LGPD and Software Requirements: Research Challenges and Opportunities
Abstract
Software requirements, whether functional or non-functional, are essential elements of Software Engineering, and present in the daily life of systems development projects. Elicitation and specification activities often involve development teams, clients, and access to data from institutions or companies. The LGPD appears as a way to protect data and individuals’ fundamental freedom and privacy rights. In this context, this work aims to present challenges and research opportunities for requirements and the LGPD, so that individuals have the protection of their data already incorporated into the software development process.
References
Alves, C. and Neves, M. (2021). Especificação de requisitos de privacidade em conformidade com a lgpd: Resultados de um estudo de caso. In WER21 - Workshop em Engenharia de Requisitos.
Araújo, E., Vilela, J., Silva, C., and Alves, C. (2021). Are my business process models compliant with lgpd? the lgpd4bp method to evaluate and to model lgpd aware business processes. In XVII Brazilian Symposium on Information Systems - SBSI (2021).
Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. lei geral de proteção de dados pessoais (lgpd).
Canedo, E. D., Calazans, A. T. S., Masson, E. T. S., Costa, P. H. T., and Lima, F. (2020). Perceptions of ict practitioners regarding software privacy. Entropy, 22(4).
Castro, E., Silva, G. R. S., and Canedo, E. D. (2022). Ensuring privacy in the application of the brazilian general data protection law (lgpd). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC ’22.
de Sá Sousa, H. P., Almentero, E. K., de Classe, T. M., dos Santos, R. J., and Leite, J. C. (2023). Uma abordagem baseada no catálogo de requisitos não funcionais para conformidade à lgpd. In WER23 - Workshop em Engenharia de Requisitos.
Ferreira, L., Okano, M. T., Aguiar, F., De Castro Lobo dos Santos, H., and Ursini, E. L. (2022). A panorama of the implementation of the general law for the protection of personal data (lgpd) in brazil: an exploratory survey. In 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), pages 0723–0729.
Kotonya, G. and Sommerville, I. (1998). Requirements engineering: processes and techniques. Wiley Publishing.
Menegazzi, D. and Silva, C. (2023). Conformidade com a lgpd por meio de requisitos de negócio e requisitos de solução. In WER23 - Workshop em Engenharia de Requisitos.
Mohan, S. and Chenoweth, S. (2011). Teaching requirements engineering to undergraduate students. In Proceedings of the 42nd ACM Technical Symposium on Computer Science Education, SIGCSE ’11, page 141–146, New York, NY, USA. Association for Computing Machinery.
Neves Camêlo, M. and Alves, C. (2023). G-priv: A guide to support lgpd compliant specification of privacy requirements. iSys - Brazilian Journal of Information Systems, 16(1):2:1 – 2.
Osada, A., Ozawa, D., Kaiya, H., and Kaijiri, K. (2007). The role of domain knowledge representation in requirements elicitation. In 25th IASTED International MultiConference Software Engineering, pages 84–92. Citeseer.
Rocha, L. D., Silva, G. R. S., and Dias Canedo, E. (2023). Privacy compliance in software development: A guide to implementing the lgpd principles. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, SAC ’23, page 1352–1361.
Saraiva, J. and Soares, S. (2023a). Adoption of the lgpd inventory in the user stories and bdd scenarios creation. In Proceedings of the XXXVII Brazilian Symposium on Software Engineering, SBES ’23, page 416–421.
Saraiva, J. and Soares, S. (2023b). Privacy and security documents for agile software engineering: An experiment of lgpd inventory adoption. In 2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM).
Araújo, E., Vilela, J., Silva, C., and Alves, C. (2021). Are my business process models compliant with lgpd? the lgpd4bp method to evaluate and to model lgpd aware business processes. In XVII Brazilian Symposium on Information Systems - SBSI (2021).
Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. lei geral de proteção de dados pessoais (lgpd).
Canedo, E. D., Calazans, A. T. S., Masson, E. T. S., Costa, P. H. T., and Lima, F. (2020). Perceptions of ict practitioners regarding software privacy. Entropy, 22(4).
Castro, E., Silva, G. R. S., and Canedo, E. D. (2022). Ensuring privacy in the application of the brazilian general data protection law (lgpd). In Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC ’22.
de Sá Sousa, H. P., Almentero, E. K., de Classe, T. M., dos Santos, R. J., and Leite, J. C. (2023). Uma abordagem baseada no catálogo de requisitos não funcionais para conformidade à lgpd. In WER23 - Workshop em Engenharia de Requisitos.
Ferreira, L., Okano, M. T., Aguiar, F., De Castro Lobo dos Santos, H., and Ursini, E. L. (2022). A panorama of the implementation of the general law for the protection of personal data (lgpd) in brazil: an exploratory survey. In 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), pages 0723–0729.
Kotonya, G. and Sommerville, I. (1998). Requirements engineering: processes and techniques. Wiley Publishing.
Menegazzi, D. and Silva, C. (2023). Conformidade com a lgpd por meio de requisitos de negócio e requisitos de solução. In WER23 - Workshop em Engenharia de Requisitos.
Mohan, S. and Chenoweth, S. (2011). Teaching requirements engineering to undergraduate students. In Proceedings of the 42nd ACM Technical Symposium on Computer Science Education, SIGCSE ’11, page 141–146, New York, NY, USA. Association for Computing Machinery.
Neves Camêlo, M. and Alves, C. (2023). G-priv: A guide to support lgpd compliant specification of privacy requirements. iSys - Brazilian Journal of Information Systems, 16(1):2:1 – 2.
Osada, A., Ozawa, D., Kaiya, H., and Kaijiri, K. (2007). The role of domain knowledge representation in requirements elicitation. In 25th IASTED International MultiConference Software Engineering, pages 84–92. Citeseer.
Rocha, L. D., Silva, G. R. S., and Dias Canedo, E. (2023). Privacy compliance in software development: A guide to implementing the lgpd principles. In Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, SAC ’23, page 1352–1361.
Saraiva, J. and Soares, S. (2023a). Adoption of the lgpd inventory in the user stories and bdd scenarios creation. In Proceedings of the XXXVII Brazilian Symposium on Software Engineering, SBES ’23, page 416–421.
Saraiva, J. and Soares, S. (2023b). Privacy and security documents for agile software engineering: An experiment of lgpd inventory adoption. In 2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM).
Published
2024-07-21
How to Cite
MOURA, Lucas Vieira de; COUTINHO, Emanuel.
LGPD and Software Requirements: Research Challenges and Opportunities. In: PROCEEDINGS OF WORKSHOP ON SOCIAL, HUMAN AND ECONOMIC ASPECTS OF SOFTWARE (WASHES), 9. , 2024, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 169-174.
ISSN 2763-874X.
DOI: https://doi.org/10.5753/washes.2024.2311.
