Towards a Goal-Centric Assessment of Requirements Engineering Methods for Privacy by Design
Oleksandr Kosenkov, Ehsan Zabardast, Jannik Fischbach, Tony Gorschek, Daniel Mendez
TL;DR
This paper proposes a goal-centric framework for assessing requirements engineering methods for Privacy by Design, aiming to better align RE practices with organizational goals in GDPR compliance.
Contribution
It introduces a novel goal-centric assessment approach for RE methods in PbD, validated through literature review, interviews, and practitioner feedback.
Findings
Practitioners do not approach PbD systematically.
RE methods should be assessed against organizational goals.
The approach can support development and selection of RE practices.
Abstract
Implementing privacy by design (PbD) according to the General Data Protection Regulation (GDPR) is met with a growing number of requirements engineering (RE) approaches. However, the question of which RE method for PbD fits best the goals of organisations remains a challenge. We report our endeavor to close this gap by synthesizing a goal-centric approach for PbD methods assessment. We used literature review, interviews, and validation with practitioners to achieve the goal of our study. As practitioners do not approach PbD systematically, we suggest that RE methods for PbD should be assessed against organisational goals, rather than process characteristics only. We hope that, when further developed, the goal-centric approach could support the development, selection, and tailoring of RE practices for PbD.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy, Security, and Data Protection · Information and Cyber Security · Advanced Malware Detection Techniques