Understanding the Privacy Goal Intervenability

  • Rene MeisEmail author
  • Maritta Heisel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9830)


Privacy is gaining more and more attention in society and hence, gains more importance as a software quality that has to be considered during software development. A privacy goal that has not yet been deeply studied is the empowerment of end-users to have control over how their personal data is processed by information systems. This privacy goal is called intervenability. Several surveys have shown that one of end-users’ main privacy concerns is the lack of intervenability options in information systems. In this paper, we refine the privacy goal intervenability into a software requirements taxonomy and relate it to a taxonomy of transparency requirements because transparency can be regarded as a prerequisite for intervenability. The combined taxonomy of intervenability and transparency requirements shall guide requirements engineers to identify the intervenability requirements relevant for the system they consider. We validated the completeness of our taxonomy by comparing it to the relevant literature that we derived based on a systematic literature review.


Personal Data Systematic Literature Review Data Subject Legal Person Requirement Engineer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank Sylbie Sabit who provided a starting point for this research with her master thesis [45].


  1. 1.
    GSMA: MOBILE PRIVACY: consumer research insights and considerations for policymakers, February 2014. Accessed 20 June 2016
  2. 2.
    Symantec: State of Privacy Report 2015 (2015). Accessed 20 June 2016
  3. 3.
    Quah, A.M.Y., Röhm, U.: User awareness and policy compliance of data privacy in cloud computing. In: Proceedings of the First Australasian Web Conference, AWC 2013, vol. 144, pp. 3–12, Darlinghurst, Australia, Australian Computer Society, Inc. (2013)Google Scholar
  4. 4.
    Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-Commerce: examining user scenarios and privacy preferences. In: Proceedings of the 1st ACM Conference on Electronic Commerce, EC 1999, New York, NY, USA, pp. 1–8. ACM (1999)Google Scholar
  5. 5.
    Hansen, M.: Top 10 mistakes in system design from a privacy perspective and privacy protection goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  7. 7.
    ISO/IEC: ISO/IEC 29100:2011 Information technology - Security techniques - Privacy Framework. Technical report, International Organization for Standardization and International Electrotechnical Commission (2011)Google Scholar
  8. 8.
    European Commission: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Accessed 20 June 2016
  9. 9.
    OECD: OECD guidelines on the protection of privacy and transborder flows of personal data. Technical report, Organisation of Economic Co-Operation and Development (1980)Google Scholar
  10. 10.
    US Federal Trade Commission: Privacy online: Fair information practices in the electronic marketplace, a report to congress (2000)Google Scholar
  11. 11.
    Jalali, S., Wohlin, C.: Systematic literature studies: database searches vs. backward snowballing. In: Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2012, pp. 29–38. ACM (2012)Google Scholar
  12. 12.
    Bier, C.: How usage control and provenance tracking get together - a data protection perspective. In: IEEE Security and Privacy Workshops (SPW), pp. 13–17, May 2013Google Scholar
  13. 13.
    Hoepman, J.: Privacy design strategies - (extended abstract). In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., El Kalam, A.A., Sans, T. (eds.) ICT Systems Security and Privacy Protection. IFIP Advances in Information and Communication Technology, vol. 428, pp. 446–459. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  14. 14.
    Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J. Syst. Softw. 86(9), 2276–2293 (2013)CrossRefGoogle Scholar
  15. 15.
    Miyazaki, S., Mead, N., Zhan, J.: Computer-aided privacy requirements elicitation technique. In: IEEE Asia-Pacific Services Computing Conference (APSCC), pp. 367–372, December 2008Google Scholar
  16. 16.
    Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stand. Interfaces 36(4), 759–775 (2014)CrossRefGoogle Scholar
  17. 17.
    Kalloniatis, C.: Designing privacy-aware systems in the cloud. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 113–123. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  18. 18.
    Spiekermann, S., Cranor, L.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)CrossRefGoogle Scholar
  19. 19.
    Makri, E.-L., Lambrinoudakis, C.: Privacy principles: towards a common privacy audit methodology. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 219–234. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  20. 20.
