34.0 Ethical issues in online research
- 34.1 Introduction
- 34.2 Recruitment by email
- 34.3 Email-based data collection
- 34.4 Online surveys
- 34.5 Justice and access issues
- 34.6 Consent issues
- 34.7 Chat rooms, blogs, social networking sites and other multi-user spaces
- 34.8 Web-based documents
- 34.9 Data storage and management
The internet plays an increasing role in the conduct of human research. The National Statement lists online research including chat rooms, e-groups, bulletin boards and email lists among qualitative research methods, but gives no specific guidance as to the use that may be made of them.
While the same requirements apply to online research as to any other research method or mechanism, some issues such as privacy can become more complex because of the nature of the medium.
Deakin HREC has established positions in relation to online research based on the general principles of ethical research.
An increasingly common way to identify potential participants in a research project and/or distribute recruitment material is via the use of email lists.
When you plan to use such a list, remember that a personal email address is personal information and is subject to privacy requirements.
As a general rule:
- Email addresses in the public domain (eg listed on a work website) may be used in the same way as a publicly listed phone number.
- Email addresses that are not public knowledge (eg the email addresses of a service's clients), may not be accessed without permission.
- The list custodian (eg the clinic) cannot provide these addresses to you unless the clients have given permission for this.
- You may ask the list custodian to forward information on your behalf, but this will be at their discretion.
Email is not a secure medium, and in most cases the user is identifiable. Don't use email where security or anonymity are important (eg where identifying a person as a participant or potential participant could put them at risk of harm). Ask yourself, could the participant be in a dangerous or embarrassing situation if the email became public?
While often used as a recruitment tool, email may also be used to gather data.
The most common use of email data collection is to ask supplementary questions following the main round of data collection. In this case, consent has already been given, and the ethical issues involved in the project have already been dealt with.
Emailed information should always be treated as potentially identifiable. It is not rendered 'anonymous' by removing the header details identifying the sender.
As with using email for recruitment, you should remember that email is not a secure medium, and in most cases will be identifiable. Don't use email to collect data intended to be anonymous or where participants face significant risks in the event of a breach of confidentiality.
Online surveys are useful in that they are easily accessible, and once set up cost little to run. They may offer improved access to some participants, as they do not need to be completed at a specific time or in a specific place. They offer an opportunity to reach some difficult to access populations, but may also create biased sampling as, contrary to popular belief, not all people have internet access. Online surveys also have the potential for a high level of confidentiality/ anonymity. However the nature of the medium leads to some issues which need to be thought through ahead of time.
Deakin web information and resources offers general advice, including: the Deakin social media guidelines, web publishing operational policy and dependent procedures, and the information privacy operational policy.
When designing your project, it is important to determine the level of anonymity or confidentiality involved. Will the data be collected in such a way that the user or computer involved is identifiable?
- Some applications automatically record the IP address when a person logs into a survey.
- In some situations IT staff managing the website will be able to access the details of the person taking part.
If the information is confidential but need not be anonymous, then participants may be given a specific password to access the system, which allows the researcher to know who has participated, but does not record personal details on the survey.
If you tell your participants that their information is fully anonymous, then you must ensure that this is correct. If you cannot guarantee anonymity, then tell participants that the information will be confidential.
The potential for anonymity can work both ways. If an online survey is fully anonymous, then there is no way to check the information supplied by participants. You will need to accept that if they say (for example) that they are over 18 years of age, that this is the case. For this reason, if the identity (a particular demographic, a particular set of people) of participants is important to the study, then a better option may be issuing of a password or passwords distributed to your target group of participants.
- Surveys should be administered from a secure Deakin server
- Survey responses must not be able to be monitored by staff in ITSD
- Where surveys are anonymous the origin of a given response must not be traceable (e.g. the IP address of the respondent must not be logged either directly or automatically)
- Access to data stored on the server for particular surveys should be limited to authorised persons only (e.g. members of the research team responsible for the project)
- A survey should not be accessible until participants consent to take part in the project (wherever possible afterreading the plain language statement and selecting 'I accept' on the consent form)
- The plain language statement should be printable by the participant
- Where access to a survey is to be restricted (eg to students in a particular course, to members of an association, to persons over the age of 18) then appropriate limitations should be placed on access. This may take the form of particular log-in details or other arrangements, but must not compromise confidentiality
- Online surveys should not breach Deakin University accessibility guidelines.
