Opinion column by CDT’s Michelle De Mooy, Deputy Director, Consumer Privacy Project, published in U.S. News and World Report:
“This year, the Center for Democracy & Technology is using the Common Rule model to inform a unique partnership with Fitbit. Aimed at private entities that collect large amounts of personal health and wellness data, the goal of the project is to develop preliminary guidance for conducting internal research in a manner that honors user privacy and dignity. We’ve spent that last several months mapping internal research practices at Fitbit and applying relevant privacy and ethics frameworks to research scenarios. It’s clear that some standards for institutional review board-regulated entities, such as those that address harm and risk reduction and that prescribe ethical considerations, make sense for companies like Fitbit. We believe that these regulations can inform a flexible and usable framework for internal research when combined with core concepts like notice, control, consent and data minimization, and our report on our partnership with Fitbit (due out in July) will reflect this.
Rather than conduct clandestine research and wait for reactions from users and the media, we think companies should draw upon the deep well of resources available on data privacy, including standards for human subjects research, in order to develop strong internal research practices that map with their users’ expectations. “