D5.1.6 Second Open Call Ethics Review Report v1.0

D5.1.
6 Second Open Call Experiments Ethics Review Report

2014-01-13
Aleksandra Kuczerawy (ICRI - KU Leuven) Joyce Verhaert (ICRI - KU Leuven) Prof. Peggy Valcke (ICRI - KU Leuven)
This deliverable carries out a first Ethics Review Report of the 2nd Open Call experiments in the EXPERIMEDIA project. The ethics review of the 2nd Open Call experiments was conducted by the legal partner in the project KU Leuven, together with the Ethical Advisory Board and the Data Protection Coordinator. This deliverable provides a summary of the ethical and legal issues identified in the 2nd Open Call experiments, their ethical assessment and the recommendations articulated for the specific experiments. Finally, the deliverable includes an Appendix section listing the relevant material that provided guidance to the project partners in EXPERIMEDIA and that was taken into consideration during the ethical and legal assessment (e.g. the Ethical Guidelines for undertaking ICT research in FP7 projects).
www.experimedia.eu
EXPERIMEDIA
Project acronym EXPERIMEDIA
Dissemination level: PU
Full title Experiments in live social and networked media experiences Grant agreement number 287966 Funding scheme Large-scale Integrating Project (IP) Work programme topic Objective ICT-2011.1.6 Future Internet Research and Experimentation (FIRE) Project start date 2011-10-01 Project duration 36 months Activity 5 Legal, sustainability and promotion Workpackage 5.1 Legal, ethical and regulatory framework Deliverable lead organisation KU Leuven Authors Aleksandra Kuczerawy (KU Leuven) Joyce Verhaert (KU Leuven)
Peggy Valcke (KU Leuven)

Reviewers Stephen C Phillips (IT Innov) Sandra Murg (JRS) Version 1.0 Status Final Dissemination level PU: Public Due date 2013-10-31 Delivery date 2014-01-13
Copyright and other members of the EXPERIMEDIA consortium 2013-14
EXPERIMEDIA
Table of Contents
1. 2. 3. Executive Summary............................................................................................................................ 4 Introduction ........................................................................................................................................ 5 Ethical Assessment of the Experiments ......................................................................................... 7 3.1. 3.2. 3.3. 3.4. 3.5. 4. SmartSkiGoggles ....................................................................................................................... 7 iCaCot ......................................................................................................................................... 9 Carviren .................................................................................................................................... 12 Qualisys..................................................................................................................................... 14 PlayHist..................................................................................................................................... 16 Ethical Guidelines for undertaking ICT research in FP7 ...................................... 19 Legal requirements for privacy and data protection ............................................... 20 Checklist for the Experimenters ................................................................................ 23
Conclusion ......................................................................................................................................... 18
Appendix A. Appendix B. Appendix C.
EXPERIMEDIA
1. Executive Summary
The presented deliverable provides a report of an ethical review of the 2nd Open Call experiments, which was conducted by the legal partner in the project KU Leuven, together with the Ethical Advisory Board and the Data Protection Coordinator. The deliverable provides a brief summary of the ethical and legal issues identified in the 2nd Open Call experiments. The presented experiments are thoroughly described in Deliverables D4.10.1 (SmartSkiGoggles Experiment problem statement and requirements), D4.11.1 (iCaCot Experiment problem statement and requirements), D4.12.1 (Carviren Experiment problem statement and requirements), D4.13.1 (Qualisys Experiment problem statement and requirements), and D4.14.1 (PlayHist Experiment problem statement and requirements). The presented deliverable provides the ethical assessment of the specific experiments and the recommendations issued by ICRI KU Leuven, EAB and DPC. Finally, the deliverable includes an Appendix listing the relevant material that provided guidance to the project partners in EXPERIMEDIA and that was taken into consideration during the ethical and legal assessment (e.g. the Ethical Guidelines for undertaking ICT research in FP7 projects).
EXPERIMEDIA
2. Introduction
EXPERIMEDIA conducts research with human participants and is, in particular, interested in human behaviour and experience with Future Internet technologies to understand how to provide meaningful collective experiences to individuals and society. Given that participants in social and networked media research should have confidence in the experiments, good research is only possible if there is mutual respect and confidence between experimenters and participants. Some areas of human experience and behaviour, however, may be beyond the reach of experiments, observations or other forms of investigation. They may, moreover, raise ethical considerations, which is the reason why EXPERIMEDIA provides an ethics management process. Such ethics management process is achieved through a cooperation of all the technical partners of the EXPERIMEDIA project, with the legal partner KU Leuven under the guidance of the Ethical Advisory Board and the Data Protection Coordinator. The role of the Data Protection Coordinator is assumed by Prof. Jos Dumortier, a leading expert on privacy and data protection. The Ethical Advisory Board (EAB) is composed of 5 external independent experts, who are asked to analyse the 2nd Open Call experiments concerning ethics and data protection. Their role is to review the experiment, propose modifications (if needed), identify potential risks and to provide suggestions on how risks could be mitigated. Members of the EAB include:
Name Mrs Marit Hansen Dr Eleni Kosta Dr Jeanne-Pia Mifsud Bonnici Mr Jean Louis Pierquin Dr Olli Pitknen Affiliation Independent Centre for Privacy Protection Schleschwig-Holstein - ULD (Germany) TILT, Tilburg Unviversity for Law, Technology, and Society (The Netherlands) University of Groningen (The Netherlands) Ple MIPI (France) Helsinki Institute for Information Technology HIIT (Finland)
The presented deliverable is an effect of cooperation between the 2nd Open Call partners with the legal partner (KU Leuven) and the Ethical Advisory Board and the Data Protection Coordinator. The cooperation started immediately after the 2nd Open Call partners joined the Consortium. During a training workshop in October 2013 these new partners attended a legal tutorial during which the relevance of legal and ethical compliance was explained, as well as the rules and principles that should be followed. The discussions continued from there on via emails and teleconferences during which the legal partner and the members of the EAB provided their feedback and comments. The first draft of the experiments description together with the ethics checklist was delivered by the end of November 2013. These two documents were discussed in
Copyright and other members of the EXPERIMEDIA consortium 2013-14 5
EXPERIMEDIA
the Ethical Advisory Board and data Protection Coordinator meeting on 3 December 2013. The presented deliverable is a result of the discussions held so far. These discussions, however, will continue until the end of the experimentation period. The current deliverable provides a short and to-the-point presentation of the experiments' concepts, key values, identified issues, and recommendations articulated by EAB, DPC and ICRI - KU Leuven. The proper implementation of the recommendations will be monitored by ICRI KU Leuven throughout the project lifetime.
EXPERIMEDIA
3. Ethical Assessment of the Experiments

