Skip to main content
SpringerLink
Log in

A Taxonomy of Requirements for the Privacy Goal Transparency

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9264))

Included in the following conference series:

Abstract

Privacy is a growing concern during software development. Transparency–in the sense of increasing user’s privacy-awareness–is a privacy goal that is not as deeply studied in the literature as the properties anonymity and unlinkability. To be compliant with legislation and standards, requirements engineers have to identify the requirements on transparency that are relevant for the software to be developed. To assist the identification process, we provide a taxonomy of transparency requirements derived from legislation and standards. This taxonomy is validated using related research which was identified using a systematic literature review. Our proposed taxonomy can be used by requirements engineers as basis to systematically identify the relevant transparency requirements leading to a more complete and coherent set of requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.core.edu.au/coreportal.

  2. 2.

    https://www.uni-due.de/imperia/md/content/swe/trans-tech.pdf.

References

  1. Hansen, M.: Top 10 mistakes in system design from a privacy perspective and privacy protection goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  2. Probst, T., Hansen, M.: Privacy protection goals in privacy and data protection evaluations. Working paper, Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, July 2013

    Google Scholar 

  3. ISO/IEC: ISO/IEC 29100:2011 Information technology - Security techniques - Privacy Framework. Technical report, International Organization for Standardization and International Electrotechnical Commission (2011)

    Google Scholar 

  4. European Commission: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), January 2012. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52012PC0011

  5. OECD: OECD guidelines on the protection of privacy and transborder flows of personal data. Technical report, Organisation of Economic Co-Operation and Development (1980)

    Google Scholar 

  6. US Federal Trade Commission: Privacy online: Fair information practices in the electronic marketplace, a report to congress (2000)

    Google Scholar 

  7. Solovo, D., Rotenberg, M.: Information Privacy Law. Aspen Elective Series. Aspen Publishers, New York (2003)

    Google Scholar 

  8. Breaux, T.: Privacy requirements in an age of increased sharing. IEEE Softw. 31(5), 24–27 (2014)

    Article  Google Scholar 

  9. Reinfelder, L., Benenson, Z., Gassmann, F.: Differences between Android and iPhone users in their security and privacy awareness. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds.) TrustBus 2014. LNCS, vol. 8647, pp. 156–167. Springer, Heidelberg (2014)

    Google Scholar 

  10. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)

    Article  Google Scholar 

  11. Sheth, S., Kaiser, G., Maalej, W.: Us and them: a study of privacy requirements across North America, Asia, and Europe. In: Proceedings of the 36th International Conference on Software Engineering. ICSE 2014, pp. 859–870. ACM (2014)

    Google Scholar 

  12. Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele - revisited. Datenschutz und Datensicherheit - DuD 33(6), 353–358 (2009)

    Article  Google Scholar 

  13. Bier, C.: How usage control and provenance tracking get together - a data protection perspective. In: IEEE Security and Privacy Workshops (SPW), pp. 13–17, May 2013

    Google Scholar 

  14. Zviran, M.: User’s perspectives on privacy in web-based applications. J. Comput. Inf. Syst. 48(4), 97–105 (2008)

    Google Scholar 

  15. Sheehan, K.B., Hoy, M.G.: Dimensions of privacy concern among online consumers. J. Public Policy Mark. 19(1), 62–73 (2000)

    Article  Google Scholar 

  16. Fhom, H., Bayarou, K.: Towards a holistic privacy engineering approach for smart grid systems. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 234–241, November 2011

    Google Scholar 

  17. Spiekermann, S., Cranor, L.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  18. Breaux, T., Gordon, D.: What engineers should know about us security and privacy law. IEEE Secur. Priv. 11(3), 72–76 (2013)

    Article  Google Scholar 

  19. Tomaszewski, J.: Are you sure you had a privacy incident? IEEE Secur. Priv. 4(6), 64–66 (2006)

    Article  Google Scholar 

  20. Hoepman, J.: Privacy design strategies - (extended abstract). In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., El Kalam, A.A., Sans, T. (eds.) ICT Systems Security and Privacy Protection. IFIP AICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  21. Jones, R., Tahri, D.: EU law requirements to provide information to website visitors. Comput. Law Secur. Rev. 26(6), 613–620 (2010)

    Article  Google Scholar 

  22. Kung, A., Freytag, J.C., Kargl, F.: Privacy-by-design in its applications. In: IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–6, June 2011

    Google Scholar 

  23. Mulligan, D.: The enduring importance of transparency. IEEE Secur. Priv. 12(3), 61–65 (2014)

    Article  Google Scholar 

  24. Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2012)

