eLaws | eCases | United States Code | Federal Courts |
Home » 2024 Issues » 89 FR (12/11/2024) » 2024-29064. Ethical Guidelines for Research Using Pervasive Data

  2024-29064. Ethical Guidelines for Research Using Pervasive Data  

  • Document Headings

    Document headings vary by document type but may contain the following:

    1. the agency or agencies that issued and signed a document
    2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
    3. the agency docket number / agency internal file number
    4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions

    See the Document Drafting Handbook for more details.

    Department of Commerce
    National Telecommunications and Information Administration
    1. [Docket No. 241204-0309]
    2. RIN 0660-XC064

    AGENCY:

    National Telecommunications and Information Administration (NTIA), Department of Commerce.

    ACTION:

    Notice, request for public comments.

    SUMMARY:

    The National Telecommunications and Information Administration (NTIA) is seeking public input on the potential writing of ethical guidelines for the use of “pervasive data” in research. “Pervasive data” refers to data about people gathered through online services. NTIA will rely on these comments, along with stakeholder engagements, in considering whether to draft and issue non-binding guidelines to assist researchers working with pervasive data. Such guidelines, if warranted, would detail how researchers can work with pervasive data while meeting ethical expectations of research and protecting individuals' privacy and other rights.

    DATES:

    Interested persons are invited to submit comments on or before January 15, 2025.

    ADDRESSES:

    All electronic public comments on this action, identified by Regulations.gov docket number NTIA-2024-0004, may be submitted through the Federal eRulemaking Portal at www.regulations.gov. The docket established for this request for comments can be found at www.regulations.gov, NTIA-2024-0004. Please do not include in your comments information of a confidential nature, such as sensitive personal information or proprietary information. All comments received are a part of the public record and will generally be posted to Regulations.gov without change. All personally identifiable information ( e.g., name, address) voluntarily submitted by the commenter may be publicly accessible. Information obtained as a result of this notice may be used by the federal government for program planning on a non-attribution basis.

    FOR FURTHER INFORMATION CONTACT:

    Please direct questions regarding this Request for Comments to Emma Llansó, NTIA, 1401 Constitution Avenue NW, Washington, DC 20230, at ellanso@ntia.gov or 202-482-3821. Please direct media inquiries to NTIA's Office of Public Affairs, telephone: (202) 482-7002; email: press@ntia.gov.

    SUPPLEMENTARY INFORMATION:

    Overview

    The National Telecommunications and Information Administration (NTIA) is seeking input from the public on the potential writing of ethical guidelines for the use of “pervasive data” in research. “Pervasive data” refers to data about people gathered through online services.[1] Researchers have leveraged pervasive data to better understand human behavior, societal forces, public health, and the impact of the technology that surrounds us. These insights are essential for informing policy in the digital age, and researchers and organizations have called for ethical guidelines to help ensure this work is done responsibly.[2] Such guidelines, if warranted, would detail how independent third-party researchers [3] can work with pervasive data while meeting ethical expectations of research and protecting individuals' privacy and other rights. The goal of ethical guidelines would be to outline principles and best practices that researchers, research institutions, data intermediaries,[4] and online service providers can choose to follow when involved in research with pervasive data. Any such ethical guidelines may be a reference for research conducted solely within the United States (U.S.) or through international collaborations.

    NTIA will rely on these comments, along with engagements with researchers, civil society, research institutions, industry, and other government bodies, to consider whether to draft and issue guidelines to assist researchers working with pervasive data. The ethical guidelines outlined for consideration in this Request for Comments would be non-binding and would not supersede any existing laws or regulations, or pre-empt future laws. For example, human subjects research conducted or supported by one of the U.S. government departments or agencies that have adopted the Federal Policy for the Protection of Human Subjects (`Common Rule') [5] would need to adhere to any applicable regulatory requirements. Federal agencies and federal data are bound by additional laws and regulations, which these voluntary ethical guidelines would not supersede.[6]

    Background

    Research with pervasive data is essential in efforts to understand the impact of technology on society. For example, the Kids Online Health and Safety Task Force Report and the Surgeon General's Youth Mental Health Advisory both emphasize that access to pervasive data, paired with privacy safeguards and ethical research guidelines, is essential to understanding technology's impact on children. [7] ( print page 99845) Pervasive data is also crucial to enabling responsible research in other fast-moving technologies. For example, the National Artificial Intelligence (AI) Initiative Act of 2020, along with the CHIPS and Science Act of 2022, include landmark investments in AI research to advance the use of trustworthy AI.[8] Such research often relies on pervasive data and should be conducted ethically.[9]

    Research with pervasive data is widespread and in high demand. To better understand the impact of technology on society, researchers have developed methods for accessing pervasive data, including large-scale collection of publicly available information, entering into agreements with online service providers, and managing collections of user-contributed data.[10] Policymakers in the U.S. and globally have called for providers of online services to make data available to researchers.[11] European regulators recently enacted the Digital Services Act, which mandates that Very Large Online Platforms share pervasive data with researchers to study systemic risks in the information environment.[12] However, the risks to the rights and welfare of individuals associated with the use of pervasive data for research are nuanced and context-specific. This Request for Comments aims to explore these complexities and work toward more ethical practices for researchers working with pervasive data.