3.1. SmartSkiGoggles
Key information on the experiment: The SmartSkiGoggles experiment takes place in Schladming resort, Austria. The SmartSkiGoggles experiment is aimed at finding out whether ski goggles displaying data are accepted by skiers, and under which circumstances. The experiment analyses how the usage of such goggles influences behaviour on the slopes and which kind of information is requested by the skiers. Participants of the experiment are provided with the ski goggles and have to download an application (Android phones only). The usage of the application as well as the context (e.g. time and location) is being tracked. This provides information on which functionalities are useful, and in what context they are used. One of the tested functionalities concerns providing information about waiting for the ski lifts. This involves installing cameras (as well as other mechanisms) at the lift entry points. Public tweets from Twitter will be obtained, with specific search terms (e.g. #schladming). These tweets are displayed in the ski goggles display. No information from the SNS account of the users will be collected. Users are participating on the basis of their consent. Personal data (names, emails, location data) is collected and stored by the experimenter. This data is only relevant at the research phase (organizational purposes) and will not be required in the exploitation phase. At the exploitation phase similar data might be obtained for the goggles users, however this will constitute a new set of data, with regard to different group of individuals. Notification and consent requirements: Provide notification about cameras installed at the lifts entry points. Signs with the relevant information (purpose, contact point, more information, etc.) will be displayed in visible places. Users participating actively in the experiment (testing the goggles) provide their written consent. Participants also have to give consent when downloading the app. The consent form will provide relevant info on the areas covered, purpose, responsible entity, contact point, how long the images are kept, etc. Concerns and comments of the EAB and DPB: Participation of minors: Minors are not participating in the experiment.
EXPERIMEDIA
Data collection: Personal data, such as names and email addresses is collected solely for organizational purposes. The main goal is to make sure that the goggles given to the users for the experiment are returned. This data will not be used for other purposes. Location data is required to analyse the proposed functionalities, the time and context in which they are used. Scale of recordings: The cameras are used solely to provide information about the waiting time for the lifts. Cameras are employed next to other tools, such as real-time usage data from the turnstiles. The aim is to test the best method to provide this type of information. The images will be deleted right after the analysis (counting heads). The images are stored for a minimum time (e.g. some minutes). The images are not analysed to recognise faces. Signs with the relevant information will be placed next to the cameras with the required information. Downloading of the app: It is available for downloading to everyone, but an explicit consent is required. In the consent form they should be requested to confirm that they are at least 18. This consent form, however, should not ask for the birth date. Participating volunteers: The experimenter should try to pre-acquire participants. Those participants will have direct interface and will be fully informed about the experiment. It will be done with the help of the local tourist office as well as Evolaris Living lab database. Data storage: The collected data will be deleted after the experiment has ended and all necessary analytics for related dissemination activities (e.g. publications) are finished. Further research, if necessary, will be conducted on anonymized data. Other purposes than scientific research: If such need occurs, it should be mentioned in the consent form. This would include also dissemination, valorisation purposes; as well as possible further processing by other controllers from within the consortium (in this case we might need 3 controllers Evolaris, Schladming, IT Innovation). If such further research is required, use of personal data from the experiments should be avoided. If this is not possible, a controller controller agreement is signed. Exclusivity: This concerns all the experiments at Schladming, the reviewers pointed out that they are aimed at users of an expensive ski resort who, moreover, need to have Android smartphones. Image collection: Goggles do not work as camera, do not have a recording tool (e.g. to take pictures). Disturbance: According to the initial tests users did not find the screen in the goggles distracting. There should be no disturbance while skiing. Formal requirements: Data controller: Evolaris, possibly together with Schladming (in later stage also IT Innovation or other partner of the consortium); Notifications to the national DPAs of the controllers; Notification to the Schladming users about the recordings that will be provided next to the cameras, should include all the relevant information (see above);
8
EXPERIMEDIA
Consent form for the users actively participating in the experiment (testing goggles) with all the relevant information; Terms & Conditions of the service with the limitations; Specification of the purpose, most likely broader than just scientific research, should cover as well dissemination, valorisation but possibly also further research on FMI requirements; Cameras should be visible and accompanied by the relevant information; Clear policy on participation of minors: minors not allowed; Point of contact on the site should be communicated to the participants in case of questions/ concerns/ objections; Points of contact at the later stage should be indicated in the information provided (Evolaris but possibly also Schladming); Language of the communication: English and German.
3.2.
iCaCot
Key information on the experiment: The iCaCot experiment takes place at two locations at a specific region in Schladming resort, Austria. In the first experimental run and the 1st part of the second experimental run, the location is a dedicated training area on the Reiteralm. In the 2nd part of the second experimental run, the location is the Planai Funpark. The iCaCot experiment consists of placing a set of cameras around a certain area on the ski slopes, and by providing innovative technology that allows users to use their smartphones to pan and zoom within the footage recorded by these cameras. Users can see and record their own ski adventures without having to hold a camera themselves. By placing these cameras at strategic locations such tools can even be used for training and coaching purposes. Recorded camera footage is processed to make it suitable for streaming to smartphone devices. Users have to actively download an application on their smartphone (iPhone only) that allows them to access the camera footage. Users dont have to log in to use the application, and no personal data is collected from the devices. Users are given a possibility to upload the videos with their performance to YouTube or Social Networking Sites such as Facebook. No personal data from the SNS is collected. Unique identifier is attributed to a device. Users are participating on the basis of their consent. Personal data (recorded images) is collected and stored by the experimenter. Notification and consent requirements: Provide notification that recordings will be taking place on a particular date. The images will be captured in a setting where users are normally expected to be captured (e.g. for
EXPERIMEDIA