    Article  Google Scholar 

  25. Langheinrich, M.: Privacy by design–principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) Ubiquitous Computing (Ubicomp). LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)

    Google Scholar 

  26. Otto, P., Anton, A., Baumer, D.: The ChoicePoint dilemma: how data brokers should handle the privacy of personal information. IEEE Secur. Priv. 5(5), 15–23 (2007)

    Article  Google Scholar 

  27. Masiello, B.: Deconstructing the privacy experience. IEEE Secur. Priv. 7(4), 68–70 (2009)

    Article  MathSciNet  Google Scholar 

  28. Solove, D.J.: A taxonomy of privacy. Univ. Pennsylvania Law Rev. 154(3), 477–560 (2006)

    Article  Google Scholar 

  29. Wicker, S., Schrader, D.: Privacy-aware design principles for information networks. Proc. IEEE 99(2), 330–350 (2011)

    Article  Google Scholar 

  30. Sype, Y.S.V.D., Seigneur, J.: Case study: legal requirements for the use of social login features for online reputation updates. In: Cho, Y., Shin, S.Y., Kim, S., Hung, C., Hong, J. (eds.) SAC, pp. 1698–1705. ACM, South Korea (2014). Please check and confirm the inserted city name for Reference [30]

    Google Scholar 

  31. Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J. Syst. Softw. 86(9), 2276–2293 (2013)

    Article  Google Scholar 

  32. Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stand. Interfaces 36(4), 759–775 (2014)

    Article  Google Scholar 

  33. Wright, D., Raab, C.: Privacy principles, risks and harms. Int. Rev. Law Comput. Technol. 28(3), 277–298 (2014)

    Article  Google Scholar 

  34. Pötzsch, S.: Privacy awareness: a means to solve the privacy paradox? In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity in the Information Society. IFIP AICT, vol. 298, pp. 226–236. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  35. Feigenbaum, J., Freedman, M.J., Sander, T., Shostack, A.: Privacy engineering for digital rights management systems. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 76–105. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  36. Alcalde Bagüés, S., Mitic, J., Zeidler, A., Tejada, M., Matias, I.R., Fernandez Valdivielso, C.: Obligations: building a bridge between personal and enterprise privacy in pervasive computing. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 173–184. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  37. Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity in the Information Society. IFIP AICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  38. Antón, A.I., Earp, J.B., Reese, A.: Analyzing website privacy requirements using a privacy goal taxonomy. In: IEEE International Conference on Requirements Engineering, 23–31 (2002)

    Google Scholar 

  39. Antón, A.I.: Earp: a requirements taxonomy for reducing web site privacy vulnerabilities. Requirements Eng. 9(3), 169–185 (2004)

    Article  Google Scholar 

  40. Anton, A., Earp, J., Vail, M., Jain, N., Gheen, C., Frink, J.: HIPAA’s effect on web site privacy policies. IEEE Secur. Priv. 5(1), 45–52 (2007)

    Article  Google Scholar 

  41. Miyazaki, S., Mead, N., Zhan, J.: Computer-aided privacy requirements elicitation technique. In: IEEE Asia-Pacific Services Computing Conference (APSCC), pp. 367–372, December 2008

    Google Scholar 

  42. Casassa Mont, M.: Dealing with privacy obligations: important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  43. Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A “nutrition label” for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security. SOUPS 2009, pp. 4:1–4:12. ACM (2009)

    Google Scholar 

  44. Kelley, P.G., Cesca, L., Bresee, J., Cranor, L.F.: Standardizing privacy notices: an online study of the nutrition label approach. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. CHI 2010, pp. 1573–1582. ACM (2010)

    Google Scholar 

  45. Lobato, L., Fernandez, E., Zorzo, S.: Patterns to support the development of privacy policies. In: International Conference on Availability, Reliability and Security (ARES), pp. 744–749, March 2009

    Google Scholar 

  46. Jalali, S., Wohlin, C.: Systematic literature studies: database searches vs. backward snowballing. In: Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement. ESEM 2012, pp. 29–38. ACM (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. paluno - The Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany

    Rene Meis, Roman Wirtz & Maritta Heisel

Authors
  1. Rene Meis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roman Wirtz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maritta Heisel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rene Meis .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. University of Malaga, Málaga, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Meis, R., Wirtz, R., Heisel, M. (2015). A Taxonomy of Requirements for the Privacy Goal Transparency. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22906-5_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22905-8

  • Online ISBN: 978-3-319-22906-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation