UC–Berkeley's Web-based guidance focuses on IC issues

"I agree" buttons can be used

The University of California–Berkeley's office for the protection of human subjects has developed new guidance for investigators involved in Web-based research. One of the main sections of the guidance involves informed consent issues. The guidance, which is available at the UC–Berkeley website at http://cphs.berkeley.edu/guideline.html, was published in April 2012.

Here are excerpts regarding Internet-based research and informed consent:

  • Investigators conducting non-exempt research must follow the CPHS (committee for protection of human subjects) informed consent guidelines and include required elements of informed consent when generating consent documents. When online surveys are employed, the CPHS template for online surveys may be adapted.
  • In general, investigators conducting Internet-based research with minors must obtain both child assent and parent permission. Researchers may request a waiver of parent permission provided the study fits the appropriate criteria.
  • CPHS generally accepts the use of "I agree" or "I do not agree" buttons (or other electronic methods for indicating affirmative consent) on online pages in lieu of signatures. For surveys sent to and returned by participants through email, investigators should include a consent document and inform participants that submitting the completed survey indicates their consent. This would constitute unsigned consent. In order to utilize this consent procedure, the investigator must request a waiver of documented consent.
  • If the CPHS determines that documented consent is required, the consent form may be mailed or emailed to the participant who can then sign the form and return it to investigators via postal mail or fax.
  • The process of requesting consent should not disrupt normal group activity. Researchers need to be particularly sensitive of this when entering online communities and chat rooms as the process of requesting consent is often perceived as disruptive. If seeking informed consent will harm the validity of a study or make the research impracticable, it may be possible to obtain a waiver of consent provided the study meets the appropriate criteria. When requesting a waiver of informed consent, issues regarding deception or incomplete disclosure may need to be addressed in the researcher's eProtocol application.
  • Personas, or avatars, are social identities that Internet users establish in online communities. These personas allow individuals to reveal varying levels of personal information and also allow them to navigate the virtual world as a particular character or alter-ego. Names of Internet personas (characters or avatars) or real names may be used in reports and publications only with consent from the participating individual. In these situations, specific language concerning the release of identifiable information must be included in the informed consent document and specific consent must be sought from subjects for this release. If research participants give consent to be identified, data must still be secured properly to avoid any misuse by a third party.
  • Collecting data over the Internet can increase potential risks to confidentiality because of the frequent involvement of third-party sites and the risk of third-party interception when transmitting data across a network. For example, when using a third-party website to administer surveys, the website might store collected data on backups or server logs beyond the timeframe of the research project. In addition, third-party sites may have their own security measures that do not match those of the investigators'. Participants should be informed of these potential risks in the informed consent document. For example:
  1. "Although every reasonable effort has been taken, confidentiality during actual Internet communication procedures cannot be guaranteed."
  2. "Your confidentiality will be kept to the degree permitted by the technology being used. No guarantees can be made regarding the interception of data sent via the Internet by any third parties." (Penn State)
  3. "Data may exist on backups or server logs beyond the timeframe of this research project."