Keep your hands off my PII!

I was on vacation last week and while I was away the debate about research ethics and privacy, especially in the context of social media research, seems to have really heated up. (There is an online panel of worthies on this topic planned for next Monday. If you've not already done so you can get up to speed quickly and also get your ticket to the debate here.) The triggering event seems to have been the recent release of proposed ethical guidelines for social media research from CASRO, ESOMAR, and MRS. Opinions on the wisdom of these guidelines are all over the place but most of the noise in the online echo chamber where I live has come from people who worry that implementation of these guidelines will deal a death blow to the industry. More specifically, they worry that the guidelines will make it impossible for us to compete against companies outside of the traditional market research space who do not share our quaint twentieth century ideas about research participants' right to privacy and other human subject protections.

I confess that I am not particularly persuaded by arguments that focus on the potential financial rewards (or punishments) that might flow from one ethical stand versus another. Ethics are the province of principles and in research I think there are at least two that are timeless:

1. Do no harm, that is, participants should suffer no consequences for having been research subjects.
2. Do not sell, that is, remember that our job is to help clients understand their marketplace not to deliver prospects.

At least in the abstract I don't see how either of these necessarily conflicts with our ability to do good insightful observational research via social media. We should be able to define ethical practices for almost any kind of research and still be true to these principles. On the specifics of the current controversy, I think the MRS probably has gone too far in proposing that informed consent be required under any and all circumstances.  There are valid exceptions that many have pointed out. I am less sure about CASRO's and ESOMAR's masking requirements, especially where sound bites are concerned since masking them can easily dilute their meaning and research value. That's a discussion worth having. Other forms of PII (names, pictures, etc.) are in my mind more clear cut.

The larger worry for me is the deaf ear many in the industry are turning to the public's obvious concern about online privacy. The regular dustups we see when this site or that site changes its privacy policy should be all the evidence we need to convince us that people genuinely care about this stuff. Painfully long Terms of Use and privacy policies to the contrary, we all know that most people don't read them and only understand the consequences when they suddenly feel that their privacy has been compromised. Look no further than the latest Linkedin kerfuffle for the most recent example.

Whether we like it or not legislatures will draw the boundaries on privacy issues and the principal avenue available to us to impact that legislative process runs through our industry and professional associations. The shared belief among them, reinforced by past success, is that the most effective way to avoid the kind of smothering regulation that people fear is through compelling and effective self-regulation. They are not trying to stifle innovation, roll back the clock or destroy the industry. They are doing their best to protect it. In this they know more than most of us, or at least me.