Consent Withdrawal Processes in Information Systems Gabriel Hogan1[0000-0002-6913-3739] 1 ADAPT Centre, Dublin City University, Dublin D9, Ireland gabriel.hogan8@mail.dcu.ie Abstract. In May 2018 ‘consent‘ to the processing of Personal Identifiable In- formation (PII) was enshrined in legislation in Europe through the enactment of the General Data Protection Regulation (GDPR) [15] placing new demands on Information Systems (IS) for the management of consent withdrawal. This re- search proposes to identify the relationships between the underlying technology, organization and environment variables for Consent Withdrawal Management (CWM) in IS. This will be achieved through several case studies with consent management practitioners, using qualitative methods, process model analyses, and evaluation. The resulting research output will be a reference process model artefact and methodology that can be utilized in approaches to designing, deploy- ing or improving information systems for the consent withdrawal requirements of GDPR. Keywords: Consent Withdrawal, Event Driven Process Chain, Technology-Or- ganization-Environment, GDPR, Design Science. 1 Introduction GDPR places significant compliance requirements on IS’s to ensure that the data prov- enance of PII and associated user decisions on consent are recorded, acted on appropri- ately, and audited correctly [15]. For organizations collecting and using personal data, the ability to organize, audit, and verify compliance with legislation are key require- ments in business today [6]. This is not confined to GDPR in Europe. California was the first of a number of US states to legislate on the privacy of personal data [8]. Data privacy and protection is an integral part of organizational governance, and an essential part of organizations’ IS [3]. Provenance is a well-established and well under- stood concept which seeks to establish the origin, lineage, history, transactions on, and ownership of, an artefact. Data Provenance applies the concept in the digital data do- main [39]. PII in GDPR, requires that individuals, ‘Data Subjects’, have the right to decide if their PII can be used in specific circumstances. This ‘consent’ can be ‘granted’, ‘withdrawn’, or in some cases required to be ‘forgotten’ [15], i.e. both the organization and the Data Subject should have the ability to see, and control, how PII is transacted, used or misused. Organizations must manage the data provenance of PII, and a Data Subjects’ deci- sions on the use of their PII in their Information Systems. Both academic and non- academic literature highlight the difficulties that private and public organizations are Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0) 153 encountering in dealing with these GDPR requirements [5], including the significant absence of deployments in IS for CWM [33]. A wide variety of technical solutions which go some way to addressing the standards and the requirements of GDPR are proposed in the literature [32]. While these address different aspects of seeking and granting consent, technical solutions alone that do not also address business, environment or customer perspectives are unlikely to be adopted by organizations [1]. This requires a holistic approach, relying on a combination of technical implementation, user interaction, together with business and organizational management disciplines to enable usable, efficient consent provenance in their IS. 1.1 Motivation This research is intended to assist organizations in assessing the fitness for purpose of CWM in their IS by investigating the relationships between the technical, organiza- tional, and environmental aspects of consent withdrawal. In addition, the research out- comes will provide an indicator to data subjects of an organizations’ IS capability to handle a data subjects consent withdrawal. The development of a reference process model and a methodology for its use, will enable the evaluation of consent withdrawal in an organizations’ IS. These are proposed to be used by consent management practitioners and have the potential to allow the identification of corrections that could lead to improvement in CWM in IS. 2 Theoretical Background A literature review methodology [38] was chosen as being most apt for the analysis of consent management. The current state of the art in GDPR consent management is an active area of research [34], and CWM is predominantly technology led, however there is a low level of cross perspective research [31] encompassing all three technology, organization and environment IS perspectives. 2.1 Regulatory requirements of GDPR GDPR [15] article 4(11) defines Consent as: “’consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”, with the specific conditions for consent laid out in article 7 of the GDPR. This requires a data controller to ‘demon- strate’ the receipt of consent from a data subject, and the right of a data subject to with- draw consent. It also provides that “It shall be as easy to withdraw as to give consent.” These articles of GDPR place requirements on organizations for the provenance of con- sent, including the granting of a consent and the withdrawal of that consent. 