These are some essential tips provided by the Ethics information for Linguistics and English Language that you must follow if you are planning to gain access to data from a social network:
- If the data are in the public domain, you must abide by any requirements stated by the corpus provider, including with respect to anonymity, or any other conditions on use.
- Some corpora may require ethical approval, especially corpora that include physical or mental health data, or corpora that contain data that could be used to de-anonymize individuals (e.g. when free-text responses are allowed).
- If the data are not in the public domain, you must ensure that your use of the data conforms to any requirements stated by the corpus provider. For example, the data must not be shared in any unauthorized manner (e.g., posted online).
- In either case, if there is reason to suspect that the people who initially provided the data were not aware that it would be used for research purposes, you should carefully consider the ethical implications of your research, including whether you should obtain informed consent.
All these tips can be concreted in the following steps:
- First, always keep in mind the reasonable expectations of the data subjects about the use of their data (Recital 47, GDPR).This is essential in most social networks Developers Policies. For instance, Twitter Developer Policy states that “we prohibit the use of Twitter data in any way that would be inconsistent with people’s reasonable expectations of privacy. By building on the Twitter API or accessing Twitter Content, you have a special role to play in safeguarding this commitment, most importantly by respecting people’s privacy and providing them with transparency and control over how their data is used.”
- Second, obtaining approval to access the APIs and the Contents of a social network is never enough to ensure a lawful data processing. It is just the first step. Most of the social networks have developed detailed Platform Usage Guidelines that researchers must strictly followto ensure policy compliance for their planned use of the platforms and compliance with data protection ethical and legal requirements.
- Third, most of the social networks have developed tools that provide support to researchers willing to use their Application Programming Interface (APIs). It is always recommendable that researchers use these services in case of doubt on data processing.
- Fourth, however, researchers and innovators should never forget that, as a controller, you are responsible for ensuring that the data protection framework is adequately respected. Thus, you should check whether the statements on the legitimacy of the data processing carried out by the social networks correspond to reality. Reviewing their data collection policies to check the soundness of the consents granted from a GDPR perspective seems a necessary or, at least, prudent requirement.
- Fifth, researchers/innovators shall keep in mind that social networks might change their policies from time to time without notice. Since they usually introduce this caution in their own policies, researchers take responsibility for keeping themselves informed about these possible changes. Thus, periodic reviews of such policies are highly recommended.
- Sixth, since researchers will be processing data that have not been obtained from the data subject, they shall provide the data subject with the information requested by article 14 unless any of the circumstances quoted in its point 5 apply.
- Finally, in case of doubt, always consult your Data Protection Officer and, if necessary, the corresponding Data Protection Authority.
|Box: Considering data subjects’ expectations and concerns. The twitter case
Most researchers who use data sets of tweets do not gain consent from each Twitter user whose tweet is collected, nor are those users typically given notice by the researcher.
Source:Fiesler C, Proferes N. “Participant” Perceptions of Twitter Research Ethics. Social Media + Society. January 2018. doi:10.1177/2056305118763366
Researchers and innovators who use data obtained from social networks are responsible for complying with all policies settled by those networks. Thus, it is essential that they review and understand these policies before they access the social networks’ APIs and contents. The time spent reviewing their policies may save researchers hours of further work down the road and may even help them avoid legal responsibilities.
|Checklist. Gaining access to data
☐ If the data are in the public domain, the controllers have abided by any requirements stated by the corpus provider, including with respect to anonymity, or any other conditions on use.
☐ If the data are not in the public domain, the controllers have ensured that their use of the data conforms to any requirements stated by the corpus provider.
☐ The controllers are familiar with thePlatform Usage Guidelines that they must strictly follow to ensure policy compliance for their planned use of the platforms and compliance with data protection ethical and legal requirements.
☐ The controllers have considered the reasonable expectations of the data subjects about the use of their data.
☐ The controllers have checked whether the statements on the legitimacy of the data processing carried out by the social networks correspond to reality
☐ The researchers/controllers are aware that they take responsibility for keeping themselves informed about possible changes in the platform policies. Periodic reviews of such policies are performed
☐ The controllers provide the data subjects with the information requested by article 14 unless any of the circumstances quoted in its point 5 apply