Ethics and privacy
Citizen science can be applied in any kind of research discipline. Classical guidelines concerning ethics in scientific research are, however, often domain specific (e.g. health science vs. mathematics), making it a real challenge to formulate a single set of mandatory rules for all citizen science projects. Moreover, the acceleration of technological changes has made the issue even more complex. Therefore, it is crucial to not only search for legally binding rules at the start of a citizen science project design flow (e.g. the Belgian Law on Privacy and the European GDPR), but also for non-binding ethical recommendations, as has been formulated largely in the 10 Principles of Citizen Science.
Ethics in citizen science is more than just privacy. Amongst other topics, it covers:
- the citizen's role. Does the research benefit them? Or can it potentially harm them? Does he/she have a meaningful role in the process and project?
- correct communication and feedback towards citizens. Are they sufficiently informed about what happens with their data?
- publications. Are citizens being recognized for their contributions, either individually or as a group? How to handle topics such as intellectual properties, authorships and copyrights?
- data management and data quality (especially with regards to ethical and privacy concerns). Are the data being published in an open repository? Are they trustworthy?
Other themes, such as potential conflicts of interest, can be considered part of the ethical concerns.
On this page, we touch upon some of the urgent matters in ethics and privacy. Later on, this theme will be explored further with the Scivil working group for Data Management.
The concept 'personal data' is more than just identification data; it is also audio tapes, IP addresses, user names, user locations... It's no use to think, "My citizen science project is on plants so I don't have to worry about protecting personal data".
Guidelines and laws on privacy
The GDPR asks for a broad description of the data processing procedures, and to register them. This way, information on data processing can always be shared with the stakeholders. It's necessary to have a procedure that allows citizens to take control of their data (the right to look into your data, adjust or delete them, and take control of the amount of data that is gathered and/or passed on to other parties...).
If and when data is being analyzed by third parties, it is also necessary to have a correct and transparent contract with these third parties that guarantees the information is secure.
It is paramount to always ask permission the save and use data, when collecting the data. If this is not feasable, it is best to determine how and which data can be used (e.g. following legal obligations, protecting the citizen's vital interests).
What are personal data?
Researchers, especially in exact sciences, possibly think that they do not use personal data in their citizen science project, because the subject or theme of their project is, for example, plants or rocks. However, in citizen science, scientists always gather a minimum of personal data; an IP address, user names, audio tapes, the time and location where the citizen gathers or uploads their findings... Even though it is possible to gather these data anonymously, it is sometimes possible to trace the data back to the volunteer, and it's possible that this person does not want to (openly) share with the world.
Is a DPIA necessary?
A DPIA or a Data Protection Impact Assessment is a procedure that examines the way data privacy is influenced by certain (research) practices. With GDPR, it is obligated to do a DPIA when doing certain types of activities, e.g. (A) profiling people, (B) developing automated decision-making processes that can have a (legal or non-legal) impact on people, (C) using genetic data, information on political or religious choices, heatlh or ethnicity, (D) when you're planning to combine different research processes of which the citizen has no knowledge, and (E) when interacting with vulnerable groups of people. These activities are mentioned in article 35 of the GDPR.
Anonymize vs. pseudonymize
Anonymizing is a process in which personal data are altered to data where individual identity cannot be traced. In the GDPR, anonymization is seen as a data processing process. An example of anonymization is the aggregation of data even before they are further analyzed.
Pseudonimization is a process in which volunteers are assigned a unique code. Their contact data can then not be traced back to their research data. Pseudonimization is most often used in (bio)medical and social/psychological studies, but also in citizen science. Do take into consideration that pseudonimization is not the same as anonymization. By combining pseudonimized informatoin (e.g. daily work commutes and certain health markers of an individual), it is sometimes still possible to identify individuals (against their wishes).
Intellectual property and licences
When to be extra careful?
The approach to intellectual property depends on the type of contribution the citizens add to the project. When the citizens gather data (e.g. measuring air quality or organism size), there is little chance of problems later on. The same goes for transcribing or digitalizing data.