154 2.2 Current State of the Art In general consent management research takes a technical IS approach to the problem and does not address the affect the relationships between the data stakeholders has on the overall consent management capability in the IS, particularly with regard to consent withdrawal. A number of approaches for consent management have been proposed in- cluding ISO/IEC standards [19], capability based approaches [21], and a number of blockchain (technical) solutions, i.e. [9]. 2.3 Related Work This research is agnostic to the philosophical view of privacy management in IS as technological or social determinism [30]. It is aligned with the view of Orlikowski, and Barley [27] on the role the relationship between IS and social science in achieving ho- listic IS. Two specific theories in IS research examining human – IS relationships rele- vant to this research are: • Design Science Research (DSR) [24], [16]; • the Technology-Organization-Environment framework (TOE) [14] Each of these has a bearing on consent withdrawal, particularly when viewed from the perspective of the Data Subject, in particular the Technology Acceptance Model (TAM) and its concept of Perceived Ease of Use (PEOU) “the degree to which a person be- lieves that using a particular technology would be free from efforts” [12]. Design Science DSR [24], [16], focuses on the human – IS relationship through artefact creation and their application and evaluation in the IS environment. DSR has been frequently used as a methodology applied to address privacy in IS [26]. Fig. 1. Design Science Methodology adapted from Design Science Data Quality Process [29] 155 The cross-discipline characteristic of DSR makes it an appropriate approach for this research [13]. An adapted DSR methodology based on Design Science Process in Data Quality research [29] as applied to this project is shown in Fig. 1 and is used as the overall approach in conjunction with TOE frameworks as the theoretical lens. Theoretical Lens The TOE Framework [14], is proposed as the theoretical lens [25], through which to view the Environment paradigm of the IS Research Framework [16]. TOE provides a lens for viewing and describing the relationships between these individual aspects of the problem, and the combined influence of these relationships on the decision making for improvements to CWM. In this project the TOE lens will be applied to specifically address the relationships between the: • Technology: Availability; and characteristics; • Organization: Formal and informal linking structures; Defined responsibility and authority; and Resources; • External Task Environment: Government Regulation; Customer/End User (ease of consent withdrawal under GDPR Article 7); • Innovation decision making: Usefulness in decision making to improve the ‘fitness for purpose’ of the organizations CWM. Fig. 2. Technology-Organization-Environment framework applied to this project [14] 3 Problem Statement The lack of coordination and interaction between the business view, the technical view, and the customer view is a gap in the research in consent management that is high- lighted in the types of calls for further IS research [36]. In many instances organizations can demonstrate the receipt of consent grant. How- ever, these often lack the parallel capabilities demonstrating the full provenance of that 156 consent [23] including their management of the withdrawal of consent and demonstrat- ing that the ‘ease’ of the withdrawal matches the ease with which the consent was granted. These problems are summarised as follows: • The withdrawal of consent by data subjects and the provenance of their withdrawal is a specific challenge within the overall consent management in IS. • A methodology and reference process model is needed to indicate the 'fitness for purpose' of an organizations IS CWM that encompasses their business need, their technical capability and their customer relationships. • Full compliance with article 7 of the GDPR requires the inclusion of the perception of the ease of withdrawal by the data subject. This is not a trivial problem. Technology to indicate compliance relies on input from domain experts in different organizational stakeholders, i.e. strategic management, le- gal counsel, customer relations & marketing, executive management, and shareholders, all of which impact on the organization and its business. However, the relationships between the organizational (business), the technological, and the environmental (legis- lative, & end user) perspectives & characteristics are not easily understood or obvious [22]. In this context a design science perspective approach is applicable [11]. 3.1 Design Hypothesis The design hypothesis to address the identified problem in consent withdrawal is: The ‘fitness for purpose’ of CWM in IS can be represented by a model of the relationships and interactions between a) Technology capability; b) Organizational commitment; and c) the ease of Data Subject consent withdrawal. The following research question and sub questions are formulated to address the hypothesis and to achieve the research objectives described above: How can the rela- tionships and interactions between technology, organization and data subject be mod- elled to indicate the ‘fitness for purpose’ of CWM? The hypothesis will be tested through the examination of the three sub research ques- tions outlined below. • (SRQ1) What are the characteristics of the relationships between the TOE actors in the consent management process? • (SRQ2) What are the commonalities between the technology, organization, and en- vironment views that influence the innovation decision making for CWM? • (SRQ3) Can the developed process model and methodology be considered reliable to support the design, implementation and deployment of Consent Management fea- tures in Information Systems? SRQ1 will identify and record consent management processes from several case studies. It will analyse these to establish the characteristics of, and the relationships between the TOE actors. 157 SRQ2 will analyse, compare and model the case study consent management pro- cesses and build a reference model for the key influencing factors between each TOE actor and an associated methodology for its use. SRQ3 will evaluate with practitioners if the process model and methodology reliably indicate how changes in each dimension effect the others and the overall perception of the ‘fitness for purpose’ of CWM in IS. 3.2 Challenges and Objectives The research will require access to organizations at both a technical and management level for data gathering on Organization and Technology in addition to independent responses and feedback from anonymous data subjects on the Environment thread. The organization type and size will have to be carefully selected to help reduce the number of independent variables. Research Ethics approval may be required. The main challenges of this research are: • How to identify the relationships between each of the specific TOE perspectives for consent withdrawal. • How to develop the reference process model to show the relationships between the TOE perspectives. • How to evaluate the TOE framework to indicate the ‘fitness for purpose’ of an or- ganizations’ CWM. The main objectives of this research are to: • identify the relationships between each of the TOE actors for consent withdrawal. • develop a reference process model and associated methodology to indicate the ‘fit- ness for purpose’ of an organizations’ CWM. • demonstrate and evaluate the process model and the associated methodology in a real-world environment. The outputs of this research will: • Identify the relationships between the underlying technology, organization and en- vironment variables for CWM in IS. • Be reference process model and methodology artefacts that can be utilised by prac- titioners in designing, deploying or improving IS with respect to their ‘fitness for purpose’ with the consent withdrawal requirements of GDPR. • Include an evaluation of the process model and methodology with consent manage- ment practitioners. The process model will indicate how the characteristics of each of the aspects of consent withdrawal relate to each other and to the ‘fitness for purpose’ of the system. The methodology will instruct the use of the model. 158 4 Research Methodology Data will be gathered from information sources each of which will require different data acquisition activities, with different research methodologies. Each methodology has been selected for its appropriateness to the specific aspects of the research for which it has been chosen. A mixed methods approach of convergent design will be used as outlined by Creswell and Plano Clark [10]. Several case studies will be used to identify both dependent and independent variables in the consent management processes. Pro- cesses which may be formally described in text or using modelling notation will be captured using quantitative methods. Interviews with practitioners will provide key in- sights through their perception, practice, and experience of the consent management process(es) in the participating organizations. The targeted organizations for data gath- ering are Universities, with municipalities and commercial companies used for com- parison and evaluation. Fig. 3. Data gathering approach. 4.1 Research Methodology Overview The Design Science Process in Data Quality research [29] is adapted in Fig. 1 and is used as the overarching research methodology. The reference process model and meth- odology will be artefacts as defined by Peffers et al [28]. Data gathered using the meth- odologies below will be used to design, develop, construct and evaluate the artefacts. The process model will encompass and describe the components, characteristics and relationships observed from the case studies through the theoretical lens of the TOE framework [14] as adapted in Fig. 2. The associated methodology will enable practitioners to use the model. A high level perspective of the research methodology each TOE element will use is outlined below. 