Skip to main content

Agile ethics: an iterative and flexible approach to assessing ethical, legal and social issues in the agile development of crisis management information systems


This paper reassess the evaluation of ethical, legal and social issues (ELSI) in relation to the agile development of information systems in the domain of crisis management. The authors analyse the differing assessment needs of a move from a traditional approach to the development of information systems to an agile approach, which offers flexibility, adaptability and responds to the needs of users as the system develops. In turn, the authors argue that this development requires greater flexibility and an iterative approach to assessing ELSI. The authors provide an example from the Horizon 2020 EU-funded project iTRACK (Integrated system for real-time TRACKing and collective intelligence in civilian humanitarian missions) to exemplify this move to an iterative approach in practice, drawing on the process of undertaking an ethical and privacy impact assessment for the purpose of this project.

This is a preview of subscription content, access via your institution.

Fig. 1


  1. These are considered as related to the habits, beliefs and traditions which characterise a society. Such necessary considerations include: gender issues, social impact, liability, trust, and religious and cultural issues.

  2. The project received funding from the European Union’s Horizon 2020 research and innovation programme under Grant agreement No 700510.

  3. Examples of the scenarios provided: 1. Following an attack on a humanitarian organisation in a conflict area, the organisation counts that 34 of their staff members were killed, and 54 have been injured. The media continue to report that in this conflict the lives of aid workers are ever more threatened. There is a shortage of experienced staff to deliver the aid and the organisation sends out some of its newest recruits. They have not used iTRACK before but are given the opportunity to do so now. Time is of the essence; as well as learning about iTRACK they need to digest a range of other information. The staff are local, from ages 24–65 and do not speak English. 2. Humanitarian workers are in an area badly affected by a civil war. With the aid organisation increasingly working in riskier environments their mental health is suffering. Wishing to discuss their experiences with persons in similar situations they begin to communicate via the iTRACK communication system.

  4. This is one of the key distinctions between agile EPIA and privacy-by-design (Langheinrich 2001). Where Privacy-by-design has focused upon technological solutions to privacy challenges, which might be included in a particular design, our account of agile EPIA concerns the process-oriented question of how best to incorporate privacy and ethical influences in the design and engineering process. EPIA is part of operationalising “Privacy Engineering” (Oliver 2014).


  • Andrejevic, M., & Gates, K. (2014). Big data surveillance. Surveillance and Society, 12(2), 185–196.

    Article  Google Scholar 

  • Barnard-Wills, D. (2012). Surveillance and identity: Discourse, subjectivity and the state, ashgate. Farnham: Routledge.

    Google Scholar 

  • Boersma, K., & Fonio, C. (Eds.) (2017). Big data, surveillance and crisis management. Routledge, London.

    Google Scholar 

  • Burns, R. (2014). Moments of closure in the knowledge politics of digital humanitarianism. Geoforum, 53, 51–62.

    Article  Google Scholar 

  • Busher, M., Bylund, M., Sanches, P., Ramirez, L., & Wood, L. (2013). A New Manhatten Project? Interoperability and Ethics in Emergency Response systems of systems. Proceedings of the 10th International ISCRAM conference, Baden-Baden, Germany, May 2013.

  • Cao, L., Mohan, K., Peng, X., & Ramesh, B. (2009). A framework for adapting agile development methodologies. European Journal of Information Systems, 18(4), 332–343.

    Article  Google Scholar 

  • Cavoukian, A. (date unknown). ‘Privacy by design. The 7th Foundational Principles.’ [Online]

  • Cavoukian, A. (2012). Operationalizing privacy by design: A guide to implementing strong privacy practices. Information and Privacy Commissioner, Ontario, Canada, December 2012.

  • Clarke, R. (2009). Privacy impact assessment: Its origin and development. Computer Law and Security Review, 25(2), 123–135.

    Article  MathSciNet  Google Scholar 

  • Cockburn, A., Highsmith, J. (2001). Agile software development: The people factor. Computer, 34(11), 131–133.

    Article  Google Scholar 

  • Conboy, K. (2009). Agility from first principles: Reconstructing the concept of agility. Information Systems Development. Information Systems Research, 20(3), 329–354.

    Article  Google Scholar 

  • Crang, M., & Graham, S. (2009). Sentient cities: Ambient intelligence and the politics of urban space. Information, Communication and Society, 10(6), 789–817.

    Article  Google Scholar 

  • De Hert, P., Kloza, D., Wright, D., Wadhwa, K., Hosein, G., & Davies, S. (2012). Recommendations for a privacy impact assessment framework for the European Union. Deliverable for the PIAF Project [Online]

  • DeLaet, D. (2006). The global struggle for human rights: Universal principles in world politics. Belmont: Wadsworth Publishing Co Inc.

    Google Scholar 

  • Dette, R. (2016). Do no digital harm: Mitigating technology risks in Humanitarian contexts. Global Public Policy Institute [Online]

  • Donnelly, J. (2007). The relative universality of human rights. Human Rights Quarterly, 29(2), 281–306.