security reasons). This information will be announced and addressed in the location itself. Also, information will be provided when purchasing tickets (additional sheet with relevant info on the areas covered, purpose, responsible entity, contact point, how long the images are kept, etc.); For download and active use of application explicit consent is required. Participants have to give consent when downloading the app otherwise it will not work. Consent form will provide relevant info on the areas covered, purpose, responsible entity, contact point, how long the images are kept, etc.
Concerns and comments of the EAB and DPB: Participation of minors: Participation of minors is allowed but subject to the written consent of their parents/ guardians. All the necessary information is provided to the parents/ guardians. From the age of 13, consent is given by both parents/ guardians and the minor. Scale of recordings: Everyone entering the area is recorded. Users of the slopes are informed about it. It is suggested that area selected for the experiment should be removed from the main tracks which would eliminate random users. Moreover, those who do not wish to be recorded should be able to enjoy the facilities without too great inconvenience as they could just avoid the area. Recording individuals who did not provide their explicit consent is acceptable, when they are in the background, and not in the focus of the recordings. This allows for enabling social and sharing functions, as foreseen in the 2nd half of the second experiment period. Downloading of the app: In the first and 1st half of the second experiment run, the installation on participant's devices, e.g. those of the trainers, will be explicitly performed and monitored. In the 2nd half of the second experimental run, the application is available for everyone for download, but they will have to provide explicit consent. In the consent form they should be requested to confirm that they are at least 18 or that they have a permission of their parents/ guardians. This consent form, however, should not ask for the birth date. No other interference than as usual app download. Participating volunteers: The experimenter should try to pre-acquire participants. Those participants will have direct interface and will be fully informed about the experiment. Further publishing of the recordings: This possibility is not restricted to the individuals own image. There is no such technical restriction, no barriers to publish. For this reason participants (who download the app) should be informed in Terms & Conditions that they shouldnt be uploading content which does not concern them as the main actor. Users responsibility and possible liability for such publications should be indicated. Sharing or publishing content concerning other individuals requires authorisation of the individuals in questions. Participants should be informed that they should only share/publish images of themselves. Incidental presence of others (e.g. in the background) would not consider great interference but the main subject should be the consenting individual. Data storage: Data will be kept until the end of the experiment. This excludes content that was specifically shot for dissemination purposes, with friendly users or participants that have given
10
EXPERIMEDIA
their consent for such usage a priori. The content which is published on YouTube or social networks is out of control of the experimenters. Videos might be kept for longer to show at demonstrations, used for valorisation and dissemination. Such dissemination will not have commercial purposes, it will be limited to closed events (industry, scientific). Participants need to be informed about this as well (not in a small font). Possibility to block certain content: In case of drastic or embarrassing content (skiing accident) or when someone complains that their image is processed and objects such use. Other purposes than scientific research: If such need occurs, it should be mentioned in the consent form. This would include also dissemination, valorisation purposes; as well as possible further processing by other controllers from within the consortium (in this case we might need 3 controllers TNO, Schladming, IT Innovation). If such further research is required, use of personal data from the experiments should be avoided. If this is not possible, controller controller agreement is signed. Exclusivity: this concerns all the experiments at Schladming, the reviewers pointed out that they are aimed at users of an expensive ski resort who, moreover, need to have iPhones. Formal requirements: Data controller: TNO, possibly together with Schladming (in later stage also IT Innovation or other partner of the consortium); Notifications to the national DPAs of the controllers; Notification to the Schladming users about the recordings that will be provided with the ticket, should include all the relevant information (see above); Notification for the parents/ guardians of the participating minors; Consent form for the app with all the relevant information; Terms & Conditions of the service with the limitations to inform the users e.g. about their responsibility not to infringe others rights; Specification of the purpose, most likely broader than just scientific research, should cover as well dissemination, valorisation but possibly also further research on FMI requirements; Areas where experiment will be conducted shall be selected in a way that individuals who do not want to be recorded could still use the facilities; Areas should be clearly indicated so no mistakes or incidental entries are made; Clear policy on participation of minors: not allowed unless consent by parent/ guardian given; Point of contact on the site should be communicated to the participants in case of questions/ concerns/ objections; Points of contact at the later stage should be indicated in the information provided (TNO but possibly also Schladming); Language of the communication: English and German.
11
EXPERIMEDIA
3.3.
Carviren
Key information on the experiment: The Carviren experiment takes place in CAR, Sant Cugat, Spain. The goal of Carviren (CAR Virtual Network) is to allow remote, real-time and consultation mode in sports training to improve the process through the Rapid Feedback. Athletes representing three disciplines (Swimming, Gymnastics and Taekwondo), coaches and technical staff from CAR participate to improve the performance and the training process. In order to achieve this, Realtrack Systems (RTS) will process physical data (acceleration, speed, power, impacts, force, etc.) and two physiological types of data: Heart Rate and Blood Oxygen during the training. The experiment starts with the mock-up data, only in the second stage real data is used. No data from any Social Networks is obtained. A control and private social networking site will be created (using the SCC module or another one that will be designed) and used only by actors of CARVIREN Experiment to test the potential it could have. In this particular case, user stats, not personal data, will be monitored. Another possibility is to create a private group on Facebook. This option will be analyzed further if such need occurs. In particular, the use of existing profiles and personal data from thereof will have to be examined. Users are participating on the basis of their consent. Some of the processed data can include sensitive personal data (health data) therefore the consent is written. Notification and consent requirements: Athletes provide their consent to CAR, who organizes the experiment and acts as data controller. RTS acts as data processor. Controller-processor contract is signed between CAR and RTS. Consent form contains information on the purpose of the experiment, data that is processed, responsible entity, contact point, etc.
Concerns and comments of the EAB and DPB: Participation of minors: Most of the athletes at CAR are minors. Their consent, as well as consent of their parents, to train in CAR, to have their data (also sensitive data) processed and to participate in specific EXPERIMEDIA experiments is handled by CAR and its legal department as part of its ordinary operation protocol. Data collection: Real identity of the participants, as well as email addresses, need to be revealed to provide meaningful feedback to the athletes and coaches. Other types of data include physical data (acceleration, speed, power, impacts, force, etc.) and two physiological types of data: Heart Rate and Blood Oxygen. The latter ones are considered to be sensitive data (health data) in this context.
12
EXPERIMEDIA
Access to data: Part of the experiment is to assign roles to the participants (e.g. athletes, coaches, and technical staff) and define their access permissions based on the role. Members of one group (role) will be able to view only specified content, e.g. coaches can see performance of the athletes in their discipline, athletes can view their own performance only (or of their team, depending on the nature of the discipline, e.g. in synchronized swimming they need to see the whole routine and not solely one swimmer). It should be clarified to the participants who can see their videos. Moreover, participants are asked not to share information with people outside the experiment or with different roles (Non-disclosure agreements are signed). The role of parents, in case of minors, could be also considered. In case of private group on Facebook: Access will be restricted. Also, no videos or other personal data (in particular no sensitive data) will be uploaded to Facebook. Only links to the videos, if necessary. Data analysis: The software developed by RTS solely analyses the raw data. This data will not be interpreted by RTS. Especially, no medical analysis of the health state of the participants is performed. Such interpretation will be left to professionals (coaches, technical staff). Data storage: Data is stored at CAR. It is accessed by RTS throughout the experiment lifetime. After the end of the experiment it is kept by CAR as it might be relevant for coaches to consult this data in future to continue improving the training and the performance of the athletes. This data storage is reflected in the CAR consent form. Other purposes than scientific research: If such need occurs, it should be mentioned in the consent form. This would include dissemination, and valorisation purposes; as well as possible further processing by other controllers from within the consortium (in this case we might need 2 controllers CAR, IT Innovation). If such further research is required, use of personal data from the experiments should be avoided. If this is not possible, controller controller agreement is signed. Exclusivity: the experiment is aimed at a very special group professional athletes. The experiment, at the current stage, is not aimed at recreational sport performance. Formal requirements: Data controller: CAR; RTS acts as data processor, controller-processor contract is signed between CAR and RTS; Experiment is covered by the CARs notification to the Catalan DPA; Consent form for the athletes with all the relevant information; Terms & Conditions of the service (CARVIREN network) with the limitations to inform the users e.g. about their responsibility not to infringe others rights; Specification of the purpose, most likely broader than just scientific research, should cover as well dissemination, valorisation but possibly also further research on FMI requirements;
13
EXPERIMEDIA
Point of contact on the site is communicated to the participants in case of questions/ concerns/ objections; Points of contact at the later stage should be indicated in the information provided (CAR but possibly also RTS); Language of the communication: English and Spanish.
3.4.
Qualisys
Key information on the experiment: The Qualisys experiment takes place in CAR, Sant Cugat, Spain. The 3DRSA (3D Remote Sport Health Analysis) experiment intents to provide biomechanical services outside the common laboratory environment by screening athletes on the training sites. Data stored are 3D motion capture data, including video. Additionally, anthropometric data (height, weight) of each athlete as well as test relevant clinical data is stored. Motion data of specialised clinical test is screened to determine biomechanical risk factors for the athlete (with particular focus on knee lesions). The content of the data is scientifically evaluated in order to establish biomechanical models used in screening methods. No data from any Social Networks is obtained. Users are participating on the basis of their consent. Some of the processed data can include sensitive personal data (health data) therefore the consent is written. Notification and consent requirements: Athletes provide their consent to CAR, who organizes the experiment and acts as data controller. Qualisys acts as data processor. Controller-processor contract is signed between CAR, Qualisys and Qualisys scientific consultant (Bertram Mller) who conducts the experiment at the CAR premises. Controller processor contract contains confidentiality clause. Consent form contains information on the purpose of the experiment, data that is processed, responsible entity, contact point, etc.
Concerns and comments of the EAB and DPB: Participation of minors: Most of the athletes at CAR are minors. Their consent, as well as consent of their parents, to train at CAR, to have their data (also sensitive data) processed and to participate in specific EXPERIMEDIA experiments is handled by CAR and its legal department as part of its ordinary operation protocol. Data collection: Real identity of the participants, as well as email addresses, need to be revealed to provide meaningful feedback to the athletes and coaches. Other types of data include 3D motion capture data, and video, anthropometric data of each athlete as well as test relevant clinical data. The latter ones are considered to be sensitive data (health data) in this context.
14
EXPERIMEDIA
Access to data: Different groups of participants (e.g. athletes, coaches, technical staff, biomechanical service) obtain access permissions depending on their role. Members of one group will be able to view only specified content: CAR Technical Staff - full control over all data; CAR Biomechanical Service - clinical data of athletes participating in the experiment; Qualisys clinical data of athletes participating in the experiment; Coaches - only to their athletics data; Athletes - only to their own data. It should be clarified to the participants who can see their videos. Data storage: Data is stored at CAR. As CAR is a Sports performance centre, data will be used for future analysis for improving general training aspects. Therefore data will be stored for further use, if not explicitly expressed by individuals. Data processed by Qualisys (Bertram Mller) is subject to individual and additional agreement of each athlete. It will be used for scientific analysis and will be deleted or rendered anonymous when the purpose of the experiment is achieved. The data storage is reflected in the CAR consent form. Transmission from CAR to Qualisys is highly encrypted. Consequences of the risk assessment for the athlete: What is the consequence if an athlete is told that there is a risk or no risk of lesion? Since the assessment is conducted outside of the performance season there is no direct impact on competition. The final decision is always made by the coach and the athlete. The 3DRSA experiment only provides additional information. Other purposes than scientific research: If such need occurs, it should be mentioned in the consent form. This would include dissemination, and valorisation purposes; as well as possible further processing by other controllers from within the consortium (in this case we might need 2 controllers CAR, IT Innovation). If such further research is required, use of personal data from the experiments should be avoided. If this is not possible, controller controller agreement is signed. Additional choice will be given to the participants for using the data in a scientific context and for dissemination of the methodologies developed. This will be separate and not influence any other participation. Exclusivity: the experiment is aimed at a very special group professional athletes. The experiment, at the current stage, is not aimed at recreational sport performance but such use would be possible in the future. Formal requirements: Data controller: CAR; Qualisys acts as data processor, controller-processor contract is signed between CAR, Qualisys and Qualisys scientific consultant (Bertram Mller) who conducts the experiment at the CAR premises; Experiment is covered by the CARs notification to the Catalan DPA; Consent form for the athletes with all the relevant information;