159 Qualitative methodologies through interviews will be used to capture data. Inter- views will be designed using quantitative and qualitative social research methods [7] to establish the characteristics, relationships and linkages of the CWM process in the or- ganization by talking to the relevant practitioners. Measuring the “Technology”. Technology is not necessarily confined to ‘High Tech’ hardware and software employed in IS, but also encompasses documentation, processes, procedures and other ‘technologies’ as outlined by Baker [2]. Quantitative methodologies will be used to capture formal data relating to the hardware, software, documentation, processes, procedures or other ‘systems’ in place and being utilised or available to be utilised external to the organization for CWM. Analyses that indicate distance between the cur- rent technology deployment and the available state of the art imply a capacity for inno- vation in CWM. Measuring the “Organizational Commitment to Consent Withdrawal”. The commitment of the organization to CWM can be linked to resources (both budget and people), roles with responsibility and authority, and cross unit, cross functional, or matrixed teams with organization wide mandate. Quantitative indicators such as a chief information officer (CIO), a dedicated data protection officer or department and other resources may be observed in the formal consent management process. However, the relationships between these and the wider organization, including the IS organization, and the organizations relationships with its external data subjects will be measured us- ing qualitative methods. Differences in the commitment to CWM between organizations of different size (SME v Large) or type (Public v Private) may be observed. This may be an opportunity to provide a comparative analysis between different size and types of organizations. Measuring the ‘External Task Environment’. This research will address the ‘environment’ in the context of CWM under ‘Govern- ment Regulation’, specifically related to GDPR and its obligations on organizations operating in the EU and in particular the assertion laid out in article 7 that “It shall be as easy to withdraw as to give consent.”. This requires an engagement with data sub- jects independent of, and external to, the organization to ascertain their perception of the ease of the withdrawal of their consent. The PEOU methodology, [12], will be used to gather data from data subjects on their experience and perception of consent withdrawal. Data Subjects will be employed, us- ing Amazon Mechanical Turk, to interact with the participating organizations. Quanti- tative methods will be used to design research questionnaires and associated Likert scales to provide measurements [20], to establish the Data Subjects POEU of the or- ganizations CWM process. 160 4.2 Identifying the Problem, In keeping with the DSR Methodology, the problem was defined as an observed feature of current consent management and its interaction with end users of digital offerings. A systematic literature review established the current state of the art in privacy, consent, and consent withdrawal research using the methodology outlined by Webster and Wat- son [38]. The literature review showed a gap between the current research state of the art approaches to the problem and their implementation and adoption by organizations. 4.3 Artefact Design, Development and Instantiation An artefact that can be evaluated as to its utility is required in DSR. Using the case study data, two DSR artefacts will be developed - a reference process model of the key influencing factors of CWM and an accompanying methodology to enable practitioners to use the model. Iterative conversations with practitioners will allow for the continuous refinement of the artefacts. 4.4 Demonstration, Evaluation and Communication The artefacts will be demonstrated to participating organizations and evaluated by measuring their influence on decision making for innovations to the management of consent withdrawal in the organizations’ IS. The Perceived Usefulness (PU) method- ology [12] will be applied to gather data from technology innovation gatekeepers on the usefulness of the ‘fitness for purpose’ artefacts [37], in assisting with innovation decisions on their CWM system. As the results of the research emerge these will be communicated to the wider re- search community particularly those with interest in privacy, consent withdrawal and design science, through peer reviewed publications in conferences and journals. 