Editorial Note: An Introduction to the EQPAM Special Issue on Legal Requirements for Complex Sociotechnical Systems

This Special Issue of the European Quarterly of Political Attitudes and Mentalities (EQPAM) presents a collection of papers contributing to the understanding of the increasingly relevant topic of legal requirements analysis and engineering in complex sociotechnical contexts, with an eye to the complex intertwining between law and technological systems development and implementation for the public service provision

Legal compliance through design : preliminary results of a literature survey

Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TERECOM 2018), Groningen, The Netherlands, December 12, 2018.In this paper we present the preliminary results of a literature survey conducted in the context of a larger research project on legal compliance by design (LCbD) and legal compliance through design (LCtD). Even though a rich set of approaches and frameworks are available, our analysis shows that there is less focus on legal compliance in general, and LCbD and LCtD in particular. The technical literature on compliance has been concentrated on specific aspects of the law, i.e. mainly on those related to corporate and administrative management (including those of law firms and government). Other legal dimensions such as public law, case law, constitutional, virtual ethics etc., have been put aside

Ontological support for managing non-functional requirements in pervasive healthcare

We designed and implemented an ontological solution which makes provisions for choosing adequate devices/sensors for remote monitoring of patients who are suffering from post-stroke health complications. We argue that non-functional requirements in pervasive healthcare systems can be elicited and managed through semantics stored in ontological models and reasoning created upon them. Our contribution is twofold: we enrich the elicitation process and specification of non-functional requirements within the requirements engineering discipline and we address the pervasiveness of healthcare software systems through the way of choosing devices embedded in them and users expectations in terms of having access to pervasive services personalized to their needs

Legislative Compliance Assessment: Framework, Model and GDPR Instantiation

Legislative compliance assessment tools are commonly used by companies to help them to understand their legal obligations. One of the primary limitations of existing tools is that they tend to consider each regulation in isolation. In this paper, we propose a flexible and modular compliance assessment framework that can support multiple legislations. Additionally, we describe our extension of the Open Digital Rights Language (ODRL) so that it can be used not only to represent digital rights but also legislative obligations, and discuss how the proposed model is used to develop a flexible compliance system, where changes to the obligations are automatically reflected in the compliance assessment tool. Finally, we demonstrate the effectiveness of the proposed approach through the development of a General Data Protection Regulatory model and compliance assessment too

Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey

1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD

A social and technical sustainability requirements catalogue

Isabel Sofia Brito is a Coordinator Professor at Polytechnic Institute of Beja, Portugal, and a member of the Centre of Technology and Systems (CTS-UNINOVA). Her main research interests are Requirements Engineering and Sustainability Requirements, Model and Data-Driven Development, Multi-Criteria Decision Making and, Big Data. She has published several papers on these topics. She has been involved in several national and international research projects (e.g., COMPETISOF, Petri-Rig, U-Bike Project). Currently, she is involved in the international applied research project HIBA—Hub Iberia Agrotech, an initiative funded by Digital Innovation Hub (DIH) and “Portugal INCoDe.2030”. She is or was involved as organiser, conference chair and program committee member in several international conferences (e.g., IEEE RE, ACM SAC, CISTI, QUATIC, CIbSE, ICT4S) and in several smaller and regional ones. Publisher Copyright: © 2022 The Author(s)Climate change calls for action from all sectors of our global economy, including ICT. Therefore, it is important to change the way we develop software to address the challenges posed by sustainability. Our goal is to contribute with a reusable sustainability requirements catalogue that helps developers be aware of sustainability-related properties worth considering during software development. The information for this catalogue was gathered via a systematic mapping study, whose results were synthesised in feature models and then modelled using iStar for a more expressive and configurable representation. A qualitative evaluation of the catalogue's readability, interest, utility, and usefulness by 50 participants from the domain, showed that around 79% of the respondents found the catalogue “Good” or “Very Good”. However, more than 5% of the expert participants found weaknesses regarding most of the evaluated questions and around 25% are neutral in their overall evaluation. This led us to evolve the initial version of the catalogue for the social and technical dimensions of sustainability to improve its completeness and usefulness. This is achieved by aligning the information gathered in the systematic mapping study with the well-established quality model of the ISO/IEC 25010:2011, as we expect most of the experts are familiar with those qualities and respective hierarchies. During this process, we found information that led us to propose two additional qualities that were not covered by the ISO standard: fairness and legislation. We applied this evolved version of the catalogue to the U-Bike project comparing the requirements elicited without the catalogue with those identified using the catalogue. The result suggests that new sustainability requirements were worth considering from a sustainability point of view, supporting the usefulness of the catalogue.publishersversionpublishe

Perceptions of ICT practitioners regarding software privacy

During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required