Qualifying and measuring transparency: A medical data system case study

Dayana Spagnuelo; Cesare Bartolini; Gabriele Lenzini

doi:10.1016/j.cose.2020.101717

Qualifying and measuring transparency: A medical data system case study

Dayana Spagnuelo^*, Cesare Bartolini, Gabriele Lenzini

^*Corresponding author for this work

Business Web and Media

Research output: Contribution to Journal › Article

Abstract

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency in a service. We address this problem. We discuss and define applicable metrics for transparency, propose how a measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system.

Original language	English
Article number	101717
Pages (from-to)	1-20
Number of pages	20
Journal	Computers & Security
Volume	91
Early online date	10 Jan 2020
DOIs	https://doi.org/10.1016/j.cose.2020.101717
Publication status	Published - 1 Apr 2020

Fingerprint

Keywords

GDPR
Measurement
Medical data system
Metric
Requirement engineering
Transparency

Cite this

Spagnuelo, D., Bartolini, C., & Lenzini, G. (2020). Qualifying and measuring transparency: A medical data system case study. Computers & Security, 91, 1-20. [101717]. https://doi.org/10.1016/j.cose.2020.101717

@article{0c36913adf0448899c8b4bdaae34a06b,

title = "Qualifying and measuring transparency: A medical data system case study",

abstract = "Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency in a service. We address this problem. We discuss and define applicable metrics for transparency, propose how a measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system.",

keywords = "GDPR, Measurement, Medical data system, Metric, Requirement engineering, Transparency",

author = "Dayana Spagnuelo and Cesare Bartolini and Gabriele Lenzini",

year = "2020",

month = "4",

day = "1",

doi = "10.1016/j.cose.2020.101717",

language = "English",

volume = "91",

pages = "1--20",

journal = "Computers & Security",

issn = "0167-4048",

}

TY - JOUR

T1 - Qualifying and measuring transparency

T2 - A medical data system case study

AU - Spagnuelo, Dayana

AU - Bartolini, Cesare

AU - Lenzini, Gabriele

PY - 2020/4/1

Y1 - 2020/4/1

N2 - Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency in a service. We address this problem. We discuss and define applicable metrics for transparency, propose how a measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system.

AB - Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency in a service. We address this problem. We discuss and define applicable metrics for transparency, propose how a measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system.

KW - GDPR

KW - Measurement

KW - Medical data system

KW - Metric

KW - Requirement engineering

KW - Transparency

UR - http://www.scopus.com/inward/record.url?scp=85079545276&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85079545276&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2020.101717

DO - 10.1016/j.cose.2020.101717

M3 - Article

VL - 91

SP - 1

EP - 20

JO - Computers & Security

JF - Computers & Security

SN - 0167-4048

M1 - 101717

ER -

Access to Document

10.1016/j.cose.2020.101717