Abstract
Within the growing amount of data through new applications, processes and technologies in companies, legal frameworks according to the processing of data become more important. The new General Data Protection Regulation (GDPR) especially has the intention, to strengthen the rights of Data Subjects in transparency (e.g. Art. 12) and self-control (e.g. Art 15–22). This research aims to develop non-functional-requirements (NFR) for a Data Transparency System for the category legal-contractual. Therefore, we follow the requirement engineering process according to Rupp [29]. As a general source for the development, qualitative expert interviews have been carried out. In order to extend our findings and form categories, we also did a systematic literature review and a structured text analysis of the GDPR. In total, we were able to generate 18 NFR and organized them into the categories Purpose, Obligation, Ownership, Procedures and Integrity and Transparency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Regulation (EU) 2016/679 of the European Parliament and of the Council - of 27 April 2016 - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016)
Abiteboul, S., Stoyanovich, J.: Transparency, Fairness, Data Protection, Neutrality: Data Management Challenges in the Face of New Regulation (2019). arXiv:1903.03683 [c.s.]
Berg, C.: Privacy, property, and discovery. In: The Classical Liberal Case for Privacy in a World of Surveillance and Technological Change. PSCL, pp. 153–166. Springer,Cham (2018). https://doi.org/10.1007/978-3-319-96583-3_9
Bonatti, P., Kirrane, S., Polleres, A., Wenning, R.: Transparent personal data processing: the road ahead. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 337–349. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_28
Cato, P.: Einflüsse auf den Implementierungserfolg von Big Data Systemen. Verlag Dr. Kovac, Hamburg (2016)
Ebert, C.: Systematisches Requirements Management: Anforderungen ermitteln, spezifizieren, analysieren und verfolgen, 1. aufl edn. dpunkt-Verl, Heidelberg (2005)
Enderes, C.: Experteninterview. Der Leitfaden für die Bachelorarbeit (2018). https://www.bachelorprint.de/experteninterview/
Feak, C.B., Swales, J.M., Swales, J.M., Feak, C.B.: Telling a Research Story: Writing a Literature Review. The Michigan Series in English for Academic & Professional Purposes. University of Michigan Press, Ann Arbor Mich (2009)
Flick, U.: Sozialforschung: Methoden und Anwendungen: ein Überblick für die BA-Studiengänge, 3, auflage edn. Rowohlt Taschenbuch Verlag, Rororo Rowohlts Enzyklopädie (2016)
Früh, W.: Inhaltsanalyse: Theorie und Praxis, vol. 7. UVK, Konstanz (2011)
Gantchev, V.: Data protection in the age of welfare conditionality: respect for basic rights or a race to the bottom? Eur. J. Soc. Secur. 21, 3–22 (2019)
Geer, D.E.: Ownership. IEEE Secur. Priv. 17, 4 (2019)
Ginz, M.: Requirements Engineering I. Kapitel 4 - Anforderungsermitttlung und -analyse (2010)
Hand, D.J.: Aspects of data ethics in a changing world: where are we now? Big Data 6(3), 176–190 (2018)
Hornung, G., Goeble, T.: “Data Ownership” im vernetzten Automobil. Computer und Recht 31(4) (2015)
IEEE Standards Board: IEEE Recommended Practice for Software Requirements Specifications. Technical report, IEEE (1998)
Jaatinen, T.: The relationship between open data initiatives, privacy, and government transparency: a love triangle? Int. Data Priv. Law 6(1), 28–38 (2016)
Janßen, C.: Towards a system for data transparency to support data subjects. In: Abramowicz, W., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 373, pp. 613–624. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36691-9_51
Kirrane, S., et al.: A scalable consent, transparency and compliance architecture. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 11155, pp. 131–136. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98192-5_25
Krempel, E., Beyerer, J.: The EU general data protection regulation and its effects on designing assistive environments. In: Proceedings of the 11th PErvasive Technologies Related to Assistive Environments Conference on - PETRA’18, pp. 327–330. ACM Press, Corfu, Greece (2018)
Krippendorff, K.: Reliability in content analysis: some common misconceptions and recommendations. Hum. Commun. Res. 30(3), 411–433 (2004)
Maguire, S., Friedberg, J., Nguyen, M.-H.C., Haynes, P.: A metadata-based architecture for user-centered data accountability. Electron. Markets 25(2), 155–160 (2015). https://doi.org/10.1007/s12525-015-0184-z
Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_15
Merten, K.: Inhaltsanalyse: Einführung in Theorie, Methode und Praxis. Springer VS, Wiesbaden (1983). https://doi.org/10.1007/978-3-663-10353-0
Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)
Pfeffers, K., Gengler, T., Ross, C., Hui, W., Virtanen, V., Bragge, J.: The design science research process: a model for producing and presenting information systems. In: Proceedings of DESRIST, Claremont (2006)
Pohl, K.: Requirements Engineering: Grundlagen, Prinzipien, Techniken, 2, korrigierte aufl edn. dpunkt-Verl, Heidelberg (2008)
Pohl, K., Rupp, C.: Basiswissen Requirements Engineering: Aus- und Weiterbildung zum “Certified Professional for Requirements Engineering”: Foundation Level nach IREB-Standard, 4, überarbeitete auflage edn. dpunkt.verlag, Heidelberg (2015)
Rupp, C.: Requirements-Engineering und -Management: aus der Praxis von klassisch bis agil, 6, aktualisierte und erweiterte, auflage edn. Hanser, München (2014)
Seinen, W., Walter, A., van Grondelle, S.: Compatibility as a mechanism for responsible further processing of personal data. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 153–171. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_9
Singh, J., Cobbe, J., Norval, C.: Decision provenance: harnessing data flow for accountable systems. IEEE Access 7, 6562–6574 (2019)
Van Alstyne, M., Brynjolfsson, E., Madnick, S.: Why not one big database? Principles for data ownership. Decis. Support Syst. 15(4), 267–284 (1995)
Wachter, S.: Ethical and normative challenges of identification in the Internet of Things. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018. Institution of Engineering and Technology, London, UK (2018)
Wallis, J.C., Borgman, C.L.: Who is responsible for data? An exploratory study of data authorship, ownership, and responsibility. Proc. Am. Soc. Inf. Sci. Technol. 48(1), 1–10 (2011)
Webster, J., Watson, R.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 36, 13–23 (2002)
Wolters, P.T.J.: The Control by and Rights of the Data Subject Under the GDPR, p. 14 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Janßen, C., Kathmann, J. (2020). Legal Requirement Elicitation, Analysis and Specification for a Data Transparency System. In: Abramowicz, W., Klein, G. (eds) Business Information Systems. BIS 2020. Lecture Notes in Business Information Processing, vol 389. Springer, Cham. https://doi.org/10.1007/978-3-030-53337-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-53337-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-53336-6
Online ISBN: 978-3-030-53337-3
eBook Packages: Computer ScienceComputer Science (R0)