Researchers hiding in fear of GDPR

GDPR – business or pleasure?

Do you remember GDPR (or, for mnemonic assistance, Gitte and Per)? This is one of three posts on the EU law that everybody feared last year: What did we think it was, what is it, and what effects has it had?

In the weeks before 25 May 2018, I received up to thirty e-mails a day (yes, I have too many accounts at webshops and social media) with similar text: “We are updating our Privacy Policy”.

gdpr mails e1570434980257gdpr mails2 e1570435009106

… all on occasion of GDPR, EU’s new data law, which Lingoblog has written about here and here.

The many e-mails made me think if I ought to send a similar one out to all of my previous informants?? In total, that would mean locating the e-mail and mail addresses of at least 250 people in at least three different countries and up to 10 cities.

As a junior researcher I thought: I will wait and see what the seniors do. I sent out an e-mail and asked them, and this is what I got back.

The short answers

An interactional researcher working with recordings of everyday conversation: “Planned to stay under the radar for this one. Not say anything at all publicly. Even though I believe I do everything ethically responsible. Please don’t cite me.

A fieldworker saving recordings of and field notes of endangered languages: “I don’t know enuff to comment as yet. I will try and find out over the next month b4 going on hols, and if I can, I be able to say something about yr questions.”

A dialect researcher working with recordings from 1930s-1960s: What is GDPR? (Ed: It is the new EU data regulation policy) I thought so. I will have to probe deeper into this because I haven’t heard anyone fearing it here. Our data might be too old.”

The conscientiously complying

Tina Thode Hougaard, a non-anonymous social media researcher working with publicly available data:

I would have to contact a lot of people to inform them about GDPR. Instead I have narrowed down my data material and I am going to anonymise the rest of it, even though it is all from open facebook profiles.

I have reported my two projects to the university’s account for data based research.

I think it’s good that we all become more aware of the ethical responsibility when researching human beings.

I am worried that the official policy has not been communicated clearly, and I am not sure how much GDPR will affect my research.

Ethan Weed, a non-anonymous psycholinguist on working with experimental data:

“I have by now been to many hours’ worth of meetings about this, and am slowly coming to the conclusion that my research will probably not be affected all that much. Like everybody else, I will need to be more careful about obtaining and storing data, but I do not think that any parts of my research will become impossible.

I do not have much personal data stored and most of it is already anonymized. Of course the big question is: what counts as personal data? I have not yet seen a satisfactory answer to this question, but I have come to realize that this is because laws are written in general terms, and the specifics are determined in court.

GDPR is good for protecting personal data, and that is something we should all care about. It is a hassle, and will make aspects of doing research more cumbersome, but that is outweighed by the benefit of having legislation on the books that makes everybody, from the biggest personal data offenders like Facebook down to students collecting data for exams, think more carefully about how we share and store other people’s data.

Generally, I am optimistic. Many researchers have been worried about the big fines that can be levied. But if we are careful in our data collection and report all projects to the university, then we as individual researchers have done our job, and need not worry. The university “owns” the data, and carries the final responsibility. This feels a little strange, of course. As researchers, we feel that we own our own data. But we do not and should not own people’s personal data, and I am happy to turn over that responsibility to the university.

GDPR ethan

As for myself, I still do not see how it would be feasible to get informed consent from 250+ previous informants when I only have contact information for less than a tenth of them. So far I stay put and hope no-one shows up and puts an end to my PhD project.

 

The author of this blog post is a PhD student of something in a department of something at a university in the Western hemisphere. Since information revealed in this post is of particularly sensible kind, all content is anonymised. No original documents are stored by neither the author nor the editorial board of Lingoblog.

Leave a Comment