15
EXPERIMEDIA
Specification of the purpose, most likely broader than just scientific research, should cover as well dissemination, valorisation but possibly also further research on FMI requirements; Point of contact on the site is communicated to the participants in case of questions/ concerns/ objections; Points of contact at the later stage should be indicated in the information provided (CAR, Bertram Mller, Qualisys); Language of the communication: English and Spanish.
3.5.
PlayHist
Key information on the experiment: The PlayHist experiment takes place in FHW, Athens, Greece. The aim of the PlayHist experiment is to analyse the use of gamification technology with 3D avatars for history learning. This will be done by developing a 3D interactive and collaborative game that will take advantage of the documentation, exhibitions and 3D content already developed at the FHW and the technological features provided by the EXPERIMEDIA facility as the 3DCC module for avatar creation. The purpose is to compare the effects of using gamification provided by the PLAYHIST experiment with respect to the facilities currently available at the museum. In order to achieve this during the experiment participants will be assigned to two different groups: One group of visitors will attend the venue in the traditional way, i.e. playing with the interactive film already available at the venue. Another group of visitors will play a 3D game, which plot will be aligned to one of the interactive movies already exhibited at the venue. The users in the second group will be given tablets that are required to play the game. They will be able to create their own avatars by taking their own picture with the tablet. At the end participants from the both groups fill in a questionnaire. The questionnaire is anonymous. No connection to Social Networks is foreseen. Users are participating on the basis of their consent. Personal data (names, pictures) is collected from the second group by the experimenter. Pictures used for creating avatars will be deleted after the game is finished. Names are collected solely for organizational purposes (return of the devices). Notification and consent requirements:
16
EXPERIMEDIA
Provide notification to all the participants in the experiment (both groups) about its purpose, responsible entity, contact point, etc. Users from the second group of the experiment (using tablets) provide their written consent. Consent form will provide relevant info on the purpose, responsible entity, contact point, how long the images are kept, etc.
Concerns and comments of the EAB and DPB: Participation of minors: Minors are not participating in the experiment. Data collection: Personal data, such as names is collected solely for organizational purposes. The main goal is to make sure that the tablets given to the users for the experiment are returned. This data will not be required for other purposes. The consent form, signed by the participants, can be returned to them after they have returned the tablet. Pictures are collected solely to personalize the avatars of the second group of the participants, they are not kept after the participants finish playing the game. The images will be erased immediately. This can be done automatically, when the game is finished, or the participants could be asked to delete the images themselves. Data storage: The collected personal data will be deleted after the game has finished. Further research will be conducted on the basis of anonymous data. Other purposes than scientific research: personal data of the participants is destroyed immediately after they finish the game. This means that any further research, either by Tecnalia or other consortium partners, will not involve personal data. There are, hence, no restrictions. Formal requirements: Data controller: Tecnalia, possibly together with FHW; Notifications to the national DPAs of the controllers; Notification to all the participants (both groups) should include all the relevant information (see above); Consent form for the participants from the second group of the experiment (testing tablets) with all the relevant information; Clear policy on participation of minors: minors not allowed; Point of contact on the site should be communicated to the participants in case of questions/ concerns/ objections; Points of contact at the later stage should be indicated in the information provided (Tecnalia but possibly also FHW); Language of the communication: English and Greek.
17
EXPERIMEDIA
4. Conclusion
It can be concluded that, in the 2nd Open Call, the EXPERIMEDIA project is on the right track to ensure the ethical and legal compliance of the five new experiments. This is achieved through cooperation between all the technical partners of the project with the legal partner from KU Leuven. The management of this process is additionally enhanced by the guidance offered to the project partners by the Ethical Advisory Board and the Data Protection Coordinator, which keeps a close eye on the progress within the project. During the first year of the project the EAB and DPC expressed several concerns about possible ethical and data protection issues related to the experiments. They included, for example, social inclusion, participation of children, as well as unaware individuals, indispensability of personal data processing to conduct experiments, specification of the purpose of the processing of personal data (if involved), informing the users about the relevant aspects of the experiment, and obtaining their consent in an informed and unambiguous way. These concerns were taken into account in the further stage of the project, particularly in the preparation of the 2nd Open Call. For example, the ethical checklist (Appendix C) which was prepared during the previous EAB/ DPC meeting was filled in by the candidates for the 2nd Open Call before their final selection. Moreover, attention to legal and ethical issues was strongly emphasized since the beginning of the 2nd Open Call, for example through a legal tutorial during a training workshop. This led to higher awareness of the new partners and allowed them to better prepare the experiments by implementing certain principles from the start. According to the members of the EAB, the descriptions of the experiments that were delivered to them together with the ethical checklists showed that the experimenters are well aware of the relevant ethical and legal issues. It was also noticed that they present a responsible approach and are willing to accommodate the rights of the participating individuals. It was considered very helpful that there are meetings organized during which the project partners and the EAB/ DPC can discuss any aspects of the experiments that might still be unclear. The assistance offered to them resulted in a great level of compliance with the ethical principles and applicable laws.
18
EXPERIMEDIA
Appendix A. Ethical Guidelines for undertaking ICT research in FP7