    Acquisti, A., Adjerid, I., Brandimarte, L.: Gone in 15 seconds: the limits of privacy transparency and control. IEEE Secur. Priv. 11(4), 72–74 (2013)CrossRefGoogle Scholar
  21. 21.
    Masiello, B.: Deconstructing the privacy experience. IEEE Secur. Priv. 7(4), 68–70 (2009)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Krol, K., Preibusch, S.: Effortless privacy negotiations. IEEE Secur. Priv. 13(3), 88–91 (2015)CrossRefGoogle Scholar
  23. 23.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. RE 16, 3–32 (2011)Google Scholar
  24. 24.
    Komanduri, S., Shay, R., Norcie, G., Ur, B., Cranor, L.F.: Adchoices? compliance with online behavioral advertising notice and choice requirements. Technical report, CyLab - Carnegie Mellon University (2011). Accessed 20 June 2016
  25. 25.
    Cranor, L.F.: Necessary but not sufficient: standardized mechanisms for privacy notice and choice. JTHTL 10(2), 273–308 (2012)Google Scholar
  26. 26.
    Wicker, S., Schrader, D.: Privacy-aware design principles for information networks. Proc. IEEE 99(2), 330–350 (2011)CrossRefGoogle Scholar
  27. 27.
    Strickland, L.S., Hunt, L.E.: Technology, security, and individual privacy: new tools, new threats, and new public perceptions: research articles. J. Am. Soc. Inf. Sci. Technol. 56(3), 221–234 (2005)CrossRefGoogle Scholar
  28. 28.
    Sheth, S., Kaiser, G., Maalej, W.: Us and them: a study of privacy requirements across North America, Asia, and Europe. In: Proceedings of the 36th International Conference on Software Engineering, ICSE 2014, pp. 859–870. ACM (2014)Google Scholar
  29. 29.
    Fhom, H., Bayarou, K.: Towards a holistic privacy engineering approach for smart grid systems. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 234–241, November 2011Google Scholar
  30. 30.
    Antón, A.I., Earp, J.B., Reese, A.: Analyzing website privacy requirements using a privacy goal taxonomy. In: IEEE International Confernce on Requirements Engineering, pp. 23–31 (2002)Google Scholar
  31. 31.
    Antón, A.I.: Earp: a requirements taxonomy for reducing web site privacy vulnerabilities. Requirements Eng. 9(3), 169–185 (2004)CrossRefGoogle Scholar
  32. 32.
    Sype, Y.S.V.D., Seigneur, J.: Case study: legal requirements for the use of social login features for online reputation updates. In: Cho, Y., Shin, S.Y., Kim, S., Hung, C., Hong, J. (eds.) Symposium on Applied Computing, SAC, pp. 1698–1705. ACM (2014)Google Scholar
  33. 33.
    Basso, T., Moraes, R., Jino, M., Vieira, M.: Requirements, design and evaluation of a privacy reference architecture for web applications and services. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing, pp. 1425–1432. ACM (2015)Google Scholar
  34. 34.
    Lobato, L., Fernandez, E., Zorzo, S.: Patterns to support the development of privacy policies. In: International Conference on Availability, Reliability and Security (ARES), pp. 744–749, March 2009Google Scholar
  35. 35.
    Caron, X., Bosua, R., Maynard, S.B., Ahmad, A.: The internet of things (iot) and its impact on individual privacy: an Australian perspective. Comput. Law Secur. Rev. 32(1), 4–15 (2016)CrossRefGoogle Scholar
  36. 36.
    Borgesius, F.Z.: Informed consent: we can do better to defend privacy. IEEE Secur. Priv. 13(2), 103–107 (2015)CrossRefGoogle Scholar
  37. 37.
    Breaux, T.: Privacy requirements in an age of increased sharing. IEEE Softw. 31(5), 24–27 (2014)CrossRefGoogle Scholar
  38. 38.
    Langheinrich, M.: Privacy by design — principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  39. 39.
    Feigenbaum, J., Freedman, M.J., Sander, T., Shostack, A.: Privacy engineering for digital rights management systems. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 76–105. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  40. 40.
    Wright, D., Raab, C.: Privacy principles, risks and harms. Int. Rev. Law, Comput. Technol. 28(3), 277–298 (2014)CrossRefGoogle Scholar
  41. 41.
    Guarda, P., Zannone, N.: Towards the development of privacy-aware systems. Inf. Softw. Technol. 51(2), 337–350 (2009)CrossRefGoogle Scholar
  42. 42.
    Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  43. 43.
    Smith, H.J., Dinev, T., Xu, H.: Information privacy research: an interdisciplinary review. MIS Q. 35(4), 989–1016 (2011)Google Scholar
  44. 44.
    Meis, R., Heisel, M.: Computer-aided identification and validation of privacy requirements. Information 7(2), 28 (2016)CrossRefGoogle Scholar
  45. 45.
    Sabit, S.: Consideration of intervenability requirements in software development. Master thesis, University of Duisburg-Essen, Germany, August 2015Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.paluno - The Ruhr Institute for Software TechnologyUniversity of Duisburg-EssenDuisburgGermany

Personalised recommendations