Toward Architecture-Driven Interdisciplinary Research Learnings from a Case Study of COVID-19 Contact Tracing Apps Fabian Burmeister Department of Informatics University of Hamburg Hamburg, Germany fabian.burmeister@uni-hamburg.de Niva Elkin-Koren Faculty of Law Tel Aviv University Tel Aviv, Israel elkiniva@tauex.tau.ac.il Mickey Zar Faculty of Law Tel Aviv University Tel Aviv, Israel mickeyza@post.tau.ac.il Christian Kurtz Department of Informatics University of Hamburg Hamburg, Germany christian.kurtz@uni-hamburg.de Tilo Böhmann Department of Informatics University of Hamburg Hamburg, Germany tilo.boehmann@uni-hamburg.de Wolfgang Schulz Leibniz Institute for Media Research | Hans Bredow Institute Hamburg, Germany w.schulz@leibniz-hbi.de ABSTRACT This paper explores the use of an architectural perspective to study complex data ecosystems and to facilitate a normative discourse on such ecosystems. It argues that an architectural perspective is helpful to bridging discursive and methodological gaps between information systems (IS) research and legal studies. Combining architectural and normative perspectives is a novel interdisciplinary research approach that provides a framework for analyzing techno-legal contexts. The merits and challenges of this approach are demonstrated and discussed in this paper using the example of COVID-19 contact tracing apps. We conceptualize our results on three levels of knowledge: the first is the actual knowledge of the exemplary contact tracing app we studied and its ecosystem; the second is knowledge of the architectural meta- model that we used, its benefits and its shortcomings; and the third is knowledge of the interdisciplinary research process of acquiring common knowledge shared by IS scholars and legal experts. CCS CONCEPTS • Applied computing → Enterprise architectures; Law, social and behavioral sciences; • Security and privacy → Human and societal aspects of security and privacy KEYWORDS Architecture, contact tracing app, COVID-19, data ecosystem, HaMagen, information systems, interdisciplinary research, law, privacy ACM Reference format: Fabian Burmeister, Mickey Zar, Tilo Böhmann, Niva Elkin-Koren, Christian Kurtz, and Wolfgang Schulz. 2022. Toward Architecture-Driven Interdisciplinary Research: Learnings from a Case Study of COVID-19 Contact Tracing Apps. In Proceedings of the 2022 Symposium on Computer Science and Law (CSLAW’22), November 1–2, 2022, Washington, DC, USA. ACM, New York, NY, USA, 12 pages. https://doi.org/10.1145/3511265.3550451 1 INTRODUCTION This paper describes the explorative process of a research team consisting of information systems (IS) and legal scholars. The team explored the use of an architectural perspective to study complex data ecosystems and used this perspective to facilitate a normative discourse on such ecosystems, with the aim of bridging discursive and methodological gaps between IS research and legal studies. Combining architectural and normative perspectives is a novel interdisciplinary research approach that offers a framework for analyzing techno-legal contexts, as will be unfolded in the following. We used COVID-19 contact tracing apps as an example for this exploration. Since the outbreak of the global pandemic, COVID-19 digital surveillance has been increasingly deployed by governments around the world to track and notify individuals about contact with confirmed COVID-19 patients (e.g., Google and Apple interfaces or the PEPP-PT approach); to enforce mandatory self- isolation (e.g., Hong Kong); to automate clearance for employees in the job market; to allowing entry into businesses or access to public transportation (e.g., China); or to predict the likelihood of an outbreak in certain areas [1, 5]. Common to all these measures is the collection and analysis of sensitive health, location, and proximity data at various levels of precision. The use of these measures has raised a vivid public debate over the appropriate balance, regarding the design of a particular system’s architecture, between public health necessities and fundamental human rights, especially in the context of privacy and data protection [1, 31]. However, focusing exclusively on the architecture of a specific technology or app might be too narrow and may suffer from a blind spot. It risks overlooking the ways by which these newly This work is licensed under a Creative Commons Attribution International 4.0 License. CSLAW’22, November 1–2, 2022, Washington, DC, USA. © 2022 Copyright is held by the owner/author(s). ACM ISBN 978-1-4503-9234-1/22/11. https://doi.org/10.1145/3511265.3550451 143