    Discussion of research ethics has a long history, and the U.S. government has worked to shape well-recognized principles.[13] In 1979, the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research released the Belmont Report, which outlined three principles: respect for persons, beneficence, and justice.[14] These principles were the foundation of regulations implemented in 1981 by both the Department of Health and Human Services (HHS) and the Food and Drug Administration.[15] Today, a version of the Common Rule, which was revised in 2017, has been adopted by 21 Federal departments and agencies.[16] The regulations mandate that institutions engaged in nonexempt human subjects research supported or conducted by a Common Rule department or agency obtain institutional review board (IRB) approval before research can begin. With certain exemptions, IRBs review human subjects research according to specific criteria which are grounded in the Belmont Report's ethical principles, including a requirement for researchers to obtain informed consent from study participants unless the research is eligible for a waiver of informed consent.[17]

    The Common Rule sometimes applies to research conducted on pervasive data. However, as with other broad categories of research, the Common Rule does not apply to the full range of research using pervasive data and was not designed to address all societal risks associated with research using pervasive data.[18] Specifically, the Common Rule applies to human subjects research which, in the context of online data, involves either obtaining information through an intervention or interaction with the living individual(s) about whom the research is conducted, or obtaining, using, studying, analyzing, or generating identifiable private information about the living individual(s).[19] Therefore, the secondary use of only non-identifiable data in research, for example, would generally not be subject to the Common Rule's requirements, even for research that is federally supported or conducted.[20] Further, some research conducted with identifiable private information may meet the criteria of one or more categories of exemption from the Common Rule requirements, which ( print page 99846) would mean that IRB approval is not required.[21]

    Recognizing the need for ethical guidelines beyond the Belmont Report and Common Rule, multiple institutions have tried to fill the gap. Starting in 2009, the Department of Homeland Security, which is a signatory to the Common Rule, engaged lawyers and computer scientists to draft a set of non-binding ethical guidelines for computer security and network measurement research. This led to the Menlo Report in 2012, which applied the Belmont Principles to network and security research and added an additional principle: respect for law and public interest.[22] The Association of internet Researchers (AoIR) has gone through several versions of ethical guidelines targeted at researchers and organizations involved in studying people in internet-related venues.[23] The American Statistical Association (ASA) has developed guidelines focused on “statistical practice”, which includes, among other things, designing data collection, processing data, and analyzing data.[24] The ASA guidelines also include the development and deployment of algorithms and AI models.

    As technology has continued to advance, online services have developed the capacity to collect data on human behavior at massive scales.[25] Building on the government's commitment to ethical research, NTIA is considering drafting ethical guidelines for research involving pervasive data, which requires considerations beyond those enshrined in existing ethics regulations and practices.[26]

    Pervasive data can be drawn from global networks and may be analyzed by an international community of researchers. Therefore, it is increasingly important to use a global lens to address ethical issues in pervasive data. Advancements in research using pervasive data may benefit from international collaboration and agreed-upon norms for ethical research and the protection of privacy and other rights. For example, the U.S.-EU [27] Trade and Technology Council Working Group on Tech Platform Governance recently announced a shared commitment to advance data access for researchers and has begun discussing such principles.[28]

    Risks created by research vary throughout the lifecycle of a project, from research design to dissemination.[29] Users of commercial online services often do not understand or have control over how their data will be used.[30] Previous research has further found that researchers' use of pervasive data for research is often not consistent with users' expectations, even if the information involves public social media posts.[31] Risks to data subjects presented by research with pervasive data include reidentification of anonymous user accounts; release or inference of information that can be used to perpetuate a range of privacy and other individual-level harms, including fraud, impersonation, discrimination, reputational harms, and emotional distress; and decreased willingness to post and access information online and engage in the digital economy.[32] Research using pervasive data also has the potential to generate societal and/or systemic risks beyond the individual-level risks to data subjects. These risks include the potential to undermine trust in the research ecosystem when users learn about unethical research,[33] further disadvantage historically disadvantaged groups,[34] cause negative impacts on the environment,[35] and create risks from the products of that research, such as machine learning models being used out of context.[36] While researchers across ( print page 99847) the country have taken voluntary measures to consider risks to data subjects in their research with pervasive data, the U.S. does not have a recognized set of shared guidelines.[37]