    Article  Google Scholar 

  • Finn, R., Friedewald, M., Gellert, R., Gutwirth, R., Hüsing, B., Kukk, P., Mordini, E., Schûtz, P., Venier, S., & Wright, D. (2011). Privacy, data protection and ethical issues in new and emerging technologies: Five case studies. Deliverable for the Prescient Project [Online]

  • Greer, D., & Hamon, Y. (2011). Agile software development. Software—Practice and Experience, 41(9), 943–944.

    Article  Google Scholar 

  • Harrald, J. R. (2006). Agility and discipline: Critical success factors for disaster response. The ANNALS of the American Academy of Political and Social Science, 604(1), 256–272.

    Article  Google Scholar 

  • Hoelscher, K., et al. (2015). Understanding attacks on humanitarian aid workers. Conflict Trends, vol. 6, PRIO: Oslo.

    Google Scholar 

  • Hostettler, S., Besson, N.S., Bolay, J-C. (2018). Technologies for development from innovation to social impact. Cham: SpringerOpen.

    Book  Google Scholar 

  • Humanitarian Outcomes (2015). Aid worker security report: Figures at a glance—2016. [Online]

  • Iannelli, O. (2018). D3.2Socio-cultural considerations for future development. Deliverable for the iTRACK project [Online]

  • ICO. (2014). Conducting privacy impact assessments code of practice. [Online]

  • International Conference of Data Protection and Privacy Commissioners (2009). International Standards on the Protection of Personal Data and Privacy: The Madrid Resolution. Madrid. [Online]

  • Kerasidou, X., Petersen, K., & Büscher, M. (2017). Intersecting ingelligence. In K. Boersma & C. Fonio (Eds.), Big data, surveillance and crisis management. London: Routledge.

    Google Scholar 

  • Kroener, I., & Wright, D. (2015). Privacy impact assessment policy issues. In A. R. Lombarte, R. G. Mahamut (Eds.) Hacia Un Nuevo Derecho Europeo De Protección De Datos. Valencia: Towards A New European Data Protection Regime, Tirant lo Blanch.

    Google Scholar 

  • Kroener, I., & Wright, D. (2014). A strategy for operationalising privacy by design. The Information Society, 30(5), 355–365.

    Article  Google Scholar 

  • Langheinrich, M. (2001). Privacy-by-Design: Principles of Privacy-Aware ubiquitous computing. In: Umbicomp 2001: International Conference on Ubiquitous Computing (pp. 273–291).

  • Lyon, D. (2007). Surveillance studies: An overview. London: Polity Press.

    Google Scholar 

  • Meier, P. (2015). Digital humanitarians: How BIG DATA is changing the face of humanitarian response. London: CRC Press, Taylor and Francis Group.

    Book  Google Scholar 

  • Mendonça, D., Jefferson, T., & Harrald, J. R. (2007). Collaborative adhocracies and mix-and-match technologies in emergency management. Communications of the ACM, 50(3), 45–49.

    Article  Google Scholar 

  • Monahan, T. (2010). Surveillance in the time of insecurity. New Brunswick: Rutgers University Press.

    Google Scholar 

  • Morozov, E. (2013). To save everything, click here: Technology, solutionism and the urge to fix problems that don’t exist. London: Penguin.

    Google Scholar 

  • Oliver, I. (2014). Privacy Engineering. CreateSpace, USA.

  • Petersen, K. (2015). ELSI guidelines for collaborative design and database of representative emergence and disaster events in Europe. Deliverable 2.2, SecInCoRe project. [Online]

  • Sandvik, K., & Raymond, N. A. (2017) Beyond the protective effect: Towards a theory of harm for information communication technologies in mass atrocity response. Genocide Studies and Prevention: An International Journal, 11(1), 9–24.

    Article  Google Scholar 

  • Sandvik, K. B., Jumbert, M. J., Karlsrud, J., & Kaufmann, M. (2014). Humanitarian technology: a critical research agenda. International Review of the Red Cross, 96(893), 219–242.

    Article  Google Scholar 

  • Soanes, C. (2002). Paperback oxford english dictionary. Oxford: Oxford University Press.

    Google Scholar 

  • Vinck, P. (2013). Humanitarian technology. World disasters report 2013, international federation of red cross and red crescent societies, [Online]

  • Wadhwa, K., & Wright, D. (2014). Following best practices in privacy impact assessments. Privacy Laws and Business, January.

  • Wright, D. (2012). The state of the art in privacy impact assessment. Computer Law and Security Review, 28, 54–61.

    Article  Google Scholar 

Download references


Funding was provided by Horizon 2020 (Grant No. 700510).

Author information

Authors and Affiliations


Corresponding author

Correspondence to Julia Muraszkiewicz.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Kroener, I., Barnard-Wills, D. & Muraszkiewicz, J. Agile ethics: an iterative and flexible approach to assessing ethical, legal and social issues in the agile development of crisis management information systems. Ethics Inf Technol 23 (Suppl 1), 7–18 (2021).

Download citation

  • Published:

  • Issue Date:

  • DOI:


  • Agile
  • Crisis management
  • Information systems
  • Ethical and privacy impact assessment