This paper reassess the evaluation of ethical, legal and social issues (ELSI) in relation to the agile development of information systems in the domain of crisis management. The authors analyse the differing assessment needs of a move from a traditional approach to the development of information systems to an agile approach, which offers flexibility, adaptability and responds to the needs of users as the system develops. In turn, the authors argue that this development requires greater flexibility and an iterative approach to assessing ELSI. The authors provide an example from the Horizon 2020 EU-funded project iTRACK (Integrated system for real-time TRACKing and collective intelligence in civilian humanitarian missions) to exemplify this move to an iterative approach in practice, drawing on the process of undertaking an ethical and privacy impact assessment for the purpose of this project.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price excludes VAT (USA)
Tax calculation will be finalised during checkout.
These are considered as related to the habits, beliefs and traditions which characterise a society. Such necessary considerations include: gender issues, social impact, liability, trust, and religious and cultural issues.
The project received funding from the European Union’s Horizon 2020 research and innovation programme under Grant agreement No 700510.
Examples of the scenarios provided: 1. Following an attack on a humanitarian organisation in a conflict area, the organisation counts that 34 of their staff members were killed, and 54 have been injured. The media continue to report that in this conflict the lives of aid workers are ever more threatened. There is a shortage of experienced staff to deliver the aid and the organisation sends out some of its newest recruits. They have not used iTRACK before but are given the opportunity to do so now. Time is of the essence; as well as learning about iTRACK they need to digest a range of other information. The staff are local, from ages 24–65 and do not speak English. 2. Humanitarian workers are in an area badly affected by a civil war. With the aid organisation increasingly working in riskier environments their mental health is suffering. Wishing to discuss their experiences with persons in similar situations they begin to communicate via the iTRACK communication system.
This is one of the key distinctions between agile EPIA and privacy-by-design (Langheinrich 2001). Where Privacy-by-design has focused upon technological solutions to privacy challenges, which might be included in a particular design, our account of agile EPIA concerns the process-oriented question of how best to incorporate privacy and ethical influences in the design and engineering process. EPIA is part of operationalising “Privacy Engineering” (Oliver 2014).
Andrejevic, M., & Gates, K. (2014). Big data surveillance. Surveillance and Society, 12(2), 185–196.
Barnard-Wills, D. (2012). Surveillance and identity: Discourse, subjectivity and the state, ashgate. Farnham: Routledge.
Boersma, K., & Fonio, C. (Eds.) (2017). Big data, surveillance and crisis management. Routledge, London.
Burns, R. (2014). Moments of closure in the knowledge politics of digital humanitarianism. Geoforum, 53, 51–62.
Busher, M., Bylund, M., Sanches, P., Ramirez, L., & Wood, L. (2013). A New Manhatten Project? Interoperability and Ethics in Emergency Response systems of systems. Proceedings of the 10th International ISCRAM conference, Baden-Baden, Germany, May 2013.
Cao, L., Mohan, K., Peng, X., & Ramesh, B. (2009). A framework for adapting agile development methodologies. European Journal of Information Systems, 18(4), 332–343.
Cavoukian, A. (date unknown). ‘Privacy by design. The 7th Foundational Principles.’ [Online] https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf.
Cavoukian, A. (2012). Operationalizing privacy by design: A guide to implementing strong privacy practices. Information and Privacy Commissioner, Ontario, Canada, December 2012.
Clarke, R. (2009). Privacy impact assessment: Its origin and development. Computer Law and Security Review, 25(2), 123–135.
Cockburn, A., Highsmith, J. (2001). Agile software development: The people factor. Computer, 34(11), 131–133. https://doi.org/10.1109/2.963450.
Conboy, K. (2009). Agility from first principles: Reconstructing the concept of agility. Information Systems Development. Information Systems Research, 20(3), 329–354.
Crang, M., & Graham, S. (2009). Sentient cities: Ambient intelligence and the politics of urban space. Information, Communication and Society, 10(6), 789–817.
De Hert, P., Kloza, D., Wright, D., Wadhwa, K., Hosein, G., & Davies, S. (2012). Recommendations for a privacy impact assessment framework for the European Union. Deliverable for the PIAF Project [Online] http://www.piafproject.eu/ref/PIAF_D3_final.pdf.
DeLaet, D. (2006). The global struggle for human rights: Universal principles in world politics. Belmont: Wadsworth Publishing Co Inc.
Dette, R. (2016). Do no digital harm: Mitigating technology risks in Humanitarian contexts. Global Public Policy Institute [Online] https://cooperation.epfl.ch/files/content/sites/cooperation/files/Tech4Dev%202016/1282-Dette-SE01-HUM_FullPaper.pdf.
Donnelly, J. (2007). The relative universality of human rights. Human Rights Quarterly, 29(2), 281–306.
