Guidelines for designing and implementing digital services

All Barcelona City Council’s digital services will support interoperability based on the use of free standards and formats.

The City Council’s digital services will use free standards on a mandatory basis, and in particular those set out in the catalogue of standards from the Technical Interoperability Standard (as implemented under Royal Decree 4/2010) or the internationally accepted free standards that update, replace or complement these standards. Where there is no approved free standard for a required format, a format that is intended to be used will be proposed, in accordance with the provisions of the applicable regulations and the IMI’s requirements for free standards (as defined in the Guide to Technological Sovereignty that accompanies this Code).

The IMI will maintain public lists of technical formats and standards in use, classed as mandatory, priority or recommended.

The choice of standards will follow an open and transparent process based on users' needs, flexibility, promotion of free competition and free collaboration and any implications for future interoperability. This process must be formally approved. The areas that have their own legal framework will comply with the specific standards applicable in that area (e.g. Geodata).

Preference will be given to the public procurement and acquisition of tools and systems that use free software, for all the technical architecture of the applications and services that are delivered, avoiding dependency on systems that are not free. The use of non-free solutions will be only be allowed in exceptional circumstances, which will be reviewed on a case-by-case basis, in accordance with criteria established in the Technology Procurement Guide.

Both internal and external projects for the development of digital services will be developed from the outset with a view to their freeing, in line with the best practices of free software development, and based by default on free technologies that allow the final product to be released in accordance with the City Council’s policy and the applicable regulations. Documentation, design and other elements (sounds, typographies, etc.) will also be made available to third parties under free content licences.

Software acquisition will provide incentives for reusing existing solutions. Development projects in which the City Council participates will attempt, on top of being released under free software licences, to offer technical and organisational facilities for their reuse by third parties. Where software owned by the City Council and its associated entities cannot be released under a free software licence (for technical or legal reasons), it will be made available to other administrations without the need for any valuable consideration or agreement, in accordance with applicable regulations.

Where appropriate, the possibility of collaborating with other public authorities and entities in the development of technological projects of interest will be studied, with a view to sharing costs and encouraging interoperability.

The preparation stage of contracts must show that an exhaustive search has been made into already existing and reusable possible solutions, both nationally and in international public repositories.

Proposed projects must not include any specification that prevents solutions with free technologies from being proposed, nor must they mention specific products or suppliers unless they are compatible with existing technologies, in accordance with the Guide to Technological Sovereignty. Architecture and interoperability requirements, and the right and ability to modify and reuse the software of digital systems and services, will be regarded as part of the technical features and specifications.

Every decision on technology acquisitions will take into account the total cost of the system over the long-term useful life of the service (TCO, Total Cost of Ownership), including hidden costs (for example, exit costs to replace a technology in the future when formats or interfaces based on free standards are not used) as well as the net social benefits.

Contracts for new projects or extensions of existing projects will use standard clauses based on these principles, even in preliminary projects where a pre-selection of technologies is made, as well as in framework agreements and contracting in lots. These clauses will require the use of solutions based on free technology, except in exceptional circumstances as provided for in the Technology Procurement Guide.

The development of digital infrastructures and services will follow best practices in development methodologies for free software, employing by default the IMI’s Agile methodology.

During the lifetime of the contract, providers of ICT development services will collaborate with the IMI to keep the code available at all times in appropriate version-control systems. Similarly, every system and service must be properly documented and include the necessary instructions for the installation, deployment and configuration of services in free environments.

Proposed projects will study the possibility of collaborating with the technology and free software communities, especially with local communities. Collaboration with other interested entities and institutions will also be encouraged, to promote social innovation and local technological products and skills.

Projects that produce free systems and tools through a development service promoted and funded by the City Council must include a sustainability and governance model. This model will include an approximate definition of the community, support tools, communication and marketing activities, processes for external contributions, the management of intellectual property and the sustainability of the software beyond the project itself for the City Council.

External players will be encouraged to make contributions to projects led or freed by the City Council. Specific rules adapted to each case will be established for the management of rights over contributions, with the objective of guaranteeing compliance with third-party rights and applicable law.

Where projects developed by City Council staff and/or providers improve or transform an existing free software product, such improvements and any corrections will be contributed, as far as possible, to the original project (upstreaming). Similarly, projects will ensure forward compatibility, as much as possible, so that software adapted for Barcelona City Council will reduce to the maximum the number of potential problems for updating and maintenance.

City Council projects will establish a legal framework for clearly determining and managing intellectual property rights over software developments. Depending on each case, agreements will establish an ownership model, including options for assigning rights to the City Council or the IMI, leaving them in the hands of the provider, or assigning them to the entities that manage the relevant code for the project, as long as those relating to free projects are available under a free software licence.

