How does the Brazilian requirements engineering research community approach the right to personal data privacy?
Abstract
Several primary studies investigate how to implement the legal precepts of the General Data Protection Law (LGPD) in Requirements Engineering (RE) activities. However, analyzing and contrasting the results of these studies builds a more comprehensive understanding of how the RE research community approaches the right to data privacy. Through a systematic mapping protocol, this paper maps 20 primary studies in terms of RE products and activities, experimentation, and challenges in the adoption of LGPD in the RE process.References
Alves, C. and Neves, M. (2021). Especificação de requisitos de privacidade em conformidade com a LGPD: Resultados de um estudo de caso. In Workshop on Requirements Engineering, pages 1–14.
Andrade, V. C. et al. (2023). Personal data privacy in software development processes: A practitioner’s point of view. In IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, pages 2727–2734. IEEE.
Andrade, V. C. et al. (2024). Privacy in practice: Exploring concrete relationships between privacy patterns and privacy by design principles in software engineering. In Congresso Ibero-Americano em Engenharia de Software, pages 271–285.
Basili, V. R. and Weiss, D. M. (1984). A methodology for collecting valid software engineering data. IEEE Transactions on software engineering, (6):728–738.
Brasil (2018). Lei nº 13.709 de 14 de agosto de 2018. Diário Oficial da República Federativa do Brasil.
Camêlo, M. N. and Alves, C. (2023). G-priv: Um guia para apoiar a especificação de requisitos de privacidade em conformidade com a LGPD. iSys - Brazilian Journal of Information Systems, 16(1):2–1.
Cançado, E. C. R. et al. (2022). Exploring user-centered requirements validation and verification techniques in a social inclusion context. In 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS, pages 85–92.
Canedo, E. D. et al. (2021). Agile teams’ perception in privacy requirements elicitation: LGPD’s compliance in brazil. In 29th International Requirements Engineering Conference, pages 58–69. IEEE.
Canedo, E. D. et al. (2022). Guidelines adopted by agile teams in privacy requirements elicitation after the brazilian general data protection law (LGPD) implementation. Requirements Engineering, 27(4):545–567.
Carneiro, C. G. d. M. et al. (2024a). Evaluating privacy requirement patterns based on the brazilian general personal data protection law. In XXIII Brazilian Symposium on Software Quality, pages 114–124.
Carneiro, C. G. d. M. et al. (2024b). Um método para transformação de requisitos legais em padrões de requisitos de software: Um estudo com a LGPD. In Congresso Ibero-Americano em Engenharia de Software (CIbSE), pages 348–355.
Castro, E. T. V. d. et al. (2022). Ensuring privacy in the application of the brazilian general data protection law (LGPD). In 37th ACM/SIGAPP Symposium on Applied Computing, pages 1228–1235.
Elger, E. and Santander, V. A. (2024). A engenharia de requisitos e a lei geral de proteção de dados (LGPD): Uma revisão sistemática da literatura. In Congresso Latino-Americano de Software Livre e Tecnologias Abertas (Latinoware), pages 1–10.
Ferrão, S. É. R. et al. (2024). Towards a taxonomy of privacy requirements based on the LGPD and iso/iec 29100. Information and Software Technology, 168:107396.
Frej, M. et al. (2024). Um sistema web para auxiliar soluções na conformidade com a LGPD. In XXXVIII Simpósio Brasileiro de Engenharia de Software, pages 713–719.
Kitchenham, B. A. and Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Technical Report EBSE 2007-001, Keele University and Durham University Joint Report.
Moura, L. V. d. and Coutinho, E. (2024). LGPD e requisitos de software: Desafios e oportunidades de pesquisa. In Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software, pages 169–174.
Neitzke, C. et al. (2023). Enhancing LGPD compliance: Evaluating a checklist for LGPD quality attributes within a government office. In XXII Brazilian Symposium on Software Quality, pages 218–227.
Oliveira, S. K. M. d. et al. (2024). LGPD e guias de adequação à lei: uma revisão sistemática da literatura. Repositório IFPE, pages 1–32.
Parlamento Europeu and Conselho da União Europeia (2016). General data protection regulation. COM/2012/010 final – 2012/0010 (COD).