The present guidelines are derived from the Ethical Guidelines for undertaking ICT research in FP7. 1 1) Are the researchers taking a responsible approach? As the Ethical Guidelines point out in Paragraph 2.1, researchers need to be aware of the principles of the Charter of Fundamental Rights of the European Union2 and especially the principles of dignity, freedom, equality, solidarity, citizens rights and justice. 2) Are issues of individuals privacy and autonomy taken care of? The Ethical Guidelines are clear that ICT research must comply with Article 8 of the European Human Rights Convention3. To be able to done so researchers need to: a) Identify sensitive implications of their proposals for privacy and autonomy; b) Carry out a prior assessment of risks to privacy and autonomy the research may expose individuals to; c) Identify potential actions proportionate to the risk/harm; d) Recognise that volunteers have a right to remain anonymous; e) Comply where applicable with national Data Protection legislation; f) Ask for informed consent from volunteers after informing the volunteers of the purpose, procedures and outcomes of the research and advising them of the possibility to withdraw/or modify participation; g) Identify whether the volunteers are in situations where they are more vulnerable than in normal situations; h) Ensure that research outcomes are reported in a way that does not contravene the right to privacy and data protection; i) Evaluate the implications (for personal privacy) of the intended use of the research outcomes. 3) Are there particularly sensitive areas that need further consideration? Paragraph 3.1 of the Ethical Guidelines identifies particular ICT applications that require specific guidance. These include: ICT implants and wearable computing; eHealth and genetics; and ICT and Bio/Nano-electronics.
Ethical Guidelines for undertaking ICT research in FP7, ftp://ftp.cordis.europa.eu/pub/fp7/docs/guidelinesannex5ict.pdf. 2 European Union (2000). Charter of Fundamental Rights of the European Union. OJ (2000) C 364/1. 3 Council of Europe (1950). Convention for the Protection of Human Rights and Fundamental Freedoms, CETS No. 005, 04 November 1950.
1
19
EXPERIMEDIA
Appendix B. Legal requirements for privacy and data protection