Software produced within the framework of the City Council’s digital services projects, including software resulting from procurement agreements, will be made publicly available under a free software licence that complies with applicable regulations. The City Council will establish the criteria and requirements to determine the type of licence to use for each project.

Projects must establish processes and documents for managing the legal aspects relating to intellectual property and software licences (in particular, in relation to contributions, licences over components used in development and other dependencies of the software), and in doing so, use best practices and standard or widespread-use tools in the sector, to guarantee the traceability and integrity of the code.

Where a trademark is registered to identify a software project freed by the City Council, a public-use policy will be established to allow members of the community of users and developers to use the mark within the framework of the community’s activities.

This Code of Practice covers the entire set of all municipal data. Municipal data can be divided, for conceptual purposes, into three large groups:

The City Council has various repositories available for each type of dataset. Their definition and management will be linked to the set of technological requirements set out in this Code, as well as data-protection legislation. There is a transversal comprehensive data repository, within the City OS, which constitutes a single analytical repository of municipal data. The City OS will be able to include an analytical dashboard of any of the management datasets.

Municipal services will be managed on the basis of data-based evidence. The datasets currently available to the City Council (the Data Lake) will be managed in a more efficient and transversal way so that they can return much greater value to citizens, and allow more complex analyses developed by Data Science.

In order to support the management needs and mission of Barcelona City Council, each business unit will develop and maintain its own Data Management Plan (PMD) to define the objectives of its own information technology resources. The objectives must be specific, measurable and verifiable so that their progress can be monitored.

Business units will keep an inventory of the principal information systems, their containers and dissemination tools, with a level of detail appropriate for their supervision and management. In addition, each business unit will keep a record of all the actions taken in both management and analytical databases The Office of the Municipal Data Director (DMD or CDO) will determine the meta-information of these systems.

Business units will continuously enable the adoption of new technologies and evaluate the entire life-cycle of each information system. Entities will incorporate the following steps, where appropriate, in planning, budget definition and management:

Business units will develop an architectural description (AD) that depicts the architecture that is available, the target architecture and the plan to achieve the latter. The AD for each unit must be in line with the PMD. The AD must identify which roles may have access to systems and which profiles have access to particular information, and under which circumstances.

Business units will promote the opening up of municipal data (Open Data) and interoperability based on free formats, subject to existing technical and legal requirements, to increase the public’s access to municipal information and make operations more efficient, reduce costs and improve services for citizens. Open data will be provided in a machine readable format (i.e. CSV, XML, JSON or other similar formats that facilitate fine-grained automatic data processing and transformation), and updated regularly.

Business units must apply and document appropriate safety measures for designated information and data, records management, transparency, impact assessment and supply chains, and do so during the entire data cycle so that the risks are assessed and managed.

Each unit will develop a Resilience Plan. The Resilience Plan is crucial so that services can continue to operate and carry out tasks during disruptions.

Municipal units will only be able to create, collect, use, store or disseminate personal data when they have the required authorisation. Business units must establish and maintain a data protection programme which ensures compliance with applicable regulations (in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and other privacy requirements, which assesses and manages privacy risks.

Measures must be taken to incorporate when necessary privacy by design strategies and/or privacy enhancing technologies (PETs), through which the privacy of data subjects is taken into account during all the processes for designing, developing and managing the City Council’s information systems. When applicable, encryption algorithms, data anonymization or pseudonymisation must be employed.

Business units will carry out privacy impact assessments aimed preventively at ensuring that, where data processing may involve especially serious risks, the necessary measures are taken to reduce, as far as possible, the risk of damaging or prejudicing people or of negatively affecting their rights and freedoms, blocking or restricting their exercise or content.

The physical security of the data will be determined by the standards defined by the IMI. In any event, any third party in charge of data processing must offer sufficient guarantees regarding the implementation and maintenance of required security measures, and the other guidelines defined in this Code and the future Data Strategy of Barcelona City Council.

The municipal organisation will adapt the roles and responsibilities of managers and business units for the purposes of observing the requirements of this Code. A Municipal Data Manager will be appointed to head the Municipal Data Analytics Office, and each unit will have an officer responsible for data who will carry out this role for each of the bodies in charge of data. Pursuant to Regulation (EU) 2106/679, the City Council will appoint a corporate Data Protection Officer with the functions assigned by this regulation.

The management offices and bodies will comply with the regulations and instructions regarding the management of data, information and municipal documents that are passed by the executive bodies, which will be developed on the basis of the Responsible Data Management Strategy led by the Commissioner for Technology and Digital Innovation.

The Municipal Data Strategy that will be developed under this Code and the corresponding Government Measure on the Barcelona City Council Data Strategy, will establish the technical details for the development of municipal data management.