The survey software you want to use may involve collecting and storing data at a location other than a Deakin University server.
Your application for ethics approval must include evidence that the collection and storage arrangements are secure and appropriate for the type of data being collected.
Several popular free or low-cost online survey services list their security arrangements: Survey Monkey, Freeonlinesurveys, LimeSurvey, Qualitrics, Qualsk, SurveyMethods (makes Facebook surveys). Deakin does not endorse or recommend any external online survey service, this information is provided as an example only, to assist you to make an informed decision about such services' possible suitability for your project. For a short, clear discussion of different online security features, although with an intellectual property rather than a research perspective, see Online survey content security doesn't exist.
Justice is one of the key principles on which human research ethics is based. When using internet or computer based methods of data collection, consider whether the use of technology may inappropriately limit your sample. Computer and internet access is not uniform across all potential participant groups.
Online usage can be limited by access (lack of availability in some remote areas, or lack of financial means to purchase access).
Online usage can be limited by preference. The demographics of online usage can change quickly, but it remains true that older populations show less take-up of internet, and more mistrust of internet security.
Design web tools so that people with a disability that limits sight or movement will be able to participate in the research.
Informed consent issues in web-based research are discussed in Section 9.9.
Chat rooms, blogs, social networking sites and other multi-user spaces can be valuable sources of information. You must be aware that there are degrees of privacy in 'cyberspace'.
- Public online spaces allow anyone and everyone free access.
- Private online spaces require a login or some other permission before all or some areas can be accessed.
Private online spaces are subject to the same privacy limitations as private physical spaces. Informed consent requirements apply. You cannot use information obtained as a member of a private cyber space for research purposes without permission.
If you wish to record and use information from a blog or chat room there are a number of different possibilities.
If the online space already exists independent of your research then negotiate consent from both the creator or sponsor of the space and from users. Seeking permission to use particular posts is likely to be relatively straightforward. Seeking permission to use a discussion string will be much more complex. If information is identified, or identifiable, you will also need to consider the level of confidentiality which can be achieved.
If you have created an online space for your research, you will need to obtain consent from the users to use their information. One way to do this is an agreement which includes the elements of a Plain Language Statement as a pre-requisite for access to the space.
If your online space will involve deception (active or passive) you will need to have a strong rationale due to the difficulty of monitoring such research and providing support to anyone who could potentially be harmed by it. Deakin HREC would consider such an application on its merits, but would need to be satisfied that there was no better way to gather the required information.
Recruitment through social networking sites such as Facebook is becoming more common. If you plan to use this recruitment method, remember that information you obtain can only be used for recruitment. If you intend to collect information from a personal site, you must obtain appropriate consent.
This method of recruitment will give you a biased sample. Social networking sites do not give you access to a complete cross-section of the population.
- This may be a good thing if your research is involves solely participants from the demographic and socioeconomic status predominating in the network.
- Your ethics application will need explain why it is desirable or acceptable to exclude some sections of the population
"It's easier to use social networking" - by itself - is an inadequate justification.
Given the nature of the internet, there is potential for people of widely varying age, status and sensitivity to access your sites of interest. Limitations on the type of participants are difficult to implement, particularly for an open survey. Consider the implications for both the research method and the potential risks involved.
If your research involves sensitive issues which could potentially harm or distress participants, the potential support services which can be provided may be limited. This needs to be considered as part of your research design.
The internet can be a rich source of documentary material for analysis, including web pages and downloadable documents.If your research involves only documents which are freely accessible on the internet (ie there are no limits on access) you do not require ethics approval to use them in your research.
If the research involves the analysis of documents on an intranet, or password protected website, then the same privacy and confidentiality rules apply as to any other information.
- You will need permission from the organisation that hosts the intranet to use the documents posted on it.
- If the documents include (identifiable) personal information about individuals, then it is considered human research and will require ethics approval.
Legal requirements for privacy and confidentiality are discussed in section 10.0.
Data collected from online research is subject to the same secure storage requirements as other data.
If data are to be stored online then that storage must be secure and have a mechanism to limit access to the data to authorised persons. There are international standards that apply to the security of personal information stored online, and if you are considering online storage of personal information you will need to seek technical advice on this matter.
How you will store your data online, and protect it from unauthorised access, must be explained in your ethics application and in your informed consent materials.