Procedures for Protecting Online Survey Respondents and Using Social Media for Research

Below are general guidelines for protecting survey respondents:

1. Commitments to confidentiality should be obtained in writing form all individuals who have access to survey data or who participate in the data collections process.

2. The linkages between survey responses and subject identifiers should be minimised. In many cases, respondent names need not be obtained during any phase of the research process. When specific identifiers, such as names or addresses, are necessary, they can be physically separated from the interview forms in which the actual survey responses are recorded.
   
3. Only those persons who are involved in the survey project should have access to
   completed surveys.
   
4. Identifiers should be removed from completed questionnaires as soon as possible.
   
5. Actual questionnaire responses should not be available to individuals who could identify respondents from their profile of responses (such as supervisors in the case of a survey of employees).
   
6. Actual data files usually will include an identification number for each respondent. The linkage between these numbers and other respondent identifiers (such as names and addresses) should not be available to data file users.
   
7. Special care should be taken when presenting data for very small categories of respondents who might be identifiable
   
8. Researchers are responsible for the destruction of completed survey research instruments, or their continuing secure storage, when a project has been completed or when the use of the actual survey questionnaire has ended. (Kimmel, J. (2007) Ethical Issues in Behavioural Research. Oxford: Blackwell, p191)

BPS Guidelines – Internet Mediated Research (IMR)

British Psychological Society – Ethics Guidelines for Internet-Mediated Research (2021)

Additional consideration is required for research carried out using content available from the internet (i.e. blog posts, tweets etc.) – the distinction between public/private; confidentiality (particularly relating to publishing quotes from discussion boards etc.); copyright issues; valid consent; withdrawal; debriefing.

Valid consent

“It is important in IMR, as in any research, that participants providing valid consent are given sufficient details about the study, and the nature of their participation, as well as possible associated risks. Not all of these risks are obvious in IMR, as they can be different to risks that might normally be present in offline contexts. One such risk relates to the levels of researcher control over confidentiality of data, particularly during the data gathering process (for example, where data is stored on the server of a third-party software provider). While it is normal practice (offline) to assure participants of the confidentiality of their personally identifiable information, in IMR the risks for violating this principle can be greater. Researchers need to be aware that it is impossible to maintain absolute confidentiality of participants’ personal information gathered online because the networks are not in the control of the researcher. Situations where data are collected in IMR with no potentially identifying information attached are not common. For example, even an IP address stored alongside online survey responses may be linked to an identifiable individual (see the further discussion under Principle 4 on potential risks to anonymity and confidentiality).”

Deception

“For some research designs, it may be necessary to withhold relevant information or disguise the research question(s) before data gathering (e.g. to avoid contaminating the data and jeopardising the validity and scientific value of a study)… In face-to-face research, such ethics issues are typically addressed by debriefing participants about the true nature of the research at the end of the study… In IMR there is an additional risk: that participants may not participate for the full duration of the study and may not be exposed to the debriefing information that could otherwise provide important safeguards. RECs should balance the scientific value of any withholding of information or deception against the risk that participants may discontinue before the disclosure and debriefing (relatively easily done in an online survey), and any likely harm that could emerge in such cases.”

Withdrawal

“…a participant may decide to exit a survey or experiment part way through, and do this by closing their web browser. In such situations it may not be clear whether the participant intended to withdraw their valid consent for the use of any data already stored. To use any such partial data could thus violate a participant’s withdrawal rights. Essentially, in IMR such difficulties need to be anticipated, and withdrawal procedures made clear and robust as possible. For example, displaying a clearly visible ‘exit’ or ‘withdraw’ button on each page of a survey or experiment is often good practice. Clicking this would ideally lead to a debrief page and perhaps also a statement asking participants if they require their data to be withdrawn, or whether their partial data can be used (this relates also to the principle of scientific value). Problems will still arise in situations where a participant chooses to exit by closing their browser window, however. Also, some situations make it difficult to implement the ‘exit’ procedures recommended here (e.g. off-the-shelf online survey software solutions may often not incorporate this functionality). A button at the very end of a study confirming consent to use the data or partial data submitted could help here; arguably, if this has not been verified by a participant then their data should not be used.”

Further resources

Government.UK – Social Media Research Guidance; using social media for social research