Legal Requirement Elicitation, Analysis and Specification for a Data Transparency System

Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 389)


Within the growing amount of data through new applications, processes and technologies in companies, legal frameworks according to the processing of data become more important. The new General Data Protection Regulation (GDPR) especially has the intention, to strengthen the rights of Data Subjects in transparency (e.g. Art. 12) and self-control (e.g. Art 15–22). This research aims to develop non-functional-requirements (NFR) for a Data Transparency System for the category legal-contractual. Therefore, we follow the requirement engineering process according to Rupp [29]. As a general source for the development, qualitative expert interviews have been carried out. In order to extend our findings and form categories, we also did a systematic literature review and a structured text analysis of the GDPR. In total, we were able to generate 18 NFR and organized them into the categories Purpose, Obligation, Ownership, Procedures and Integrity and Transparency.


Requirements Engineering Non-functional-requirements Data Transparency System GDPR 


  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council - of 27 April 2016 - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016)Google Scholar
  2. 2.
    Abiteboul, S., Stoyanovich, J.: Transparency, Fairness, Data Protection, Neutrality: Data Management Challenges in the Face of New Regulation (2019). arXiv:1903.03683 [c.s.]
  3. 3.
    Berg, C.: Privacy, property, and discovery. In: The Classical Liberal Case for Privacy in a World of Surveillance and Technological Change. PSCL, pp. 153–166. Springer,Cham (2018).
  4. 4.
    Bonatti, P., Kirrane, S., Polleres, A., Wenning, R.: Transparent personal data processing: the road ahead. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 337–349. Springer, Cham (2017). Scholar
  5. 5.
    Cato, P.: Einflüsse auf den Implementierungserfolg von Big Data Systemen. Verlag Dr. Kovac, Hamburg (2016)Google Scholar
  6. 6.
    Ebert, C.: Systematisches Requirements Management: Anforderungen ermitteln, spezifizieren, analysieren und verfolgen, 1. aufl edn. dpunkt-Verl, Heidelberg (2005)Google Scholar
  7. 7.
    Enderes, C.: Experteninterview. Der Leitfaden für die Bachelorarbeit (2018).
  8. 8.
    Feak, C.B., Swales, J.M., Swales, J.M., Feak, C.B.: Telling a Research Story: Writing a Literature Review. The Michigan Series in English for Academic & Professional Purposes. University of Michigan Press, Ann Arbor Mich (2009)Google Scholar
  9. 9.
    Flick, U.: Sozialforschung: Methoden und Anwendungen: ein Überblick für die BA-Studiengänge, 3, auflage edn. Rowohlt Taschenbuch Verlag, Rororo Rowohlts Enzyklopädie (2016)Google Scholar
  10. 10.
    Früh, W.: Inhaltsanalyse: Theorie und Praxis, vol. 7. UVK, Konstanz (2011)Google Scholar
  11. 11.
    Gantchev, V.: Data protection in the age of welfare conditionality: respect for basic rights or a race to the bottom? Eur. J. Soc. Secur. 21, 3–22 (2019)CrossRefGoogle Scholar
  12. 12.
    Geer, D.E.: Ownership. IEEE Secur. Priv. 17, 4 (2019)CrossRefGoogle Scholar
  13. 13.
    Ginz, M.: Requirements Engineering I. Kapitel 4 - Anforderungsermitttlung und -analyse (2010)Google Scholar
  14. 14.
    Hand, D.J.: Aspects of data ethics in a changing world: where are we now? Big Data 6(3), 176–190 (2018)CrossRefGoogle Scholar
  15. 15.
    Hornung, G., Goeble, T.: “Data Ownership” im vernetzten Automobil. Computer und Recht 31(4) (2015)Google Scholar
  16. 16.
    IEEE Standards Board: IEEE Recommended Practice for Software Requirements Specifications. Technical report, IEEE (1998)Google Scholar
  17. 17.
    Jaatinen, T.: The relationship between open data initiatives, privacy, and government transparency: a love triangle? Int. Data Priv. Law 6(1), 28–38 (2016)Google Scholar
