Privacy and Responsible Research in Citizen Science projects www.eticasconsulting.com info@eticasconsulting.com Madrid Barcelona
Citizen science without the citizen?
Three projects
Basic principles of Data Protection • Lawfulness, fairness and transparency: consent and legitimate interest. • Purpose limitation: specified, explicit and legitimate purposes • Data minimization: adequate, relevant and limited • Accuracy: accurate and kept up to date
• Storage limitation: no longer than is necessary for the purposes for which the personal data are processed • Integrity and confidentiality: appropriate security of the personal data
• Accountability: The controller shall be responsible for, and be able to demonstrate compliance with those principles
Data Subject’s rights • Transparency
• Information and access to personal data • Rectification and erasure • Restriction of processing
The GDPR foresees several exceptions regarding the “processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes”. ARTICLES 85, 86, 87, 88, 89(1), 90, 91 → Importance of the difference between legal and ethical considerations.
The processing of personal data in the context of Citizen Science • Increasing levels of participation in numerous social realms, including Science
• Blurring of the subject and object roles in Science (crowdsourcing of research tasks) which should not blur data responsibilities • Increasing ‘digitalization’ of social interactions and presence of TICs
• Interconnection of computers, devices and sensors generating information, specially in form of Big Data • ‘Digitized’ activities are not always anonymous. The generation of a ‘digital me’ may be involuntary (e.g. through meta-data), traceable, and subject to re-identifaction • Need to actively protect the rights of the Data Subjects
The Data Life-Cycle
Privacy by Design and Privacy by Default Privacy by Design (PbD) principles: 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality — Positive-Sum, not Zero-Sum 5. End-to-End Security — Full Lifecycle Protection 6. Visibility and Transparency — Keep it Open 7. Respect for User Privacy — Keep it User-Centric
Privacy by Default implies proposing by default the most restricting options in what concerns privacy when different options are available.
Assessment of projects: Good practice • General concern for privacy and specific remedy mechanisms
• Own servers and storage (no cloud) • Access protection of access to DataBases (different privileges) and logs • Relevant privacy and cookie notifications
Assessment of the projects Data collected: • User ID • Password • E-mail address • Gender • Geo-location • Age group (0-25; 25-40; 40-65; +65) • How do they participate (alone/together with somebody) → The app only collects data when the user is entering the research área → Case of background tracking by default
Citizen Science Projects: The Impact on Privacy and Data Protection
Assessment of the projects: Seawatchers
‌and reverse search through search engines
Assessment of projects: Vulnerabilities • Data collection through apps (permissions) or web forms (number of fields + access via social media) • Opt-in/out and passive consent • User password management • Metadata in pictures • Data transfers (willingly to 3rd parties, unwillingly to seach engines and web repositories), reuse (no risk assessment) or exploit (adversarial attack) • Re-identification • Data deletion • https protocol
Specific recommendations • Determining in beforehand which data categories may be shared or revealed. • Notifying the privacy settings, implications and risks to the volunteers. • Offering the option of hiding certain data or publishing data anonymously • Allowing the participants to rectify and erase their data (including data which apparently may be non-personal) • Requesting just the minimum amount of personal information about the volunteer participants, including metadata • Adopting transparent practices by stressing the importance of the collected data and defining who will have access (differentiated access hierarchy and access log are recommended)
Lessons learned • Regardless the risk level, the right to data protection remains. An organization cannot judge unilaterally the importance of privacy in a certain project or context. • Transparency, open data and participation are NOT in conflict with privacy and data protection. There is no trade-off. • Storing and publishing raw data does not justify the storage of personal data (which includes data revealing identifiable individuals). The datasets shall be subject to the corresponding dissociation and anonymization procedures. • The considerable diversity of Citizen Science projects implies differences when approaching an assessment. There is not a ‘single recipe’ that fits all cases.
Thank you