5 Future Work Initial work in this project focused on data provenance and the PROV model [39] and its representation in blockchain, identifying self-referencing instances in the PROV model that cannot be replicated in blockchains which are directed acyclic graphs [17]. Additional work based on this developed a GDPR consent flow conceptual model, which was elaborated as a blockchain of blockchains. Using autonomous connected transport as a use case, a user data flow was developed [18] and further refined in a consent and consent withdrawal data flow model for data sharing organizations. This work has evolved to focus on the key factors in organizations’ CWM systems, and how this can be modelled by examining their processes and workflows as outlined by the work to date in this document. 161 6 Contributions, Limitations and Conclusion This research proposes to identify the underlying technology, organization and envi- ronment variables, and their relationships which underpin the effectiveness of CWM in IS. Using this knowledge this research will provide a reference process model and as- sociated methodology to provide a ‘fitness for purpose’ indicator of the provenance of consent withdrawal in an organizations IS. These will be demonstrated and evaluated in a real-world environment. This research addresses a gap in the current state of the art providing a multi perspective approach to CWM in organizations IS. It will contribute to practice by providing a reference process model and associated methodology for practitioners to use as an indicator of the fitness for purpose of their organizations CWM balanced with a contribution to DSR theory [4] by illustrating the use of the TOE framework as a theoretical lens in the DSR methodology. While the projectability of the research will become evident as it evolves, some limitations are expected in the research: • It is specific to the level of the engagement by organizations. • It is specific to the type of organizations. • The final outputs would be enhanced with further engaged iterative assessment and evaluation such as outlined by Sonnenberg and Vom Brocke [35]. However these serve to maintain the scope of the research within the time allotted. It is planned that future research will address these limitations. 7 Acknowledgement This work was supported by Dublin City University and also by the ADAPT Centre under Science Foundation Ireland grant “13/RC/2106_P2”. References 1. Ali, M., Zhou, L., Miller, L., Ieromonachou, P.: User resistance in IT: A literature review. International Journal of Information Management 36(1), 35-43 (2016). 2. Baker, J.: The technology–organization–environment framework. In Dwivedi, Y. K., Wade, M. R., Schneberger, S. L. (eds.). Information Systems Theory vol. 1, pp. 231-245. Springer, New York (2012). 3. Bansal, G., Zahedi, F.M., Gefen, D.: The role of privacy assurance mechanisms in building trust and the moderating role of privacy concern. European Journal of Information Systems 24(6), 624-644 (2015). 4. Baskerville, R., Baiyere, A., Gregor, S., Hevner, A. and Rossi, M., 2018. Design science research contributions: Finding a balance between artifact and theory. Journal of the Association for Information Systems, 19(5), p.3. 5. Bloomberg Businessweek, https://www.bloomberg.com/news/articles/2019-02-08/where- tech-giants-are-getting-slapped-over-privacy-quicktake, last accessed 2019/12/03. 6. Bouslama S., Bhar Layeb S., Chaouachi J.: Framework for Managing the New General Data Protection Regulation Related Claims. In: Bouglel, M.S., Rovetta, S. (eds.) Proceedings of 162 the 8th International Conference on Sciences of Electronics, Technologies of Information and Telecommunications (SETIT’18) vol 1, pp. 14-23. Springer, Cham (2020). 7. Bryman, A.: Social research methods. 5th edn. Oxford University Press, Oxford (2016). 8. California State Legislature. California Consumer Privacy Act of 2018, California Civil Code 1798.100 – 1798.199 (2018). 9. Cha, S.C., Hsu, T.Y., Xiang, Y., Yeh, K.H.: Privacy enhancing technologies in the internet of things: perspectives and challenges. IEEE Internet of Things Journal 6(2), 2159-2187 (2018). 10. Creswell, J, and Plano Clark, V.L.: Designing and Conducting Mixed Methods Research. 3rd edn. Sage Publications, Thousand Oaks, CA (2017). 11. Cross, N., 2001. Designerly Ways of Knowing: Design Discipline versus Design Science. Design Issues, 17(3), pp. 49-55. 12. Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly 13(3), 319-339 (1989). 13. Deng, Q. & Ji, S., 2018. A Review of Design Science Research in Information Systems: Concept, Process, Outcome, and Evaluation. Pacific Asia Journal of the Association for Information Systems, 10(1), pp. 1-36. 14. DePietro, R., Wiarda, E., Fleischer, M.: The context for change: Organization, Technology and Environment. In Tornatzky, L. G., Fleischer, M. (eds.). The Processes of Technological Innovation, pp. 151-175. Lexington Books, Lexington, MA. (1990). 15. European Commission: General Data Protection Regulation. Office for Official Publications of the European Communities, Luxembourg (2016). 