Basic data protection requirements: Actors identified as data controllers must be aware of the precise definitions of national data protection legislation applicable to the processing under their control. Collaboration with the competent national Data Protection Authority will ensure a correct understanding of the specific national implementation of the definitions of the applicable notions. The data subjects free, informed, specific and unambiguous consent must be obtained for legitimate processing of personal data. While such consent is only one of the possible justification grounds for legitimate personal data processing, it will in most cases be the only viable justification ground for personal data processing with relation to the EXPERIMEDIA experiments. (Further on consent, see infra). Fair and lawful processing of personal data must demonstrate legality or transparency. The purposes of the processing of personal data must be clearly indicated in advance. The processing of personal data may only include relevant and non-excessive data, in relation to the specified purposes. Data must be collected for a specified, explicit and legitimate purpose and may not be further processed in a way incompatible with those purposes. Duration of data storage must be limited and stored data must be destructed once the purpose for which that data was collected has been attained. Data minimization can also be achieved by employing methods for anonymisation or pseudonymisation of personal data. Here, data unlinkability should be kept in mind as linkability could lead to the identification of a particular data subject. The data controller must ensure sufficient information to the data subject. The data controller must ensure that the data subject can fully enforce his right of access, his right to correction and his right to object. The data controller must ensure confidentiality and security of the processing of personal data under his control. Due notification must be made to the competent national Data Protection Authority (or Authorities), in compliance with national legislation. Data transfers to third States must comply with applicable legislation.
Consent requirements: Carefully drafted privacy policies and consent forms must ensure compliance to the requirement of consent and the right to information. Note that such privacy policies and consent forms must be compliant with national data protection legislation. For instance, certain jurisdictions require written consent, while others allow for implicit consent in many cases. User-friendliness should be the focal point in obtaining the data subjects consent. While unintelligible texts may lead to the data subject not reading a privacy policy or consent
20
EXPERIMEDIA
form, elaborate procedures to grant consent may result in the data subject refraining from using such service, thus damaging the business of the data controller. A balance between the interests of both parties should therefore be struck. When dealing with minors, elderly and/or persons with a mental illness, the data controller is advised to seek consent from both the data subject and its statutory or legal guardians. The general legal capacity of the data subject determines its capacity to consent. Informed consent must be given freely. In order to determine whether the data subjects consent was given freely, one must analyse the external pressure exercised on his decision. Positive persuasion cannot invalidate his freely given consent, while negative coercion will invalidate his consent as it could not have been given freely. Consent should be limited in time and should be renewed for continuously on-going processing of personal data. Consent should also be revocable.
Confidentiality and security: In the processing of personal data, the data controller must restrict access to this personal data to the persons that need such access for the processing they perform under his authority. Such access need to comply with the proportionality principle, meaning that no user may be awarded access to more data than strictly required for his processing tasks. In order to achieve proportional access control, the data controller must provide for differentiated access levels for different user groups in order to ensure proportionality. This must be combined with an access procedure that includes registration, identification, authentication and authorization. In the processing of personal data, the data controller must adopt appropriate and state of the art technical and organizational measures to ensure data security. Also the processor must be bound to such security policy. Such security policy should include, inter alia, actions to be taken in case of data breach, the use of cryptography to protect data and audit trails to log and trace data access and use. These security policies should also take into account user-friendliness and should require minimal user effort. When using audit trails, the data controller must define the purposes and scope of this logging and make transparent who can access these logs as audit trails constitute personal data processing. While previous requirements only apply in the context of the processing of personal data, adherence thereto in other cases of security and access management is strongly recommended as they provide valuable minimal requirements. Regardless of the technology used, the data subject should be made fully aware of the presence of the technology and of its activities and of the possibility for deactivation. As geolocation data must be viewed as personal data, the processing thereof must comply with the principles of the Data Protection Directive and its national implementations.
21
EXPERIMEDIA
Prior informed consent must be obtained for the processing of geolocation data, as this will mostly be the only viable justification ground for the processing of this data. This consent must be revocable and must be regularly renewed. Geolocation services should be switched off by default. The user should be made aware of active geolocation services. The user should also be given the option to choose the granularity of his consent. The user should also be given the option to opt-out from databases containing Wi-Fi access points.
22
EXPERIMEDIA
Appendix C.

Checklist for the Experimenters
Checklist for general ethical issues: It must be specified what the key values are behind the service/application; It must be specified what the conditions are for participating; It must be specified where the data will be located; It must be specified what the content is of the processing of data; It must be specified what the purpose is of the processing of the data; It must be specified what the data lifetime is; It must also be specified how the informed consent is obtained; It must be specified whether the consent must be written or not, whether a pop-up screen type is considered to be good enough; It must be specified who the participants of the experiments are.
Checklist for location data issues: It must be specified whether or not it is necessary to store the personal data; It must be specified when the data should be stored; It must be specified whether the user have any choice; It must be specified if the consent can be withdrawn; It must be specified whether or not the data will be erased; It must be specified whether it is possible for the user to opt-out for one day, or it must be stated that such an opt-out is a permanent yes or no choice. In the former case, it must be reviewed how long you can keep the information when the server is switched off; It must be specified whether a user can use a pseudonym which changes every day; It must be specified who has access to the data, whether if it is only the administrators or also other persons, e.g. the stalkers-case; It must be specified if there is an admin log for every data file. It must also be specified who can change these log files, who can access them and who can delete them; It must be specified for how long the log data are stored; It must be specified if the administrator can manipulate them.
Checklist for profiling issues: It must be specified whether if it is possible to connect the data from different locations; It must be specified what about the use of the data for profiling: is location data used to reach other inferences: e.g. is the person rich? Does he live nearby? It must be specified if the processing of the data is only for improvement of content or also for tracking characteristics/traits of persons; It must be specified if the service needs to know the real identity of the users or can they use nicknames;
23
EXPERIMEDIA
It must be specified to which other data sets the feedback of the users will be linked to. This consideration was made since the linking of the users feedback on different information feeds can be useful to learn whether it is always the same user. It is necessary to log who accessed the ECC. It must be clear who can access what data, alter that data or delete it.
Checklist for tracking issues: It must be specified whether the user will be followed between two usages of the service or not. This question is asked since in case of tracking stricter requirements will apply. It must therefore be carefully reconsidered whether such tracking is really necessary; Location should only be stored when the user asks for information about a location not otherwise, e.g. not while being on the move in between the locations about which information is asked.
Checklist for consent issues: If consent is given for participating in the experiment with a mobile application, it must be specified what happens when the mobile phone is given to someone else; It must be specified whether the user must be reminded of his given consent every day. WP29 recommends to remind the user about it once every month (but this has to be checked with the Austrian, Spanish and Greek law); The practical implementation of giving consent: it is not necessary to have the real name of the user since the email address can be used to offer a user channel to exercise the users rights; Potentially there can be two user groups: a group with and one group without an account. Inform user during app installation about the informed consent. It is important to list the assumptions/limitations of risks of the project.
Checklist for anonymisation issues: Some data cannot (automatically) be anonymised (e.g. textual feedback which refers to names, photos and videos where applicable); It must be specified where the data will be kept, whether it is in one territorial location or more. In this matter it must also be reviewed if there is a cross-border exchange.
24

D5.1.6 Second Open Call Ethics Review Report v1.0

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

D5.1.6 Second Open Call Ethics Review Report v1.0

Încărcat de

Drepturi de autor:

Formate disponibile

D5.1.

6 Second Open Call Experiments Ethics Review Report

Peggy Valcke (KU Leuven)

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Appendix A. Appendix B. Appendix C.

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

3. Ethical Assessment of the Experiments

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Appendix A. Ethical Guidelines for undertaking ICT research in FP7

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Appendix B. Legal requirements for privacy and data protection

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Checklist for the Experimenters

Copyright and other members of the EXPERIMEDIA consortium 2013-14

Copyright and other members of the EXPERIMEDIA consortium 2013-14

S-ar putea să vă placă și