Petersen, K. et al. (2015). Guidelines for conducting systematic mapping studies in software engineering. Inf. Softw. Technol., 64(C):1–18.
Ribeiro, J. P. and Garcés, L. (2023). Especificação de requisitos de design de software para sistemas de iot conforme a LGPD: Resultados de aplicação em um sistema de assistência para pacientes com diabetes mellitus. In Simpósio Brasileiro de Computação Aplicada à Saúde, pages 37–42.
Saraiva, J. et al. (2024a). Desafios de compliance da LGPD: Implantação na indústria de software brasileira. In IX Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software, pages 193–198.
Saraiva, J. et al. (2024b). Ensino da adequação à LGPD no desenvolvimento de software através da aprendizagem ativa e centrada no discente. In Simpósio Brasileiro de Educação em Computação, pages 204–213.
Saraiva, J. and Soares, S. (2023a). Adoption of the LGPD inventory in the user stories and bdd scenarios creation. In XXXVII Brazilian Symposium on Software Engineering, pages 416–421.
Saraiva, J. and Soares, S. (2023b). Privacy and security documents for agile software engineering: An experiment of LGPD inventory adoption. In ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, pages 1–9.
Silva, M. d. et al. (2023). Applying semiotic engineering in game pre-production to promote reflection on player privacy. In International Conference on Information Technology & Systems, pages 159–169. Springer.
Silva, P. H. d. et al. (2022a). Framework for the development of computational solutions for the support of requirements engineering with a focus on data protection. In XXXVI Brazilian Symposium on Software Engineering, pages 419–424.
Silva, P. H. d. et al. (2022b). How has requirements engineering supported data protection? In 2022 XVLIII Latin American Computer Conference (CLEI), pages 1–8. IEEE.
Washizaki, H. (2024). Guide to the software engineering body of knowledge (swebok guide), version 4.0. IEEE Computer Society, Waseda University, Japan.
Wohlin, C. et al. (2012). Experimentation in software engineering, volume 236. Springer.
Andrade, V. C. et al. (2023). Personal data privacy in software development processes: A practitioner’s point of view. In IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, pages 2727–2734. IEEE.
Andrade, V. C. et al. (2024). Privacy in practice: Exploring concrete relationships between privacy patterns and privacy by design principles in software engineering. In Congresso Ibero-Americano em Engenharia de Software, pages 271–285.
Basili, V. R. and Weiss, D. M. (1984). A methodology for collecting valid software engineering data. IEEE Transactions on software engineering, (6):728–738.
Brasil (2018). Lei nº 13.709 de 14 de agosto de 2018. Diário Oficial da República Federativa do Brasil.
Camêlo, M. N. and Alves, C. (2023). G-priv: Um guia para apoiar a especificação de requisitos de privacidade em conformidade com a LGPD. iSys - Brazilian Journal of Information Systems, 16(1):2–1.
Cançado, E. C. R. et al. (2022). Exploring user-centered requirements validation and verification techniques in a social inclusion context. In 24th International Conference on Enterprise Information Systems - Volume 1: ICEIS, pages 85–92.
Canedo, E. D. et al. (2021). Agile teams’ perception in privacy requirements elicitation: LGPD’s compliance in brazil. In 29th International Requirements Engineering Conference, pages 58–69. IEEE.
Canedo, E. D. et al. (2022). Guidelines adopted by agile teams in privacy requirements elicitation after the brazilian general data protection law (LGPD) implementation. Requirements Engineering, 27(4):545–567.
Carneiro, C. G. d. M. et al. (2024a). Evaluating privacy requirement patterns based on the brazilian general personal data protection law. In XXIII Brazilian Symposium on Software Quality, pages 114–124.
Carneiro, C. G. d. M. et al. (2024b). Um método para transformação de requisitos legais em padrões de requisitos de software: Um estudo com a LGPD. In Congresso Ibero-Americano em Engenharia de Software (CIbSE), pages 348–355.
Castro, E. T. V. d. et al. (2022). Ensuring privacy in the application of the brazilian general data protection law (LGPD). In 37th ACM/SIGAPP Symposium on Applied Computing, pages 1228–1235.
