Advanced search
Publication Cover
European Journal of Information Systems Volume 33, 2024 - Issue 4
Submit an article Journal homepage
3,822
Views
6
CrossRef citations to date
0
Altmetric
Research Articles

Lawfulness by design – development and evaluation of lawful design patterns to consider legal requirements

Ernestine Dickhauta Information Systems, University of Kassel, Research Center for IS Design (ITeG), Kassel, GermanyCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-1946-4038View further author information
ORCID Icon,
Andreas Jansonb Institute of Information Management, University of St. Gallen, St Gallen, SwitzerlandCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0003-3149-0340View further author information
ORCID Icon,
Matthias Söllnerc Information Systems and Systems Engineering, University of Kassel, Research Center for IS Design (ITeG), Kassel, GermanyORCID Iconhttps://orcid.org/0000-0002-1347-8252View further author information
ORCID Icon &
Jan Marco Leimeistera Information Systems, University of Kassel, Research Center for IS Design (ITeG), Kassel, Germany;b Institute of Information Management, University of St. Gallen, St Gallen, SwitzerlandORCID Iconhttps://orcid.org/0000-0002-1990-2894View further author information
ORCID Icon
Pages 441-468 | Received 29 Oct 2021, Accepted 20 Jan 2023, Published online: 01 Mar 2023

References

  • Acquisti, A., Brandimarte, L., & Hancock, J. (2022). How privacy’s past may shape its future. Science (New York, NY), 375(6578), 270–272. https://doi.org/10.1126/science.abj0826
  • Ahrens, J., & Sankar, C. (1993). Tailoring database training for end users. MIS Quarterly, 17(4), 419–439. https://doi.org/10.2307/249586
  • Alexander, C. (1977). A pattern language: Towns, buildings, construction. Oxford University Press.
  • Alexander, C. (1979). The timeless way of building (24. print). Center for Environmental Structure series. Oxford University Press.
  • Aljeraisy, A., Barati, M., Rana, O., & Perera, C. (2021). Privacy laws and privacy by design schemes for the internet of things. ACM Computing Surveys, 54(5), 1–38. https://doi.org/10.1145/3450965
  • Almeida, P. G. R. D., Denner dos Santos, C., & Silva Farias, J. (2020). Artificial intelligence regulation: A meta-framework for formulation and governance. Proceedings of the 53rd Hawaii International Conference on System Sciences, Maui.
  • Avdiji, H., Elikan, D., Missonier, S., & Pigneur, Y. (2020). A design theory for visual inquiry tools. Journal of the Association for Information Systems, 21(3), 695–734. https://doi.org/10.17705/1jais.00617
  • Ayala-Rivera, V., & Pasquale, L. (2018). The grace period has ended: An approach to operationalize GDPR requirements. Proceedings - 2018 IEEE 26th International Requirements Engineering Conference, 136–146. https://doi.org/10.1109/re.2018.00023
  • Ayres, P., & Sweller, J. (2005). The split-attention principle in multimedia learning. The Cambridge Handbook of Multimedia Learning, 2, 135–146.
  • Barati, M., Petri, I., & Rana, O. F. (2019). Developing GDPR compliant user data policies for internet of things. Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing, Auckland, New Zealand, 133–141.
  • Baruh, L., Secinti, E., & Cemalcilar, Z. (2017). Online privacy concerns and privacy management: A meta-analytical review. The Journal of Communication, 67(1), 26–53. https://doi.org/10.1111/jcom.12276
  • Baskerville, R., Kaul, M., & Storey, V. C. (2015). Genres of inquiry in design-science research: justification and evaluation of knowledge production. MIS Quarterly, 39(3), 541–564. https://doi.org/10.25300/MISQ/2015/39.3.02
  • Baxter, D., Gao, J., Case, K., Harding, J., Young, B., Cochrane, S., & Dani, S. (2007). An engineering design knowledge reuse methodology using process modelling. Research in Engineering Design, 18(1), 37–48. https://doi.org/10.1007/s00163-007-0028-8
  • Becker, J., Heddier, M., Braeuer, S., & Knackstedt, R. (2014). Integrating regulatory requirements into information systems design and implementation. Thirty Fifth International Conference on Information Systems, Auckland 2014.
  • Beverungen, D., Müller, O., Matzner, M., Mendling, J., & Vom Brocke, J. (2019). Conceptualizing smart service systems. Electronic Markets, 29(1), 7–18. https://doi.org/10.1007/s12525-017-0270-5
  • Blind, K., Petersen, S. S., & Riillo, C. A. F. (2017). The impact of standards and regulation on innovation in uncertain markets. Research Policy, 46(1), 249–264. https://doi.org/10.1016/j.respol.2016.11.003
  • Borchers, J. (2002, April). Teaching HCI design patterns: Experience from two university courses. Patterns in practice: A workshop for UI designers (at CHI 2002 international conference on human factors of computing systems).
  • Büthe, T., & Mattli, W. (2013). The new global rulers: The privatization of regulation in the world economy (3. pr., 1. pbk. pr). Princeton Univ. Press.
  • Butler, T. (2017). Towards a standards-based technology architecture for RegTech. Journal of Financial Transformation, 45(1), 49–59. https://files.openpdfs.org/je1d4gbz5ob.pdf#page=49
  • Chandra Kruse, L., & Nickerson, J. V. (2018). Portraying design essence. HICSS, 4433–4442. https://doi.org/10.2139/ssrn.3039322
  • Chandra Kruse, L., Purao, S., & Seidel, S. (2022). How designers use design principles: design behaviors and application modes. Journal of the Association for Information Systems (JAIS), 23(5), 1235–1270. https://doi.org/10.17705/1jais.00759
  • Chandra Kruse, L., & Seidel, S. (2017). Tensions in design principle formulation and reuse. Designing the Digital Transformation DESRIST Research in Progress Proceedings of the 12th International Conference on Design Science Research in Information Systems and Technology, Karlsruhe, Germany, 180–188.
  • Chandra, L., Seidel, S., & Gregor, S. (2014). Prescriptive knowledge in is research: Conceptualizing design principles in terms of materiality, action, and boundary conditions. HICSS, 4039–4048. https://doi.org/10.1109/HICSS.2015.485
  • CMS Legal. (2021). GDPR Enforcement Tracker. Retrieved January 19, 2021.
  • Compagna, L., El Khoury, P., Krausová, A., Massacci, F., & Zannone, N. (2009). How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artificial Intelligence and Law, 17(1), 1–30. https://doi.org/10.1007/s10506-008-9067-3
  • Compeau, D., Marcolin, B., Kelley, H., & Higgins, C. (2012). Research Commentary—Generalizability of Information Systems Research Using Student Subjects—A Reflection on Our Practices and Recommendations for Future Research. Information Systems Research.
  • Cowan, B. R., Pantidi, N., Coyle, D., Morrissey, K., Clarke, P., Al-Shehri, S., Earley, D., & Bandeira, N. (2017). “What can i help you with?”: Infrequent users’ experiences of intelligent personal assistants. Association for Computing Machinery, 1–12. https://doi.org/10.1145/3098279.3098539
  • Dickhaut, E., Janson, A., Hevner, A. R., & Leimeister, J. M. (2023). Sharing design knowledge through codification in interdisciplinary DSR collaborations, Maui, Hawaii.
  • Dickhaut, E., Janson, A., & Leimeister, J. M. (2020). Codifying interdisciplinary design knowledge through patterns–the case of smart personal assistants. In15th International Conference on Design Science Research in Information Systems and Technology, DESRIST 2020, Kristiansand, Norway, December 2–4, 2020, Proceedings 15 (pp. 114–125). Springer International Publishing.
  • Doering, A., & Veletsianos, G. (2007). Multi-Scaffolding environment: An analysis of scaffolding and its impact on cognitive load and problem-solving ability. Journal of Educational Computing Research, 37(2), 107–129. https://doi.org/10.2190/Q58T-4388-8015-8141
  • Elshan, E., Engel, C., Ebel, P., & Siemon, D. (2022). Assessing the reusability of design principles in the realm of conversational agents. DESRIST, 13229, 128–141. https://doi.org/10.1007/978-3-031-06516-3_10
  • European Data Protection Board. (2021). Guidelines 02/2021 on Virtual Voice Assistants. https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2021/guidelines-022021-virtual-voice-assistants_de
  • European Union. (2018). General data protection regulation: (GDPR).
  • Figl, K. (2017). Comprehension of procedural visual business process models - a literature review. Business & Information Systems Engineering, 59(1), 41–67. https://doi.org/10.1007/s12599-016-0460-2
  • Ford, A., Al-Nemrat, A., Ghorashi, S. A., & Davidson, J. (2021). The impact of GDPR infringement fines on the market value of firms. ECCWS 2021-Proceeding of the 20th European Conference on Cyber Warfare and Security, 24–25. Academic Conferences International Limited. https://doi.org/10.34190/EWS.21.088
  • Furey, E., & Blue, J. (2018). Alexa, emotions, privacy and GDPR. Proceedings of the 32nd International BCS Human Computer Interaction Conference 32, 1–5. https://doi.org/10.14236/ewic/HCI2018.212
  • Gamma, E. (1995). Design patterns: elements of reusable object-oriented software. Pearson Education India.
  • Gamma, E., Helm, R., Johnson, R., & Vlissides, J. (1994). Design Patterns: Elements of Reusable Object Oriented Software. AddisonWesley Professional.
  • Garud, R. (1997). On the distinction between know-how, know-why, and know-what. Advances in Strategic Management, 14(14), 81–101.
  • Geradin, D., Karanikioti, T., & Katsifis, D. (2021). Gdpr Myopia: How a well-intended regulation ended up favouring large online platforms - the case of ad tech. European Competition Journal, 17(1), 47–92. https://doi.org/10.1080/17441056.2020.1848059
  • Gregor, S., Kruse, L., & Seidel, S. (2020). Research perspectives: The anatomy of a design principle. Journal of the Association for Information Systems, 21, 1622–1652. https://doi.org/10.17705/1jais.00649
  • Guerra, K., & Koh, C. (2019). Do legal systems affect the organizational consequences of IT innovation? Twenty-Fifth Americas Conference on Information Systems, Munich, Germany, Cancun.
  • Hadar, I., Hasson, T., Ayalon, O., Toch, E., Birnhack, M., Sherman, S., & Balissa, A. (2018). Privacy by designers: Software developers’ privacy mindset. Empirical Software Engineering, 23(1), 259–289. https://doi.org/10.1007/s10664-017-9517-1
  • Hauswald, J., Laurenzano, M. A., Zhang, Y., Li, C., Rovinski, A., Khurana, A., Dreslinski, R. G., Mudge, T., Petrucci, V., Tang, L., & Mars, J. (2015). Sirius: An open end-to-end voice and vision personal assistant and its implications for future warehouse scale computers. Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, 223–238. https://doi.org/10.1145/2694344.2694347
  • Heinrich, P., & Schwabe, G. (2014). Communicating nascent design theories on innovative information systems through multi-grounded design principles, Miami, FL, USA,148–163.
  • Hildebrandt, M., & Tielemans, L. (2013). Data protection by design and technology neutral law. Computer Law & Security Review, 29(5), 509–521. https://doi.org/10.1016/j.clsr.2013.07.004
  • Hoffmann, A., Schulz, T., Zirfas, J., Hoffmann, H., Roßnagel, A., & Leimeister, J. M. (2015). Legal compatibility as a characteristic of sociotechnical systems. Business & Information Systems Engineering, 57(2), 103–113. https://doi.org/10.1007/s12599-015-0373-5
  • Hsiao, I. -H., & Lopez, C. (2016). Lessons learned from students’ cheat sheets: Generic models for designing programming study guides. IEEE 16th International Conference on Advanced Learning Technologies (ICALT), Austin, TX, USA, 209–211.
  • Huth, D., Both, A., Ahmad, J., Sauer, G., Yilmaz, F., & Matthes, F. (2020). Process and tool support for integration of privacy aspects in agile software engineering. Americas Conference on Information Systems (AMCIS) Proceedings, Utah, USA.
  • Janson, A., Söllner, M., & Leimeister, J. M. (2020). Ladders for learning: Is scaffolding the key to teaching problem solving in technology-mediated learning contexts? Academy of Management Learning & Education, 19(4), 439–468. https://doi.org/10.5465/amle.2018.0078
  • Kalyuga, S. (2011). Cognitive load theory: How many types of load does it really need? Educational Psychology Review, 23(1), 1–19. https://doi.org/10.1007/s10648-010-9150-7
  • Kalyuga, S., Ayres, P., Chandler, P., & Sweller, J. (2009). The expertise reversal effect. Educational Psychologist, 38(1), 23–31. https://doi.org/10.1207/S15326985EP3801_4
  • Kirschner, P. A., Ayres, P., & Chandler, P. (2011). Contemporary cognitive load theory research: The good, the bad and the ugly. Computers in Human Behavior, 27(1), 99–105. https://doi.org/10.1016/j.chb.2010.06.025
  • Knackstedt, R., Heddier, M., & Becker, J. (2014). Conceptual modeling in law: An interdisciplinary research agenda. Communications of the Association, 34. https://doi.org/10.17705/1CAIS.03436
  • Knote, R., Janson, A., Söllner, M., & Leimeister, J. M. (2021). Value co-creation in smart services: A functional affordances perspective on smart personal assistants. Journal of the Association for Information Systems (JAIS), 22(2), 418–458. https://doi.org/10.17705/1jais.00667
  • Koukouletsos, K., Khazaei, B., Dearden, A., & Ozcan, M. (2009). Teaching usability principles with patterns and guidelines. https://doi.org/10.1007/978-0-387-89022-7_11
  • Laux, J., Wachter, S., & Mittelstadt, B. (2021). Taming the few: Platform regulation, independent audits, and the risks of capture created by the DMA and DSA. Computer Law & Security Review, 43, 105613. https://doi.org/10.1016/j.clsr.2021.105613
  • Lau, J., Zimmerman, B., & Schaub, F. (2018). Alexa, are you listening? Proceedings of the ACM on Human-Computer Interaction, 2(CSCW), 1–31. https://doi.org/10.1145/3274371
  • Legner, C., Pentek, T., & Otto, B. (2020). Accumulating design knowledge with reference models: Insights from 12 years’ research into data management. Journal of the Association for Information Systems (JAIS), 21(3), 735–770. https://doi.org/10.17705/1jais.00618
  • Li, H., Yu, L., & He, W. (2019). The impact of GDPR on global technology development. Journal of Global Information Technology Management, 22(1), 1–6. https://doi.org/10.1080/1097198X.2019.1569186
  • Lowry, P. B., Dinev, T., & Willison, R. (2017). Why security and privacy research lies at the centre of the information systems (IS) artefact: Proposing a bold research agenda. European Journal of Information Systems, 26(6), 546–563. https://doi.org/10.1057/s41303-017-0066-x
  • Malinova, M., & Mendling, J. (2013). The effect of process map design quality on process management success. ECIS. https://aisel.aisnet.org/ecis2013_cr/160
  • Martin, N., & Matt, C. (2018). Unblackboxing the effects of privacy regulation on startup innovation. Thirty Ninth International Conference on Information Systems, San Francisco, USA.
  • Maruping, L. M., & Matook, S. (2020). The evolution of software development orchestration: Current state and an agenda for future research. European Journal of Information Systems, 29(5), 443–457. https://doi.org/10.1080/0960085X.2020.1831834
  • McLeod, L., & MacDonell, S. G. (2011). Factors that affect software systems development project outcomes. ACM Computing Surveys, 43(4), 1–56. https://doi.org/10.1145/1978802.1978803
  • Medina-Borja, A. (2015). Editorial Column—Smart things as service providers: A call for convergence of disciplines to build a research agenda for the service systems of the future. Service Science, 7(1), ii–v. https://doi.org/10.1287/serv.2014.0090.
  • Nonaka, I., & Toyama, R. (2003). The knowledge-creating theory revisited: Knowledge creation as a synthesizing process. Knowledge Management Research & Practice, 1(1), 2–10. https://doi.org/10.1057/palgrave.kmrp.8500001
  • Osterwalder, A., & Pigneur, Y. (2013). Designing business models and similar strategic objects: The Contribution of IS. Journal of the Association for Information Systems, 14(5), 237–244. https://doi.org/10.17705/1jais.00333
  • Paas, F., & van Gog, T. (2006). Optimising worked example instruction: Different ways to increase germane cognitive load. Learning and Instruction, 16(2), 87–91. https://doi.org/10.1016/j.learninstruc.2006.02.004
  • Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of Management Information Systems, 24(3), 45–77. https://doi.org/10.2753/MIS0742-1222240302
  • Petit, N. (2021). The Proposed Digital Markets Act (DMA): A legal and policy review. Journal of European Competition Law & Practice, 12(7), 529–541. https://doi.org/10.1093/jeclap/lpab062
  • Petter, S., Khazanchi, D., & Murphy, J. D. (2010). A design science based evaluation framework for patterns. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 41(3), 9–26. https://doi.org/10.1145/1851175.1851177
  • Peukert, C., Bechtold, S., Batikas, M., & Kretschmer, T. (2022). Regulatory spillovers and data governance: Evidence from the GDPR. Marketing Science, 41(4), 746–768. Article mksc.2021.1339. Advance online publication. https://doi.org/10.1287/mksc.2021.1339
  • Pordesch, V., Roßnagel, A., & Schneider, M. (1999). Simulation study mobile and secure communication in healthcare. DuD, 23(2), 76–80.
  • PricewaterhouseCoopers. (2017). Pulse survey: US companies ramping up General Data Protection Regulation (GDPR) budgets. https://www.Pwc.Com/us/en/press-Releases/2017/pwc-Gdpr-Compliance-Press-Release.Html.
  • Reiser, B. J. (2004). Scaffolding complex learning: The mechanisms of structuring and problematizing student work. Journal of the Learning Sciences, 13(3), 273–304. https://doi.org/10.1207/s15327809jls1303_2
  • Roßnagel, A., & Schuldt, M. 2013. The simulation study as a method of evaluating socially acceptable technology design. Springer, Cham.
  • Rothe, H., Wessel, L., & Barquet, A. P. (2020). Accumulating design knowledge: A mechanisms-based approach. Journal of the Association for Information Systems, 21(3), 771–810. https://doi.org/10.17705/1jais.00619
  • Saqr, M. (2022). Is GDPR failing? a tale of the many challenges in interpretations, applications, and enforcement. International Journal of Health Sciences, 16(5), 1–2. https://ijhs.org.sa/index.php/journal/article/download/7339/1118
  • Schmitt, A., Zierau, N., Janson, A., & Leimeister, J. M. (2021). Voice as a contemporary frontier of interaction design. ECIS 2021 Proceedings, Marrakech, Morocco.
  • Schoormann, T., Möller, F., & Hansen, M. R. P. (2021). How do researchers (re-)use design principles: An inductive analysis of cumulative research, Kristiansand, Norway, 188–194.
  • Security Week. (2020). Zoom’s security and privacy woes violated GDPR, expert says. https://www.Securityweek.Com.
  • Seidel, S., Chandra Kruse, L., Székely, N., Gau, M., Stieger, D., Peffers, K., Tuunanen, T., Niehaves, B., & Lyytinen, K. (2018). Design principles for sensemaking support systems in environmental sustainability transformations. European Journal of Information Systems, 27(2), 221–247. https://doi.org/10.1057/s41303-017-0039-0
  • Siena, A., Mylopoulos, J., Perini, A., & Susi, A. (2009). Designing law-compliant software requirements. International Conference on Conceptual Modeling, 472–486. https://doi.org/10.1007/978-3-642-04840-1_35
  • Smith, H. A., & McKeen, J. D. 2006. Developments in Practice XXI: IT in the New World of Corporate Governance Reforms. Communications of the Association for Information Systems, 17. https://doi.org/10.17705/1CAIS.01732.
  • Spiekermann, S. (2012). The challenges of privacy by design. Communications of the ACM, 55(7), 38–40. https://doi.org/10.1145/2209249.2209263
  • Sweller, J. (1988). Cognitive load during problem solving: Effects on learning. Cognitive science, 12(2), 257–285. https://doi.org/10.1207/s15516709cog1202_4
  • Sweller, J., van Merrienboer, J. J. G., Paas, F., & C, G. W. (1998). Cognitive architecture and instructional design. Educational Psychology Review, 10(3), 251–296. https://doi.org/10.1023/A:1022193728205
  • Taylor, P. R. (2001). Patterns as software design canon. ACIS 2001 Proceedings, 65.
  • Tuunanen, T., & Holmström, J. (2021). Incremental accumulation of information systems design theory. https://doi.org/10.1007/978-3-030-84655-8_10
  • Tuunanen, T., Salo, M., & Li, F. (2022). Modular service design of information technology-enabled services. Journal of Service Research, 109467052210827. https://doi.org/10.1177/10946705221082775
  • van Aken, J. E. (2005). Valid knowledge for the professional design of large and complex design processes. Design Studies, 26(4), 379–404. https://doi.org/10.1016/j.destud.2004.11.004
  • Vanberg, A. D. (2021). Informational privacy post GDPR – end of the road or the start of a long journey? The International Journal of Human Rights, 25(1), 52–78. https://doi.org/10.1080/13642987.2020.1789109
  • van der Sype, Y. S., & Maalej, W. (2014). On lawful disclosure of personal user data: What should app developers do? RELAW, 25–34. https://doi.org/10.1109/relaw.2014.6893479
  • Vaujany, F. -X.D., Fomin, V. V., Haefliger, S., & Lyytinen, K. (2018). Rules, practices, and information technology: A Trifecta of organizational regulation. Information Systems Research, 29(3), 755–773. https://doi.org/10.1287/isre.2017.0771
  • Väyrynen, K., & Lanamäki, A. (2020). Policy ambiguity and regulative legitimacy of technology: Legal indeterminacy as result of an ambiguous taximeter regulation. Forty-First International Conference on Information Systems, Hyderabad, India, India.
  • Venable, J., Pries-Heje, J., & Baskerville, R. (2016). FEDS: A framework for evaluation in design science research. European Journal of Information Systems, 25(1), 77–89. https://doi.org/10.1057/ejis.2014.36
  • Vom Brocke, J., Winter, R., Hevner, A., & Maedche, A. (2020). Special issue editorial –accumulation and evolution of design knowledge in design science research: A journey through time and space. Journal of the Association for Information Systems, 23(3), 9–49. https://doi.org/10.17705/1jais.00611
  • Walls, J. G., Widmeyer, G. R., & El Sawy, O. A. (1992). Building an information system design theory for vigilant EIS. Information Systems Research, 3(1), 36–59. https://doi.org/10.1287/isre.3.1.36
  • Wang, Z., Sundin, L., Murray-Rust, D., & Bach, B. (2020). Cheat sheets for data visualization techniques, Atlanta, USA, 1–13.
  • Wania, C. (2019). Exploring design patterns as evaluation tools in human computer interaction education. MWAIS, 9.
  • Weick, K. E. (2010). Sensemaking in organizations [Nachdr.]. foundations for organizational science. Sage Publ.
  • Yskout, K., Scandariato, R., & Joosen, W. (2015). Do security patterns really help designers? International Conference on Software Engineering, Florence, Italia, 292–302.
  • Zahedi, M., & Babar, M. A. (2014). Knowledge sharing for common understanding of technical specifications through artifactual culture. EASE. Advance online publication. https://doi.org/10.1145/2601248.2601293

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.