Finn, R., Friedewald, M., Gellert, R., Gutwirth, R., Hüsing, B., Kukk, P., Mordini, E., Schûtz, P., Venier, S., & Wright, D. (2011). Privacy, data protection and ethical issues in new and emerging technologies: Five case studies. Deliverable for the Prescient Project [Online] https://www.prescient-project.eu/prescient/inhalte/documents/deliverables.php.
Greer, D., & Hamon, Y. (2011). Agile software development. Software—Practice and Experience, 41(9), 943–944. https://doi.org/10.1002/spe.1100.
Harrald, J. R. (2006). Agility and discipline: Critical success factors for disaster response. The ANNALS of the American Academy of Political and Social Science, 604(1), 256–272. https://doi.org/10.1177/0002716205285404.
Hoelscher, K., et al. (2015). Understanding attacks on humanitarian aid workers. Conflict Trends, vol. 6, PRIO: Oslo.
Hostettler, S., Besson, N.S., Bolay, J-C. (2018). Technologies for development from innovation to social impact. Cham: SpringerOpen.
Humanitarian Outcomes (2015). Aid worker security report: Figures at a glance—2016. [Online] https://aidworkersecurity.org/sites/default/files/HO_AidWorkerSecPreview_1015_G.PDF_.pdf.
Iannelli, O. (2018). D3.2—Socio-cultural considerations for future development. Deliverable for the iTRACK project [Online] https://www.itrack-project.eu/.
ICO. (2014). Conducting privacy impact assessments code of practice. [Online] https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf.
International Conference of Data Protection and Privacy Commissioners (2009). International Standards on the Protection of Personal Data and Privacy: The Madrid Resolution. Madrid. [Online] https://icdppc.org/wp-content/uploads/2015/02/The-Madrid-Resolution.pdf.
Kerasidou, X., Petersen, K., & Büscher, M. (2017). Intersecting ingelligence. In K. Boersma & C. Fonio (Eds.), Big data, surveillance and crisis management. London: Routledge.
Kroener, I., & Wright, D. (2015). Privacy impact assessment policy issues. In A. R. Lombarte, R. G. Mahamut (Eds.) Hacia Un Nuevo Derecho Europeo De Protección De Datos. Valencia: Towards A New European Data Protection Regime, Tirant lo Blanch.
Kroener, I., & Wright, D. (2014). A strategy for operationalising privacy by design. The Information Society, 30(5), 355–365.
Langheinrich, M. (2001). Privacy-by-Design: Principles of Privacy-Aware ubiquitous computing. In: Umbicomp 2001: International Conference on Ubiquitous Computing (pp. 273–291).
Lyon, D. (2007). Surveillance studies: An overview. London: Polity Press.
Meier, P. (2015). Digital humanitarians: How BIG DATA is changing the face of humanitarian response. London: CRC Press, Taylor and Francis Group.
Mendonça, D., Jefferson, T., & Harrald, J. R. (2007). Collaborative adhocracies and mix-and-match technologies in emergency management. Communications of the ACM, 50(3), 45–49. https://doi.org/10.1145/1226736.1226764.
Monahan, T. (2010). Surveillance in the time of insecurity. New Brunswick: Rutgers University Press.
Morozov, E. (2013). To save everything, click here: Technology, solutionism and the urge to fix problems that don’t exist. London: Penguin.
Oliver, I. (2014). Privacy Engineering. CreateSpace, USA.
Petersen, K. (2015). ELSI guidelines for collaborative design and database of representative emergence and disaster events in Europe. Deliverable 2.2, SecInCoRe project. [Online] http://www.secincore.eu/.
Sandvik, K., & Raymond, N. A. (2017) Beyond the protective effect: Towards a theory of harm for information communication technologies in mass atrocity response. Genocide Studies and Prevention: An International Journal, 11(1), 9–24.
Sandvik, K. B., Jumbert, M. J., Karlsrud, J., & Kaufmann, M. (2014). Humanitarian technology: a critical research agenda. International Review of the Red Cross, 96(893), 219–242.
Soanes, C. (2002). Paperback oxford english dictionary. Oxford: Oxford University Press.
Vinck, P. (2013). Humanitarian technology. World disasters report 2013, international federation of red cross and red crescent societies, [Online] http://www.ifrc.org/PageFiles/134658/WDR%202013%20complete.pdf.
Wadhwa, K., & Wright, D. (2014). Following best practices in privacy impact assessments. Privacy Laws and Business, January.
Wright, D. (2012). The state of the art in privacy impact assessment. Computer Law and Security Review, 28, 54–61.
Funding was provided by Horizon 2020 (Grant No. 700510).
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kroener, I., Barnard-Wills, D. & Muraszkiewicz, J. Agile ethics: an iterative and flexible approach to assessing ethical, legal and social issues in the agile development of crisis management information systems. Ethics Inf Technol 23 (Suppl 1), 7–18 (2021). https://doi.org/10.1007/s10676-019-09501-6
- Crisis management
- Information systems
- Ethical and privacy impact assessment