Elger, E. and Santander, V. A. (2024). A engenharia de requisitos e a lei geral de proteção de dados (LGPD): Uma revisão sistemática da literatura. In Congresso Latino-Americano de Software Livre e Tecnologias Abertas (Latinoware), pages 1–10.
Ferrão, S. É. R. et al. (2024). Towards a taxonomy of privacy requirements based on the LGPD and iso/iec 29100. Information and Software Technology, 168:107396.
Frej, M. et al. (2024). Um sistema web para auxiliar soluções na conformidade com a LGPD. In XXXVIII Simpósio Brasileiro de Engenharia de Software, pages 713–719.
Kitchenham, B. A. and Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Technical Report EBSE 2007-001, Keele University and Durham University Joint Report.
Moura, L. V. d. and Coutinho, E. (2024). LGPD e requisitos de software: Desafios e oportunidades de pesquisa. In Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software, pages 169–174.
Neitzke, C. et al. (2023). Enhancing LGPD compliance: Evaluating a checklist for LGPD quality attributes within a government office. In XXII Brazilian Symposium on Software Quality, pages 218–227.
Oliveira, S. K. M. d. et al. (2024). LGPD e guias de adequação à lei: uma revisão sistemática da literatura. Repositório IFPE, pages 1–32.
Parlamento Europeu and Conselho da União Europeia (2016). General data protection regulation. COM/2012/010 final – 2012/0010 (COD).
Petersen, K. et al. (2015). Guidelines for conducting systematic mapping studies in software engineering. Inf. Softw. Technol., 64(C):1–18.
Ribeiro, J. P. and Garcés, L. (2023). Especificação de requisitos de design de software para sistemas de iot conforme a LGPD: Resultados de aplicação em um sistema de assistência para pacientes com diabetes mellitus. In Simpósio Brasileiro de Computação Aplicada à Saúde, pages 37–42.
Saraiva, J. et al. (2024a). Desafios de compliance da LGPD: Implantação na indústria de software brasileira. In IX Workshop sobre Aspectos Sociais, Humanos e Econômicos de Software, pages 193–198.
Saraiva, J. et al. (2024b). Ensino da adequação à LGPD no desenvolvimento de software através da aprendizagem ativa e centrada no discente. In Simpósio Brasileiro de Educação em Computação, pages 204–213.
Saraiva, J. and Soares, S. (2023a). Adoption of the LGPD inventory in the user stories and bdd scenarios creation. In XXXVII Brazilian Symposium on Software Engineering, pages 416–421.
Saraiva, J. and Soares, S. (2023b). Privacy and security documents for agile software engineering: An experiment of LGPD inventory adoption. In ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, pages 1–9.
Silva, M. d. et al. (2023). Applying semiotic engineering in game pre-production to promote reflection on player privacy. In International Conference on Information Technology & Systems, pages 159–169. Springer.
Silva, P. H. d. et al. (2022a). Framework for the development of computational solutions for the support of requirements engineering with a focus on data protection. In XXXVI Brazilian Symposium on Software Engineering, pages 419–424.
Silva, P. H. d. et al. (2022b). How has requirements engineering supported data protection? In 2022 XVLIII Latin American Computer Conference (CLEI), pages 1–8. IEEE.
Washizaki, H. (2024). Guide to the software engineering body of knowledge (swebok guide), version 4.0. IEEE Computer Society, Waseda University, Japan.
Wohlin, C. et al. (2012). Experimentation in software engineering, volume 236. Springer.
Published
2025-07-20
How to Cite
PORTILHO, Filipe J.; G. NETO, Valdemar V.; CARNEIRO, Cinara G. M.; BULCÃO-NETO, Renato F..
How does the Brazilian requirements engineering research community approach the right to personal data privacy?. In: PROCEEDINGS OF WORKSHOP ON SOCIAL, HUMAN AND ECONOMIC ASPECTS OF SOFTWARE (WASHES), 10. , 2025, Maceió/AL.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 72-84.
ISSN 2763-874X.
DOI: https://doi.org/10.5753/washes.2025.8320.