It is however necessary to be extra careful about intellectual property, when the citizens contribute imagery or written observations, or when they are involved with problem solving processes and data processing, or participate in research that might lead to new, large discoveries (and thus, new patents). It is important to keep in mind these aspects, as soon as you start designing your project.
Also explore what your research institute and/or funding instance expects on intellectual property. When using extern platforms (e.g. Facebook, Google Docs, Open Street Map...) it is best to look into the consequences for intellectual property within your project.
What to do?
In citizen science projects, there is a difference between intellectual property/copyrights of what the citizen contributes to the project, and the ownership and rights of the results that the project delivers.
When the property rights of project results and/or inventions are important to your project, it is best to make it clear in your project structure is co-ownership of these rights is possible or not. It is necessary to determine the importance of patenting and of the open character of your project.
Licenses are contracts that determine which rights third parties have on information, images or items with property rights, and how these third parties can use them. Unlike with 'transferring rights' (which is often the case when publishing in scientific magazines), the original owner of the intellectual property keeps all copyrights.
A license can determine who can use the work, for how long, and under which circumstances, for instance only for non-commercial use, after paying a fee, or only when referencing to the owner of the rights.
A license comes into effect when users explicitly or implicitly agree to the terms and conditions of participation in a project, if they are stated in the terms and conditions. The most important licenses in the context of citizen science are copyright licenses. The most famous are the standardized Creative Commons licenses that allow people to share copyrighted work.
In the context of citizen science, an explicit, infinite, non-exclusive license between the participant and the researcher is usually sufficient to collect, process and disseminate data. The non-exclusivity gives the participant the freedom to use his/her material in other contexts as well.
Would you like more information about the use of licenses with open data structures? Then you can visit this Citizen's Guide to Open Data, where you will find links to websites that help you choose the best license for your project.
Authorships and acknowledgments
Citizen science should bring benefits to both the researcher and the citizen. Citizens therefore like to be respected for their commitment and added value. In large projects, citizens are sometimes collectively mentioned in the acknowledgments in an (scientific or otherwise) article. The greater a citizen's contribution, the more important it is to express an appropriate appreciation. It doesn't always have to be as a co-author of an article; for example, the reflection nebula discovered in the context of Galaxy Zoo in 2007 by the Dutch teacher Hanny Van Arkel was officially called 'Hanny's object'.
If you have questions that you cannot resolve via online information, as an employee of a large organization you can contact your Data Protection Officer (DPO). After all, the GDPR requires that certain companies and institutions provide such a person, who advises the organization independently on the use of personal data in accordance with privacy legislation. You will usually find the contact details of the DPO at the central administration of your organization.
If no DPO is available, you can seek help from your sector organization, which in turn (if necessary) contacts the First Line Service of the Data Protection Authority (GBA).
If you are involved in a citizen science project investigating human aspects (medical, biomedical, psychological, sociological...), you will most likely also need to obtain the advice and/or permission of the ethics committee in your faculty or organization. Please note that citizen research into rocks, for example, can also contain components that require ethical advice, as the intention is not to endanger the participating citizens.
Of course you can also contact Scivil itself with specific citizen science questions, we will help you find answers, or look for specialists who can help you further.
Lynn SJ, Kaplan N, Newman S, Scarpino R, Newman G. 2019. Designing a Platform for Ethical Citizen Science: A Case Study of CitSci.org. Citizen Science: Theory and Practice, 4(1): 14, pp. 1-15. DOI: http://doi.org/10.5334/cstp.227 [online]
Resnik DB, Elliott KC, Miller AK. 2015. A Framework for Addressing Ethical Issues in Citizen Science. Environmental Science & Policy, 54, 475-481. DOI: https://doi.org/10.1016/j.envsci.2015.05.008 [online]
Privacy & GDPR
European Commission, 2018. Ethics & Data Protection. [online]
Licenses and intellectual property
Scassa T & Chung H. 2015: Managing Intellectual Property Rights in Citizen Science: A Guide for Researchers and Citizen Scientists. The Woodrow Wilson Center. 94 pp. [online]
Scassa, T. & Chung, H. 2015: Typology of citizen science projects from an intellectual property perspective: Invention and authorship between researchers and participants. The Woodrow Wilson Center. 17 pp. [online]