Daneva, M., Pastor, O. (eds.) REFSQ 2016. LNCS, vol. 9619, pp. 225–231. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30282-9_15

    Chapter  Google Scholar 

  8. Hosseini, M., Shahri, A., Phalp, K., Ali, R.: A modelling language for transparency requirements in business information systems. In: Nurcan, S., Soffer, P., Bajec, M., Eder, J. (eds.) CAiSE 2016. LNCS, vol. 9694, pp. 239–254. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39696-5_15

    Chapter  Google Scholar 

  9. Kim, D.J., Ferrin, D.L., Rao, H.R.: A trust-based consumer decision-making model in electronic commerce: the role of trust, perceived risk, and their antecedents. Decis. Support Syst. 44(2), 544–564 (2008)

    Article  Google Scholar 

  10. Kizilcec, R.F.: How much information? Effects of transparency on trust in an algorithmic interface. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pp. 2390–2395 (2016)

    Google Scholar 

  11. Loizides, F., Winckler, M., Chatterjee, U., Abdelnour-Nocera, J., Parmaxi, A.: Human Computer Interaction and Emerging Technologies: Workshop Proceedings from the INTERACT 2019 Workshops. Cardiff University Press (2020)

    Google Scholar 

  12. Meis, R., Heisel, M.: Computer-aided identification and validation of privacy requirements. Information 7(2), 28 (2016)

    Article  Google Scholar 

  13. Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_15

    Chapter  Google Scholar 

  14. Moyano, F., Fernandez-Gago, C., Lopez, J.: Building trust and reputation in: a development framework for trust models implementation. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 113–128. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38004-4_8

    Chapter  Google Scholar 

  15. Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)

    Article  Google Scholar 

  16. Murmann, P., Karegar, F.: From design requirements to effective privacy notifications: empowering users of online services to make informed decisions. Int. J. Hum.-Comput. Interact. 1–26 (2021)

    Google Scholar 

  17. Palomares Bonache, C.: Definition and use of software requirement patterns in requirements engineering activities. In: Proceedings of REFSQ 2011 Workshops, REFSQ 2011 Empirical Track, and REFSQ 2014 Doctoral Symposium, pp. 60–66 (2014)

    Google Scholar 

  18. Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)

    Article  Google Scholar 

  19. GSMA Mobile Privacy: Consumer research insights and considerations for policymakers (2014)

    Google Scholar 

  20. Rossi, A., Lenzini, G.: Transparency by design in data-informed research: a collection of information design patterns. Comput. Law Secur. Rev. 37, 105402 (2020)

    Article  Google Scholar 

  21. Schwab, K., Marcus, A., Oyola, J., Hoffman, W., Luzi, M.: Personal data: the emergence of a new asset class. In: An Initiative of the World Economic Forum (2011)

    Google Scholar 

  22. Söllner, M., Hoffmann, A., Hoffmann, H., Leimeister, J.M.: How to use behavioral research insights on trust for HCI system design. In: CHI 2012 Extended Abstracts on Human Factors in Computing Systems, pp. 1703–1708. ACM (2012)

    Google Scholar 

  23. Verizon Enterprise Solutions: Verizon 2014 data breach investigations report. verizon.com (2016)

    Google Scholar 

  24. Spagnuelo, D., Bartolini, C., Lenzini, G.: Qualifying and measuring transparency: a medical data system case study. Comput. Secur. 91, 101717 (2020)

    Article  Google Scholar 

  25. Spagnuelo, D., Ferreira, A., Lenzini, G.: Transparency enhancing tools and the GDPR: do they match? In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2019. CCIS, vol. 1221, pp. 162–185. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-49443-8_8

    Chapter  Google Scholar 

  26. Tu, Y.-C., Tempero, E., Thomborson, C.: An experiment on the impact of transparency on the effectiveness of requirements documents. Empir. Softw. Eng. 21(3), 1035–1066 (2015). https://doi.org/10.1007/s10664-015-9374-8

    Article  Google Scholar 

  27. Turilli, M., Floridi, L.: The ethics of information transparency. Ethics Inf. Technol. 11(2), 105–112 (2009). https://doi.org/10.1007/s10676-009-9187-9

    Article  Google Scholar 

  28. Withall, S.: Software Requirement Patterns. Pearson Education (2007)

    Google Scholar 

  29. Zhu, K.: Information transparency in electronic marketplaces: why data transparency may hinder the adoption of B2B exchanges. Electron. Mark. 12(2), 92–99 (2002)

    Article  Google Scholar 

Download references

Acknowledgement

The research is supported by University of Leicester. We also would like to thank Dr Mahmood Hosseini for the valuable input and Spirit Healthcare team for their collaboration, experience.

Author information

Authors and Affiliations

  1. University of Leicester, University Rd, Leicester, UK

    Baraa Zieni & Reiko Heckel

  2. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Dayana Spagnuelo

Authors
  1. Baraa Zieni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dayana Spagnuelo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Reiko Heckel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Baraa Zieni .

Editor information

Editors and Affiliations

  1. Corvinus University Budapest, Budapest, Hungary

    Andrea Kö

  2. National Research Council and European Parliament, Florence, Italy

    Enrico Francesconi

  3. Johannes Kepler University of Linz, Linz, Austria

    Gabriele Kotsis

  4. Vienna University of Technology, Vienna, Austria

    A Min Tjoa

  5. Johannes Kepler University of Linz, Linz, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zieni, B., Spagnuelo, D., Heckel, R. (2021). Transparency by Default: GDPR Patterns for Agile Development. In: Kö, A., Francesconi, E., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2021. Lecture Notes in Computer Science(), vol 12926. Springer, Cham. https://doi.org/10.1007/978-3-030-86611-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86611-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86610-5

  • Online ISBN: 978-3-030-86611-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation