2019 IEEE 27th International Requirements Engineering Conference (RE)
Towards Integrating Human Values into Software: Mapping Principles and Rights of GDPR to Values
Harsha Perera, Waqar Hussain, Davoud Mougouei, Rifat Ara Shams, Arif Nurwidyantoro and Jon Whittle Faculty of Information Technology
Monash University
Clayton, Victoria, Australia
{harsha.perera, waqar.hussain, davoud.mougouei, rifat.shams, arif.nurwidyantoro, jon.whittle}@monash.edu
Abstract—Software has become an integral part of human life. This gives rise to the need of developing software that respects human values such as transparency, fairness and privacy. Software that compromises on human values (e.g. privacy) can affect people’s reputation and impinges on their ability to function in society with the usual freedom and autonomy. Integrating human values into software is, however, a challenging task due to its imprecise and subjective nature. Enforcing regulations is one way to make software development considerate of the desired standards and values. The European Union’s General Data Protection Regulation (GDPR) on software is one such effort to protect EU citizens’ data and personal information. GDPR prescribes data protection principles and data subject rights mainly to protect user privacy. Looking beyond privacy, we studied GDPR to identify the extent to which it covers human values. We mapped GDPR’s data protection principles and data subject rights to a widely accepted human values structure adopted from social sciences. Our results show that GDPR addresses not only privacy but also several other human values including power, security and universalism. Moreover, fairness and transparency stand out as the most value-conscious principles prescribed in GDPR.
Keywords – Human Values, GDPR, Software Requirement
I. INTRODUCTION
Software is an integral part of individuals as well as society. As a part of human life, it is required for the software to be reflected for human values such as privacy, equality, social justice and freedom. On the other hand, software that fails to account for human values can cause unfavourable incidents: from losing billions of profits for companies to loss of invaluable human lives. For example, Cambridge Analytica harvested 50 million Facebook profiles without the authoriza- tion of their owners to gain a political advantage [1]. This Facebook-Cambridge Analytica Scandal has cost $119 bn for Facebook —the biggest ever one-day drop in a company’s mar- ket value [2]— and also the loss of reputation and trust of its users. As another example, Instagram was recently accused of being partially responsible for the suicide of a British teenager. The responsibility of Instagram has been questioned as in her image-feed, the victim had been served with self-harming images that are ‘normalized’ among any other interest such as sports or music [3]. The aforementioned examples and other incidents regarding software discrimination noted by Galhotra et al. [4] express the importance and urgency of integrating human values into the software.
A small subset of human values which has a moral connota- tion (privacy, fairness) or related to software quality (security, reliability) has been explored for years in SE. Unfortunately, the majority of the other human values (social justice, self- reliant, capable, honesty, trust, freedom and so on) are hardly found in SE research and practice. Engineering human values into software is, however, challenging due to their ill-defined nature in the software context. For example, if you identify trust as a value to be embedded into your software, how would you transform it into requirements, designs, features, qualities and at the end to a piece of code? Mougouei et al. have identified this challenge as a lack of ‘practical definitions’ to human values in software engineering [5]. Furthermore, Barn et al. state “[values] have not yet successfully been translated into current software engineering practice” [6].
Software regulation is an instrument introduced to bind software development to different obligations such as safety standards in safety-critical software used in certain airborne systems through DO-178c [7], safeguard health information through HIPPA like legislation [8], etc. Some of these reg- ulations are orientated towards human values such as safety, security or privacy. Recently, the European Union (EU) has introduced the General Data Protection Regulation (GDPR) to ensure EU citizens’ user privacy.
Moreover, GDPR proposes data protection principles and data subject rights as a guide to implement the adequate levels of user privacy in software. For instance, storage limitation is one of the data protection principles which prescribes not to keep user data longer than it needs. Principle storage limitation links to the right to erasure, one of the data subject rights. This right allows users to request for the erasure of their data when ‘the personal data are no longer necessary’ or ‘consent has been withdrawn’ or ‘data have been unlawfully processed’ and so on. Thus, GDPR helps to decompose a high-level idea such as privacy to more definable software requirements.
Human values are interrelated and affected by each other [9], [10]. As GDPR guides software to define and integrate privacy, we hypothesise that GDPR can also be used to better define other human values in a software context. Consider trust as an example, users’ trust of a software system depends on the level of transparency the system demonstrates. Transparency is one of the data protection principles in GDPR. To achieve transparency, GDPR prescribes several
2332-6441/19/$31.00 ©2019 IEEE 404 DOI 10.1109/RE.2019.00053
Authorized licensed use limited to: University of Wollongong. Downloaded on October 13,2020 at 04:49:41 UTC from IEEE Xplore. Restrictions apply.
mechanisms such as ‘informing the purpose of data processing at the time of data collection’, ‘allow users to obtain a copy of personal data with data controllers’, ‘allow users to rectify inaccurate data without any delay’ and so on. This decomposition shows that GDPR helps software practitioners to better understand not only privacy but also trust in software development.
Motivated by this phenomenon, we studied GDPR with the main intention of identifying the extent to which it covers basic human values. We interpreted the principles of GDPR using the rights of GDPR. Then we mapped these principles to human values identified in Schwartz theory of basic hu- man values – a widely accepted values structure from social sciences [11], [12]. Our results show that GDPR addresses a broader range of values found in Schwartz theory, including power, security, self-direction and universalism. Also, we iden- tified fairness and transparency as the most ‘value-conscious’ principles prescribed in GDPR. Thus, GDPR provides a guide to better define some human values in a software context.
II. BACKGROUND
A. General Data Protection Regulation (GDPR)
In 2015, a survey conducted with 27,980 respondents in Europe revealed that 67% of the respondents showed concerns about ‘not having complete control over the information they provide online’. The survey also revealed that 69% of the respondents were concerned about ‘the misuse of their personal data’ [13]. Following these genuine concerns of the general public, the European Parliament approved GDPR in May 2016. After a two-year grace period, GDPR came into force in May 2018. Though GDPR is applied in EU members, it has a far-reaching impact on businesses around the world as it applies to any data controller that process EU citizens’ personal data irrespective to their geo-location of the service provider, i.e. data controller. Also, GDPR has the power to fine non-complaints up to 20 million Euro or 4% of the organizations’ global turn over (whichever is greater) [14].
The GDPR act comprises 99 articles and 173 recitals in total. The articles lay down the regulations in GDPR. Each of these articles along with its practical applications is further explained by one or more recitals. A set of articles and recitals introduce data protection principles and data subject rights that underpin GDPR to ensure the privacy and protection of the personal data of users or citizens, i.e. data subjects. The 6 principles outline the main obligations that organizations need to comply with when collecting, processing and storing personal data. GDPR also empowers data subjects with 9 rights to exercise control over their personal information. Using these rights, data subjects can ensure that their personal data is not being used for a different purpose than the one it was originally collected for.
Principles in GDPR were mentioned in an abstract manner such that it is hard to interpret in a practical scenario. For example, the first principle of GDPR – lawfulness, fairness and transparency – is stated as ‘personal data shall be processed lawfully, fairly and in a transparent manner in relation to the
data subject’. This is an abstract concept which is hard to interpret. Recitals and rights which align with such principles help to better interpret them by giving more details on the sit- uations and scenarios to which these principles are applicable. However, there has been no previous study that links principles to rights in GDPR. Therefore, we propose a mapping between the data subject rights and the data protection principles in GDPR.
B. Human Values
Cheng and Fleischmann summarized seven different defini- tions of human values and define them as ‘guiding principles of what people consider important in life’ [15]. Among other human values studies (see Rokeach’s work [16] for example), Schwartz theory of basic human values is recognized as the most cited and widely accepted model to represent human values. In 1992, in his original model, Schwartz introduced 10 human values which were measured using 56–57 value items [17], [18]. In 2012, the theory is refined by further dividing recognized values in the original model and ended up with 19 individual human values [12], [19]. Most of the 56–57 value items from the original model also categorized into these refined values. Table I shows the complete set of 19 human values, their definitions and the value items (from the original model) that belong to them. As given in Table I, privacy is one of the value items under the self-direction–action value. In Section III, we discuss how we mapped these 19 values from Schwartz theory to GDRP principles and rights.
III. METHODOLOGY
To investigate the extent GDPR aligned with human val- ues, we mapped GDPR regulation to the refined version of Schwartz theory of basic human values. We limited our scope in GDPR to data protection principles and data subject rights as those two are the main mechanisms that empower data sub- jects. The other parts of GDPR, such as constraints, remedies or supervisory certification, generally discuss administrative and procedural aspects of the regulation. Data sources for this study included (a) GDPR’s text approved by the EU parliament and (b) Schwartz values’ definitions with their descriptions where (a) was used to guide the mapping process.
As shown in Fig. 1, our methodology consists of two main steps. First, we interpret GDPR principles using GDPR rights that are relevant to each of those principles. Second, we map these principles to human values based on the interpretations of GDRP principles from the previous step and the human value definitions provided in Schwartz theory. We discuss these two steps further as follows.
A. [step 1] Interpret Principles through Rights of GDPR
To have a general idea on GDPR, we did a background study and read the entire regulation including its recitals [20]. Then, we focused on articles 5–23 and recitals 39–73 where data protection principles and data subject rights are outlined in GDPR.
405
Authorized licensed use limited to: University of Wollongong. Downloaded on October 13,2020 at 04:49:41 UTC from IEEE Xplore. Restrictions apply.
TABLE I: Schwartz Basic Values [12]
Human Values
Definitions
Value Items that explain value
Self-direction– thought
Freedom to cultivate ones own ideas and abilities
creativity/imagination; curious/interested
Self-direction– action
Freedom to determine ones own actions
choosing own goals/own purposes; independent/self-reliant; privacy
Stimulation
Excitement, novelty, and change
an exciting life/stimulating experiences; a varied life; daring/seeking adventure
Hedonism
Pleasure and sensuous gratification
pleasure
Achievement
Success according to social standards
successful/achieving goals; ambitious/aspiring; capable/ competent; influen- tial/having an impact on people and events
Power– dominance
Power through exercising control over people
social power/control over others; authority/right to command
Power– resources
Power through control of material and social resources
wealth/material possessions
Face
Maintaining ones public image and avoiding humiliation
social recognition/respect; preserving public image/maintaining face
Security– personal
Safety in ones immediate environment
sense of belonging/feeling others care about me; healthy/ not sick; reciprocating favors/avoiding indebtedness; clean/neat, tidy; family security/safety for loved ones
Security– societal
Safety and stability in the wider society
national security/nation safe from enemies; social order/societal stability
Tradition
Maintaining and preserving cultural, family or religious traditions
respect tradition/preserve customs; devout/hold religious faith
Conformity– rules
Compliance with rules, laws, and formal obligations
self-discipline/resist temptation; obedient/meet obligations
Conformity– interpersonal
Avoidance of upsetting or harming other people
politeness/courtesy; honor parents/show respect
Humility
Recognizing one’s insignificance in the larger scheme of things
humble/modest, self-effacing; accepting my portion/submitting to lifes circum- stances
Benevolence– caring
Devotion to the welfare of in-group members
helpful/working for others welfare; honest/genuine; forgiving/willing to pardon; family security/safety for loved ones
Benevolence– dependability
Being a reliable and trustworthy member of the in-group
responsible/dependable; loyal/faithful to friends
Universalism– nature
Preservation of the natural environment
protect the environment; unity with nature; world beauty
Universalism– concern
Commitment to equality, justice and protection for all people
equality for all; social justice; world at peace
Universalism– tolerance
Acceptance and understanding of those who are different from oneself
broadminded/tolerant; wisdom/mature understanding
Fig. 1: Mapping Overview: DSR – Data Subject Rights; DPP – Data Protection Principle
Data Protection Principles. GDPR has six data protec- tion principles, as mentioned in Article 5 (a)–(f). However, we separated the first principle (‘lawfulness, fairness and transparency’) into three different principles as ‘lawfulness’, ‘fairness’ and ‘transparency’. We observed that each of these principles has its own meaning and scope when we link them to human values. Moreover, this separation allowed us to better interpret links between principles and values. Also, this decision was supported by the knowledge from previous background studies where we found each of these principles has been discussed or treated separately [21]. For example, the
GDPR-complaint checklists provided three different checklists for these three principles [22].
Data Subjects Rights. Rights are discussed in detail in GDPR including the scenarios and situations in which data subjects can exercise their rights. Pandit et al. have analyzed GDPR and presented the regulation as a linked data set [23]. In this data set, 9 data subject rights are identified and further di- vided into 26 sub provisions to better understand the rights. For instance, the right to object allows data subjects to request data controllers to stop processing their personal information. Sub provisions of right to object, namely, ‘object to processing’ and ‘object to direct marketing’ explain particular scenarios to which this right is applicable (see Table II for all rights and their sub provisions).
Mapping rights to principles. To interpret data protection principles, we mapped them to data subject rights using sub provisions of rights as a middle layer for the mapping (see Fig. 1). We chose not to directly map a right to a principle(s) as each sub provision may be relevant to different principles. For example, in Article 15.1, right to restrict processing allows users to request to stop his/her data processing if (a) ‘the accuracy of the personal data is contested’; (b) ‘the processing is unlawful’; (c) ‘the controller no longer needs the personal data for the purposes of the processing’. These three sub provi- sions are related to three different GDPR principles (accuracy,
406
Authorized licensed use limited to: University of Wollongong. Downloaded on October 13,2020 at 04:49:41 UTC from IEEE Xplore. Restrictions apply.
lawfulness and storage limitation respectively). Likewise, we created links between GDPR rights and GDPR principles.
Some of the links were direct and clearly visible (see links discussed in the previous example) while other links required some derivations to be visible. For example, Article 17 (b) defines the right to erasure as ‘the data subject shall have the right to obtain from the controller the erasure of personal data where data subject withdraws consent…’. The underlined part shows a direct link to the principle of storage limitation as it commands to erase data once the consent is withdrawn. Also, according to GDPR, processing data without consent is an unlawful act. Therefore, though it is not as direct as the previous, a link can be derived between the right to erasure and the principle of lawfulness. Likewise, we have reported 38 direct links and 21 derived links between GDPR rights and principles in Table II. The overall relevance of a right to principles was determined based on the links of its sub provisions and the overall idea of the right. The links established were used to interpret data protection principles when they were mapped to human values.
B. [step 2] Mapping GDPR Principles to Human Values
To build the relationship between principles and human values, we used (a) the interpretations of principles using rights from the previous step and (b) human values definitions and value items in the Schwartz model (see Table I). As an example, how the storage limitation principle was linked to the power-dominance and power-resource human values are explained as follows. We identified the direct link between principle storage limitation and the right to erasure in the previous step (see Table II). Right to erasure prescribes to erase user data when ‘the personal data are no longer necessary’ or ‘the data subject withdraws the consent’. That depicts the power that users can have to control resources (personal data). Similarly, according to the right to erasure, upon a request from the data subject, the data controller shall inform third parties who process this data to stop processing and erase them. This depicts how data subject can influence the workflow of the data controllers. Therefore, the storage limitation principle empowers users to control both resources and workflow of the data controllers. This is aligned with the definitions of human values of power-dominance and power–resource (see Table I). Accordingly, storage limitation is linked to power–dominance and power–resource. Likewise, considering the interpretations of the principles, we linked them to human values.
We identified that some links between values and prin- ciples are explicit while the other links are implicit. Therefore, we defined two link types as explicit links and implicit links. For instance, the principle of ‘accu- racy’ allows you to rectify or erase inaccurate personal data from data processors. It has an explicit link with power– resource human values, which is defined as power through control of material and social resources (see Table I). Here, accuracy principle allows you to control personal data that resides with data controllers. At the same time, inaccu-
rate personal data, if made publicly available, may affect the public image of an individual. It implies that accu- racy principle can implicitly influence someone’s need of maintaining the public image and avoiding humiliation. In Schwartz, this need is defined as the value of face (see Table I). Therefore, we established an implicit link between accuracy and face. Likewise, We have reported 22 explicit links and 6 implicit links between GDPR principles and human values in Fig. 2. In the following section, we discuss the key findings of this study.
IV. RESULTS AND DISCUSSION
This section discusses our preliminary findings achieved from mapping GDPR (data subject) rights and (data protec- tion) principles to human values. In the effort to perform these mappings, we found that the principles and rights of GDPR concern a wide range of human values and therefore can be used to further elaborate the practical manifestations of human values in a software context. Such elaborations can be exploited to integrate those values into software.
A. Coverage of Human Values in GDPR
The results of our mappings show that GDPR addresses 9 out of 19 values mentioned in refined Schwartz the- ory of basic human values including self-direction–action (including privacy), universalism-concern, power–dominance, power–resource, conformity–rules and so on (see Fig. 2). This suggests that the principles and rights of GDPR go beyond the general perception that they are only concerned about user privacy. Instead, GDPR rights and principles cover nearly half of the total human values identified in Schwartz theory. However, no GDPR provisions could be linked to some of the values such as humility, universalism–nature, tradition, etc.
The mapping resulted in a strong connection between prin- ciples with certain values such as self-direction–action, power– dominance and universalism–concern (see, Fig. 2). This was due to the facts that these links were matched to ‘value items’ that explain high-level values e.g. privacy (from self- direction), authority to command (from power) and social justice (from universalism). One can appreciate that these value items fittingly align with the underlying themes of GDPR: empowering data subjects with a set of rights and protecting their privacy.
Moreover, fairness and transparency have been identified as the most ‘value-conscious’ principles prescribed in GDPR. Each of these two principles can be linked to 5 different values. It shows that complying with fairness and transparency principles in GDPR can contribute to the implementations of 5 out of 19 human values identified in the Schwartz theory.
B. Human Values elaborated by GDPR
The absence of practical definitions for human values in a software context hinders practitioners to integrate them into software [5]. Our results show that GDPR can be used, within its context, to provide more practical elaborations to human values. This can be achieved by combining two mappings:
407
Authorized licensed use limited to: University of Wollongong. Downloaded on October 13,2020 at 04:49:41 UTC from IEEE Xplore. Restrictions apply.
TABLE II: Data Subjects Rights mapped to Data Protection Principles.
denotes Direct link
denotes Derived link
GDPR Data Protection Principles
GDPR Data Subject Rights
Rights Sub Provisions [23]
Fairness
Lawfulness
Trans- parency
Purpose Limitation
Data Min- imization
Accuracy
Storage Limitation
Integrity
and Con- fidentiality
Right to transparency (Article 12)
Overall
concise
Right to basic Information about processing (Article 13, 14)
easily accessible
intelligible
transparent
Overall
Information about Third Parties
Overall
If and where Controller is processing data
Right of access (Article 15)
Automated processing with significant effects on data subject
Categories of data being processed
Categories of recipients data is shared with
Existence of Rights
Information about Processing
Source of Data
No charges levied
Storage Period
Right to rectification (Article 16)
Overall
Right to erasure (Article 17)
Overall
Right to restrict processing (Article 18)
Erase when consent was withdrawn
Erase when data is no longer needed for origi- nal purpose
Overall
When accuracy is contested
Data no longer needed for original purpose
Processing is unlawful
Overall
Right to data portability (Article 20)
Provide copy of Personal Data
Should be machine readable
Should support reuse
Should be commonly used format
Should be structured
Right to object (Article 21)
Overall
Object to processing
Object to direct marketing
Rights over automated decisions (Article 22)
Overall
Fig. 2: Mapping human values and GDPR principles. All principles directly link to privacy, and therefore self-direction– action; these links are not demonstrated for the sake of clarity.
408
GDPR rights to GDPR principle, then, GDPR principles to human values. For instance, Fig. 3 shows how we can establish a link from value power-resource to two principles of GDPR and subsequently to four rights (though their sub provisions) of GDPR. As we discussed in section III, GDPR outlined its rights in detail including their practical scenarios, responsible people, and mechanisms to be compliant with them. The mechanisms are used to implement GDPR rights, therefore, can also be used to help integrate values (in this example: power-resource) in a software context.
Above example shows one instance that these mappings could be used to better explain a human value in a software context. Likewise, In Fig. 2, we have reported 22 explicit links and 6 implicit links between 9 human values and 8 GDPR principles. In Table II, we have reported 38 direct links and 21 derived links between these principles and 9 GDPR rights (including 26 sub provisions). When combined, these two mappings create a better elaboration of identified human values for their integration in software.
Authorized licensed use limited to: University of Wollongong. Downloaded on October 13,2020 at 04:49:41 UTC from IEEE Xplore. Restrictions apply.
Fig. 3: Value power–resources elaboration; Only direct links are demonstrated.
V. CONCLUSION AND FUTURE DIRECTION
Software plays a vital role in the modern-day world. Some contemporary examples show that software that is unable to account for human values may result in negative socio- economic impact. GDPR is introduced as a regulation to pro- tect fundamental rights of privacy and personal data protection through its prescribed data protection principles and data sub- ject rights. However, looking beyond privacy, we investigated GDPR with the focus of identifying the extent to which GDPR relates to human values introduced in Schwartz theory of basic human values – a well-known framework/structure from social sciences to understand human values. In our method, we mapped GDPR rights to GDPR principles and linked them to human values. Our study revealed that, though known for privacy, GDPR addresses 9 basic values, nearly half of the basic human values introduced in Schwartz theory. These links can be used to better understand the extent of GDPR coverage of human values and can be exploited to better define GDPR- related human values within a software context.
In future, we hope to further extend the mapping of GDPR to human values incorporating perspectives of other stakeholders such as service providers and regulatory bodies. We have studied a body of knowledge that contributed to interpreting GDPR using different techniques such as use case, goal modeling, textual analysis etc. We are planning to revisit some of these techniques with the human values’ perspective. In particular, we have identified goal modeling as a potential technique to develop practical definitions of human values through GDPR and further assist to achieve our ultimate research objective of integrating human values in software.
REFERENCES
[1] E. Graham-Harrison and C. Cadwalladr, “Revealed: 50 million facebook profiles harvested for cambridge an- alytica in major data breach,” Mar 2018. [Online]. Available: https://www.theguardian.com/news/2018/mar/17/cambridge- analytica-facebook-influence-us-election
409
[2] R. Neate, “Over $119bn wiped off facebook’s market cap after growth shock,” Jul 2018. [Online]. Avail- able: https://www.theguardian.com/technology/2018/jul/26/facebook- market-cap-falls-109bn-dollars-after-growth-shock
[3] N. Baker. (2019) Molly russell: Instagram bans graphic self-harm images after suicide of uk teen. [Online]. Available: https://www.sbs.com.au/news/molly-russell-instagram-bans- graphic-self-harm-images-after-suicide-of-uk-teen
[4] S. Galhotra, Y. Brun, and A. Meliou, “Fairness testing: testing software for discrimination,” in Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering – ESEC/FSE 2017. New York, New York, USA: ACM Press, 2017, pp. 498–510.
[5] D. Mougouei, H. Perera, W. Hussain, R. Shams, and J. Whittle, “Operationalizing human values in software: a research roadmap,” in Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering – ESEC/FSE 2018, 2018, pp. 780–784. [Online]. Available: http://dl.acm.org/citation.cfm?doid=3236024.3264843
[6] B. Barn, R. Barn, and F. Raimondi, “On the role of value sensitive concerns in software engineering practice,” in Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on, vol. 2. IEEE, 2015, pp. 497–500.
[7] L. Rierson, Developing safety-critical software: a practical guide for aviation software and DO-178C compliance. CRC Press, 2017.
[8] K. V. V. N. Ravi, “Automatic deployment of software applications to meet regulatory compliance requirements,” Feb. 2 2016, uS Patent 9,250,884.
[9] S.H.Schwartz,“Arethereuniversalaspectsinthestructureandcontents of human values?” Journal of social issues, vol. 50, no. 4, pp. 19–45, 1994.
[10] B. Friedman, P. H. Kahn, and A. Borning, “Value sensitive design and information systems,” The handbook of information and computer ethics, pp. 69–101, 2008.
[11] S. H. Schwartz, “An Overview of the Schwartz Theory of Basic Values,” Online Readings in Psychology and Culture,
vol. 2, no. 1, pp. 12–13, 2012. [Online]. Available: http://scholarworks.gvsu.edu/orpc/vol2/iss1/11
[12] S. H. Schwartz, J. Cieciuch, M. Vecchione, E. Davidov, R. Fischer, C. Beierlein, A. Ramos, M. Verkasalo, J.-E. Lo ̈nnqvist, K. Demirutku et al., “Refining the theory of basic individual values.” Journal of personality and social psychology, vol. 103, no. 4, p. 663, 2012.
[13] E. Commission, “Special eurobarometer 431: Data protection,” 2015.
[14] A. Calder, EU GDPR: a pocket guide. IT Governance Publishing Ltd,
2018.
[15] A.-S. Cheng and K. R. Fleischmann, “Developing a meta-inventory of
human values,” in Proceedings of the 73rd ASIS&T Annual Meeting on Navigating Streams in an Information Ecosystem-Volume 47. American Society for Information Science, 2010, p. 3.
[16] M. Rokeach, The nature of human values. Free press, 1973.
[17] S. H. Schwartz, “Universals in the content and structure of values: Theoretical advances and empirical tests in 20 countries,” in Advances
in experimental social psychology. Elsevier, 1992, vol. 25, pp. 1–65.
[18] ——, “Basic human values: Their content and structure across coun-
tries,” Valores e comportamento nas organizac ̧o ̃es, pp. 21–55, 2005.
[19] ——, “The refined theory of basic values,” in Values and Behavior.
Springer, 2017, pp. 51–72.
[20] Council of European Union, “Council regulation (EU)
no 2016/679,” 2016, https://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=CELEX%3A32016R0679.
[21] D. Clifford and J. Ausloos, “Data protection and the role of fairness,”
Yearbook of European Law, vol. 37, pp. 130–187, 2018.
[22] “Principle (a): Lawfulness, fairness and transparency.” [Online]. Available: https://ico.org.uk/for-organisations/guide-
to-data-protection/guide-to-the-general-data-protection-regulation-
gdpr/principles/lawfulness-fairness-and-transparency/
[23] H. J. Pandit, K. Fatema, D. OSullivan, and D. Lewis, “GDPRtEXT- GDPR as a linked data resource,” in European Semantic Web Confer-
ence. Springer, 2018, pp. 481–495.
Authorized licensed use limited to: University of Wollongong. Downloaded on October 13,2020 at 04:49:41 UTC from IEEE Xplore. Restrictions apply.