  18. 18.
    Janßen, C.: Towards a system for data transparency to support data subjects. In: Abramowicz, W., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 373, pp. 613–624. Springer, Cham (2019). Scholar
  19. 19.
    Kirrane, S., et al.: A scalable consent, transparency and compliance architecture. In: Gangemi, A., et al. (eds.) ESWC 2018. LNCS, vol. 11155, pp. 131–136. Springer, Cham (2018). Scholar
  20. 20.
    Krempel, E., Beyerer, J.: The EU general data protection regulation and its effects on designing assistive environments. In: Proceedings of the 11th PErvasive Technologies Related to Assistive Environments Conference on - PETRA’18, pp. 327–330. ACM Press, Corfu, Greece (2018)Google Scholar
  21. 21.
    Krippendorff, K.: Reliability in content analysis: some common misconceptions and recommendations. Hum. Commun. Res. 30(3), 411–433 (2004)Google Scholar
  22. 22.
    Maguire, S., Friedberg, J., Nguyen, M.-H.C., Haynes, P.: A metadata-based architecture for user-centered data accountability. Electron. Markets 25(2), 155–160 (2015). Scholar
  23. 23.
    Meis, R., Wirtz, R., Heisel, M.: A taxonomy of requirements for the privacy goal transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 195–209. Springer, Cham (2015). Scholar
  24. 24.
    Merten, K.: Inhaltsanalyse: Einführung in Theorie, Methode und Praxis. Springer VS, Wiesbaden (1983). Scholar
  25. 25.
    Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)CrossRefGoogle Scholar
  26. 26.
    Pfeffers, K., Gengler, T., Ross, C., Hui, W., Virtanen, V., Bragge, J.: The design science research process: a model for producing and presenting information systems. In: Proceedings of DESRIST, Claremont (2006)Google Scholar
  27. 27.
    Pohl, K.: Requirements Engineering: Grundlagen, Prinzipien, Techniken, 2, korrigierte aufl edn. dpunkt-Verl, Heidelberg (2008)Google Scholar
  28. 28.
    Pohl, K., Rupp, C.: Basiswissen Requirements Engineering: Aus- und Weiterbildung zum “Certified Professional for Requirements Engineering”: Foundation Level nach IREB-Standard, 4, überarbeitete auflage edn. dpunkt.verlag, Heidelberg (2015)Google Scholar
  29. 29.
    Rupp, C.: Requirements-Engineering und -Management: aus der Praxis von klassisch bis agil, 6, aktualisierte und erweiterte, auflage edn. Hanser, München (2014)Google Scholar
  30. 30.
    Seinen, W., Walter, A., van Grondelle, S.: Compatibility as a mechanism for responsible further processing of personal data. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 153–171. Springer, Cham (2018). Scholar
  31. 31.
    Singh, J., Cobbe, J., Norval, C.: Decision provenance: harnessing data flow for accountable systems. IEEE Access 7, 6562–6574 (2019)CrossRefGoogle Scholar
  32. 32.
    Van Alstyne, M., Brynjolfsson, E., Madnick, S.: Why not one big database? Principles for data ownership. Decis. Support Syst. 15(4), 267–284 (1995)CrossRefGoogle Scholar
  33. 33.
    Wachter, S.: Ethical and normative challenges of identification in the Internet of Things. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018. Institution of Engineering and Technology, London, UK (2018)Google Scholar
  34. 34.
    Wallis, J.C., Borgman, C.L.: Who is responsible for data? An exploratory study of data authorship, ownership, and responsibility. Proc. Am. Soc. Inf. Sci. Technol. 48(1), 1–10 (2011)CrossRefGoogle Scholar
  35. 35.
    Webster, J., Watson, R.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 36, 13–23 (2002)Google Scholar
  36. 36.
    Wolters, P.T.J.: The Control by and Rights of the Data Subject Under the GDPR, p. 14 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department Very Large Business ApplicationsUniversity of OldenburgOldenburgGermany

Personalised recommendations