    This Request for Comments considers ethical issues and risks to privacy and other rights, and mitigation strategies throughout the lifecycle of a research project, from research design, data acquisition, and access, data processing, and analysis to dissemination.[38] The questions recognize that the research design phase allows researchers to reflect on the potential for harm to data subjects, society, and themselves; these considerations should be revisited throughout the remaining phases of research.[39]

    Definitions

    For purposes of responding to this Request for Comments, please refer to the following definitions:

    The term pervasive data is intended to mean data about people—user-contributed, observed, derived, or inferred—collected through online services regardless of the extent to which the data is publicly available, is aggregated, or could lead to the identification of an individual. Pervasive data may include text, images, videos, biometric information, information about a data subject's behavior (purchases, financial standing, media consumption, search history, medical conditions, location, etc.), and other information that makes up a person's digital footprint.[40]

    Online services may include a wide range of information technologies throughout the technology stack/technical infrastructure, including but not limited to web-based monitoring tools, content delivery networks, blockchain technology, digital labor platforms, education technology, Internet of Things devices, connected cars, wearable devices, mobile sensors, data brokers, streaming services, search engines, online marketplaces, social media platforms, and AI systems.[41]

    The term data intermediary is intended to describe an independent entity that is operated specifically to facilitate pervasive data access and sharing under commercial or non-commercial agreements between researchers and online service providers or that evaluates and approves researcher requests for access to designated subsets of stored pervasive data.

    A data subject, for the purposes of this Request for Comments, is an individual whose personal information is contained in the pervasive data. The individual may be a digital device user who creates the information or who sets up and manages an account, or they could be an individual whose data is captured in the user's information ( e.g., a child in a parent's photo, a visitor to a home that has smart devices, an electronically-monitored employee, or a passenger in a vehicle with tracking technology). Data subjects may or may not be “human subjects” as defined in the Common Rule.

    Instructions for Commenters

    Through this Request for Comments, we hope to gather information on the following questions and the broader topic outlined above. These questions are not exhaustive and commenters are invited to provide input on relevant questions not asked below. Commenters are not required to respond to all questions. When responding to one or more of the questions below, commenters are requested to include a question number with each part of their response. Commenters should include a page number on each page of their submissions. Commenters are welcome to provide specific actionable proposals, frameworks, rationales, and relevant facts.

    Questions

    1. What are the potential benefits of developing national-level ethical guidelines for researchers collecting, analyzing, and sharing pervasive data?

    2. What are the potential drawbacks of developing national-level ethical guidelines for researchers collecting, analyzing, and sharing pervasive data?

    3. To what extent does the definition of pervasive data in this Request for Comments capture the appropriate scope for national ethical guidelines?

    a. Are there particular types of data or other digital artifacts [42] that should be carefully considered or included/excluded in the definition?

    b. Are there pre-existing similar definitions, similar to the one provided, that should be considered?

    4. What are some existing barriers to accessing pervasive data?

    a. What are examples of research questions, if any, that are challenging to answer because of the barriers to accessing pervasive data? [43] If possible, also explain why other methodological approaches and data types are insufficient for answering those questions.

    b. If those barriers were removed, what would be the potential benefits and additional risks to society and individuals, if any?

    5. What data held by online services would be most valuable to the public interest if researchers were able to access it?

    6. Consent and autonomy are key principles in human subjects research ethics. However, users of online services may be required to divulge certain personal information and/or have no ability to freely make decisions about its use.[44] How should researchers working with pervasive data consider consent and autonomy?

    a. What, if any, would be an appropriate consent model for research ( print page 99848) with pervasive data? How and how often should consent occur?

    b. Are there alternative models to traditional consent that either support autonomy or provide protections for data subjects in cases where autonomy is limited?

    c. How, if at all, is user autonomy influenced by context, such as the need to use online services for school, work,[45] or socializing?

    7. What ethical issues and risks to privacy and other rights, and mitigation strategies, should be considered during the research design phase?

    a. Users' concerns about researcher data access vary based on contextual factors.[46] What contextual factors increase or alter the risks to data subjects in research using pervasive data? [47]

    b. What factors contribute to a user's expectations of privacy on an online service? [48]

    c. What power differences exist between researchers and data subjects, or between online service providers and data subjects, that could create unique risks and potential for harm.[49] How should these differences be considered and mitigated during the research design phase?

    d. What unique risks affect children and youth? How do these differ depending on their gender, age, developmental capabilities, and other factors? [50] How does this impact the way researchers should think about risks when using pervasive data that includes young data subjects, especially those who are not legally adults? What are best practices when working with pervasive data created by or containing information about children and youth? What is the appropriate role of parents/guardians in such research?

    e. What other vulnerable communities or vulnerability risk factors warrant additional consideration when conducting research with pervasive data? Please explain.

    f. How might researchers account for changes in data subject status over time ( e.g., aging into an adult category; dying; transitioning gender; changing citizenship, employment, disability, or veteran status)? How should researchers consider privacy and other rights when data subjects change status?

