Why User Researchers Should Care About Informed Consent
If you’ve ever done research in an academic or governmental setting you know all about the need for Institutional Review Board (IRB) approval for any research on human subjects. I won’t go into detail on material that is covered very well elsewhere (like by the NIH, for example) but suffice it to say that the IRB governs researchers in order to avoid unethical tactics being used on humans by the government based on past injustices. One of the key elements of IRB-governed research is the idea of informed consent. The NIH offers a rich history and background on the idea of informed consent, but the basic idea is that researchers tell human subjects what exactly the research entails and request formal consent to participate.
All of this applies to academic and government-funded research, but not business research. In the world of business research, the stakes are often lower. We’re testing things like software, websites, consumer experiences, or products. And we’re collecting people’s opinions and feedback, so it’s not exactly invasive.
However, it’s 2020 and more and more companies are requiring consent forms for research. What gives?! And why should we care? We’re not hurting anybody by asking their opinion, right?! We even pay for it!
Well, it turns out that while we aren’t likely to do much harm asking for people’s opinions about things, in order to contact them and do so, we collect their information. Their name, their email, maybe their physical address, their phone number. And of course, we probably collect other information, too, like their job title, income level, or whatever is relevant to the research at hand. It’s what we do with that data that has people concerned because if it gets into the wrong hands, it could really cause some trouble.
So what does a good user research consent form look like? Happily, David Travis of UserFocus wrote and tested a post-GDPR consent form that we can all learn from. Not only that, but he talks about where and how to use it within one’s recruiting process. Golden! Thanks, David.
As with anything data-security related, I highly recommend you consult professionals and specialists, read the GDPR and other relevant laws, and contact a lawyer before considering yourself compliant. However, in the meantime, some of the considerations that are most relevant for UX researchers when it comes to consent include:
- Asking for it at all — not all UX researchers do!
- Telling folks what data you’ll collect, how you’ll keep it safe, and for how long you’ll keep it.
- Giving them an option to edit or remove their data.
That’s really all there is to a good consent form. The rub is that #2 probably involves a couple of challenging and time-consuming steps that some folks may not be taking. If you’re just getting started with data security and consent standards, keeping your promises around #2 is probably where most of your work will be.
