[D132.0000] Digital Data Protocol Design

Users’ perceptions of the technology are important components of digital research because different levels of technological and data privacy literacy exist in the public, so users’ perceptions can be drastically different depending on their level of understanding.  It is important to keep in mind that different populations have different expectations of privacy online, and those expectations change depending on the context of each interaction.

The following tips will assist in developing an understanding of how potential subjects may perceive your study’s technology and its impact on their data:

• Examine the terms of use or service of the app or website to see if there is a description of the intended use of the content. For example, the agreement could say the content is not meant for the public domain or that any reproduction of the content must have written permission from the individual who created the content or the hosting entity that runs the platform. There is some risk in this method since it is well known that users do not read the terms of service and can be misinformed about the level of protection that the terms of service provide against researchers. Consider:
  1. Does the site have a membership requirement (i.e., log in) to see the content?  If there is a login, there is an expectation of privacy.
  2. Does the site have an explicit or implicit target membership (e.g., grieving parents, dating sites for specific populations/groups)?  If so, this could create a sense that only individuals from that specific group will see the content, even if there are no restrictions.
• Assess and accommodate the technological literacy of the study population. For researchers, this is important because it will help determine the level of technical language appropriate for the consent process. Consider how participant familiarity with technology can be assessed. Is the technology being used explained in a way that participants can understand?

How an app functions is very important to the ethics of a protocol, just like any other tool used in the study. If the app has any medical function(s), please also review the FDA mobile app guidance. The following will assist in addressing questions the Institutional Review Board (IRB) and participants may have regarding the technology being used in the study:

1. Is the use of the app mandatory or optional?
2. Are operational instructions provided?
3. Is there technical support for the app that participants know how to access?
4. Will participants need to provide their own devices, or will the study provide them? Do you have a plan to retrieve any devices that the study provides that will be communicated to participants? Note: Generally, the IRB would not approve holding a participant financially responsible for the cost of repair or replacement if the equipment is lost, damaged, or not returned at the end of the study.  If informed, such failure could result in forfeiture of rewards or incentive payments.
5. Will participants need to pay to use the app?  If so, will the study compensate them for the purchase?   
6. How will the use of a phone app impact participants’ data plans, if they have one?
7. Can the participant still use the app or website after withdrawing?
8. Will data be provided to any third parties, including the app developer?
9. Is the app using text messages to communicate with subjects?  (If so, the protocol must explain that during the consent process and in the consent form, due to federal law, which requires consent to receive text messages.)
10. Will participants’ health care provider(s), if applicable, use the data collected?
11. If the app collects or transmits Protected Health Information, is the software function HIPAA compliant?

Protocols that use websites as a part of the research need to describe how the website functions to allow reviewers to better understand user expectations and data management. Consider:

1. Can you see the information online without having to register for a membership? This gives an indication of users’ expectations of privacy.
2. Does the website have a policy against research being done on the site?
3. How likely is it that there might be unknown minors involved on the site? What, if anything, can be done to identify and/or filter them out of recruitment and data retrieval?
4. Does the website create identifiable or linkable information?  Keep in mind, re-identification is possible with information as trivial as zip codes and web search queries. In addition, an IP address is a new type of identifier, with different countries declaring it private information.
5. Does the site have a comment section that could compromise subject confidentiality or privacy?  If so, can this section be turned off or moderated to protect subjects?

• Buchanan, Elizabeth A., and Zimmer, Michael, “Internet Research Ethics”, The Stanford Encyclopedia of Philosophy (Spring 2018 Edition), Edward N. Zalta (ed.), Stanford University, 24 Aug. 2016, https://plato.stanford.edu/entries/ethics-internet-research/.
• “Exemption Policy Re: Research Ethics Review for Projects Involving Digital Data Collection.” Exemption Policy: Research Ethics Review of Projects Involving Digital Data Collection, Queen's University, 3 Oct. 2008, https://www.readkong.com/page/exemption-policy-re-research-ethics-review-for-projects-7465104.     
• Fiesler, Casey. “Participant Perceptions of Twitter.” UCSD CORE Project Webinar.
• “Guidance on the Use of Mobile Applications.” Institutional Review Board, University of Kansas, June 2016, https://www.nursing.ku.edu/documents/ri/irb/Mobile-App-Use-Guidance.pdf.
• Hern, Alex. “Fitness Tracking App Strava Gives Away Location of Secret US Army Bases.” The Guardian, Guardian News and Media, 28 Jan. 2018, https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases.
• “Institutional Review Board: Guidelines.” Institutional Review Board: Guidelines, Internet Research, Bard                 College, www.bard.edu/irb/guidelines/.
• “IRB Review of Mobile App Guidance.” Office of Research, University of Pittsburgh, 10 Dec. 2014,                 https://www.irb.pitt.edu/sites/default/files/mobile_appreview_12_10_2014.pdf.
• Peloquin, David. “Big Data and Confidentiality.” AAHRPP 2018 Annual Conference. “Summiting New Heights in the Mile High City: Early Experiences Strategies and Solutions.” 20 Apr. 2018, Denver, CO.
• “Research Using Online Tools & Mobile Devices.” Research, Indiana University, 14 May 2018, https://research.iu.edu/compliance/human-subjects/guidance/mobile.html.