By Arundati Dandapani, MLITT, CAIP, CIPP/C
Privacy is a human right, demanded by all consumers, workers, citizens, societies. Canada was the birthplace of “privacy by design,” even though Europe was the first to enact the most stringent privacy legislation in the world with GDPR. Canada was also the first region to achieve “EU adequacy,” or a standard of privacy deemed adequate for doing business with the EU.
Credible research codes of conduct detail that compliance with privacy regulations is not an option, but the default. Yet, compliance levels with privacy regulations in the research industry are low because privacy awareness is low. Organizations must fill these knowledge gaps by educating their employees and suppliers regularly as relevant regulations in their markets evolve. Courses offered at MRII-UGA can help global individuals and organizations level up their knowledge of ethics and legal considerations in research, and access principles and best practices at their fingertips.
Trusted organizations observe ethical codes of conduct that protect the rights of research participants. To succeed in today’s complex omni-channel, multi-jurisdictional, fast-changing business and social environment, organizations should go beyond compliance and be privacy-conscious in everything they do. Citizen, consumer and employee trust is best protected when individual rights are respected and managed with any commercial or organizational needs-to-know that are aimed at serving their consumers and populations better.
Data are diverse, and so is personal information with all its varying degrees of sensitivity. For an industry that’s dominated by traditional full-cycle research of the “established” sector, but with its fastest areas of growth being “tech-enabled” industry, there are diverse participants across the research supply chain. Many of these players can be found in the ESOMAR Global Market Research Report and in the Insights and Analytics Top 50 Report among other industry publications.
ESOMAR also developed 37 questions to evaluate the quality of online sample providers in which Page 14 is dedicated to “Policies and Compliance.” One such question is around participants’ ability to revise and manage their consent choices for the processing of their personal data and the support channels available to them. In fact, implementation of a participant support channel is also required by ISO 20252 (ISO 20252:2019: Market, Opinion and Social Research, Including Insights and Data Analytics – Vocabulary and Service Requirements).
Data security has emerged as the top priority for respondents and consumers today in comparison with some years ago or before the pandemic. Clients, partners and suppliers want to know some of the following and more:
- How has the definition of anonymity evolved to keep realistic pace with eroding security safeguards?
- Does geo-location and mobility data count as sensitive data?
- Is the future of notice and choice obsolete, and will research professionals be hindered in their quest for high quality data as regulations may not always recognize the unique nature of research activities?
- Why are majority of the websites doing business today not cookie-compliant?
- How can research organizations go about building their privacy management programs, a new requirement, as Canadians and Quebecers brace themselves for a reformed privacy framework?
Recent cases in the media of Tim Hortons, Kochava, Whatsapp, and others create more questions around what reasonable safeguards are in place to protect the identities of research participants, and whether research at all is a responsible activity! Research insights and data analytics breed new knowledge and advance societies; but at the heart of all ethical research is the protection of data subject rights in order to drive any meaningful business and social impact.