16. Hevner, A.R, March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quarterly 28(1), 75–105 (2004). 17. Hogan, G., Helfert, M.: Transparent Cloud Privacy: Data Provenance Expression in Blockchain. In Ferguson, D., Muñoz, V.M., Pahl, C., Helfert, M. (eds.) 9th International Conference on Cloud Computing and Services Science 2019, CCIS, vol. 1218, pp. 430-436. Springer, Heraklion (2019) 18. Hogan, G., Dolins, S., Senturk, I. F., Fyrogenis, I., Fu, Q., Murati, E., Costantini, F., Thomopoulos, N.: Can a Blockchain-Based Maas Create Business Value?. In Christodoulou, K., Iosif, E., Giaglis. (eds.) 3rd Annual Decentralized Conference on Blockchain and Cryptocurrency 2019, Proceedings, vol 28(1) 8001. MDPI, Athens (2019). 19. ISO/IEC JTC 1/SC 27. ISO/IEC 27701:2019 Information technology – Security techniques – Extension to ISO/IEC 27002 for privacy information management – requirements and guidelines. International Organization for Standardization, Geneva (2019). 20. Jamieson, S.: Likert scales: how to (ab) use them. Medical Education 38(12), 1217-1218 (2004). 21. Labadie, C., Legner, C.: Understanding Data Protection Regulations from a Data Manage- ment Perspective: A Capability-Based Approach to EU-GDPR. In: Ludwig, T., Pipek, V. (eds.) Human Practice. Digital Ecologies. Our Future. 14. Internationale Tagung Wirtschaftsinformatik, pp. 1292–1306. University of Siegen, Germany (2019). 22. Lokuge, S., Sedera, D., Grover, V., Dongming, X.: Organizational readiness for digital innovation: Development and empirical calibration of a construct. Information & Management 56(3), 445-461 (2019). 23. Mackie, J., Taramonli, C., Bird, R.: Digital Forensics and the GDPR: Examining Corporate Readiness. In Scanlon, M., Neihn-An, L.K. (eds) 16th European Conference on Cyber Warfare and Security, pp. 683-691. ACPIL, Reading, UK (2017). 24. March, S. T., Smith, G. F.: Design and natural science research on information technology, Decision Support Systems 15(4), 251–266 (1995). 163 25. Niederman, F., March, S.: The “Theoretical Lens” Concept: We All Know What it Means, but do We All Know the Same Thing?. Communications of the Association for Information Systems 44(1), 1-33 (2019). 26. Oetzel, M.C., Spiekermann, S.: Privacy-by-design through systematic privacy impact assessment-a design science approach. European Journal of Information Systems 23(2), 126-150 (2014). 27. Orlikowski, W.J., Barley, S.R.: Technology and institutions: What can research on infor- mation technology and research on organizations learn from each other?. MIS Quar- terly 25(2), 145-165 (2001). 28. Peffers, K., Rothenberger, M., Tuunanen, T., Vaezi, R.: Design Science Research Evaluation. In Peffers, K., Rothenberger, M., Kuechler, B. (eds.) 7th International Conference on Design Science Research in Information Systems, LNCS, vol 7286, pp. 398- 410. Springer, Las Vegas (2012). 29. Petkov, P., Helfert, M.: Data Quality in Ubiquitous Computing - Suitability of Design Science Research?. In: Proceedings of the 3rd International workshop on IT Artefact Design & Workpractice Improvement. Forskningsgruppen VITS, Linköping (2014). 30. Pleasants, J., Clough, M.P., Olson, J.K., Miller, G.: Fundamental issues regarding the nature of technology. Science & Education 28(3-5), 561-597 (2019). 31. Poikola, A., Kuikkaniemi, K., Honko, H.: Mydata - A Nordic Model for human-centered personal data management and processing. Finnish Ministry of Transport and Communications (2015). 32. Politou, E., Alepis, E., Patsakis, C.: Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity 4(1), p.tyy001 (2018). 33. Sanchez-Rola, I., Dell'Amico, M., Kotzias, P., Balzarotti, D., Bilge, L., Vervier, P.A., Santos, I.: Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 340-351. ACM, New York (2019). 34. Sheng, H., Nah, F.F.H., Siau, K.: An experimental study on ubiquitous commerce adoption: Impact of personalization and privacy concerns. Journal of the Association for Information Systems 9(6), 80-84 (2008). 35. Sonnenberg, C., Vom Brocke, J.: Evaluations in the Science of the Artificial – Reconsidering the Build-Evaluate Pattern in Design Science Research. In Peffers, K., Rothenberger, M., Kuechler, B. (eds.) 7th International Conference on Design Science Research in Information Systems, LNCS, vol 7286, pp. 381-397. Springer, Las Vegas (2012). 36. Vial, G.: Understanding digital transformation: A review and a research agenda. The Journal of Strategic Information Systems 28(2), 118-144 (2019). 37. Vom Brocke, J., Winter, R., Hevner, A. & Maedche, A., 2020. Accumulation and Evolution of Design Knowledge in Design Science Research – A Journey Through Time and Space. In Journals of the Association for Information Systems (JAIS). 38. Webster, J., Watson, R.T.: Analyzing the Past to Prepare for the Future: Writing a Literature Review. MIS Quarterly 26(2), xiii–xxiii (2002). 39. World Wide Web Consortium: PROV-DM: The PROV Data Model, W3C Recommenda- tion, https://www.w3.org/TR/prov-dm/, last accessed 2018/04/16. 164