    g. When considering ethical issues and risks to privacy and other rights for data subjects, how should researchers consider differences in views across individuals, communities, ethnicities, nationalities, languages, cultures, socioeconomic status, employment status, and educational levels?

    h. How can researchers best conduct research with pervasive data in a way that engages the community, users, and data subjects.[51] What are the best practices for such participatory research that uses pervasive data? What are the challenges and/or barriers to conducting participatory research? What important research questions cannot be answered using participatory mechanisms, and why?

    i. What research conducted with pervasive data could pose societal-level risks beyond those to the researcher and data subject individually? [52] How should researchers assess and mitigate societal-level risks in comparison with potential benefits during the design phase?

    j. How should ethical guidelines address risks to researchers? [53] What risks to researchers are currently difficult for researchers to mitigate on their own?

    k. How, if at all, should ethical guidelines address methodological rigor, including the strength of the underlying research design and the confidence with which conclusions can be drawn?

    l. How do changes in the norms, features, policies, and use of online services impact the ability to have well-understood and accepted methods for the collection, study design, and analysis of pervasive data? How can researchers adapt to changes in online services? How can online service providers support researchers in ethical research with pervasive data?

    8. What are the risks and mitigation measures related to pervasive data acquisition and access? ( print page 99849)

    a. What are the risks to data subjects resulting from the methods used by researchers to access pervasive data? How do these risks vary based on the methods of access? [54]

    b. Pervasive data often includes data subjects from different places, which may involve geographical region, legal jurisdiction, or culture. What limitations are posed by research with pervasive data that only includes data subjects from one place? How can quality research and data integrity be maintained in those cases? What best practices are available to ensure that the treatment of pervasive data across places remains consistent with the privacy expectations where the data were created?

    c. What are the current best practices for de-identifying, pseudonymizing, or aggregating pervasive data? What practices exist to prevent or reduce the chance of re-identification of de-identified data? Where do these techniques fall short? What research questions may require identifiable data, and why? [55]

    d. One common method for mitigating ethical issues and risks to privacy and other rights from sharing data is to provide controlled access.[56]

    i. What are the challenges and opportunities associated with provisioning pervasive data through controlled access?

    ii. What criteria should be used to evaluate a request for controlled access to pervasive data? [57]

    iii. How can evaluation and approval procedures ensure access to pervasive data is non-discriminatory?

    e. Under what conditions should data subjects be notified that their data is used for research? What are necessary and/or best practices for communicating with data subjects when their data is used for research? What barriers exist to notifying data subjects? [58]

    i. When should informed consent be obtained from users or data subjects? What should be the differences between informed consent obtained for a specific project versus for commercial or general secondary use ( e.g., “broad consent”)? What are the barriers to obtaining informed consent from users and data subjects?

    ii. What practices exist to support autonomy of data subjects in ways that may differ from standard concepts of informed consent?

    iii. What are the best ways to communicate with users and data subjects when their data is used for research?

    9. What are the risks and mitigation measures that arise when processing and analyzing pervasive data? [59]

    a. Researchers will sometimes combine pervasive data with other pervasive data or with non-pervasive data from other sources. How might this impact risks? What best practices exist to mitigate these risks?

    10. What are the risks to privacy and other rights related to the dissemination and archiving of research outputs? What mitigation measures exist?

    a. What steps should researchers take to protect data subjects or against societal-level harms prior to the dissemination of research outputs (publications, presentation slides, data visualization, datasets, AI/ML models, etc.)? [60]

    b. Under what circumstances is it appropriate for an online service provider or data intermediary to have access to or review third-party research papers before they are submitted for publication? Are there circumstances where pre-publication review is inappropriate? [61]

    c. Reproducibility can help promote trust in research.[62] What factors do/should researchers consider when deciding when/how to delete, store, share, or archive pervasive data? [63]

    ( print page 99850)

    11. What existing ethical frameworks, such as those from professional organizations [64] or government agencies,[65] should be considered when drafting national-level ethical guidelines for research with pervasive data?

    a. To what extent do existing frameworks apply to the collection and use of pervasive data?

    b. What modifications of existing frameworks might be necessary to ensure that those frameworks are applicable to the needs of research with pervasive data?

    12. What are the existing requirements and legal obligations that impact research with pervasive data?

    a. What are the risks around research that uses pervasive data, if any, that currently fall beyond the usual considerations of IRBs operating under the Common Rule or FDA regulations?

    b. What steps can be taken to ensure that potential new guidelines for research with pervasive data complement the existing regulatory framework for human subjects research?

    c. How can research ethics guidelines be either integrated into existing workflows (such as IRB review processes) or given new workflows to ensure research is performed ethically and in a manner that protects individual privacy and other rights? [66]

    d. To what extent do state laws, federal laws, or other legal obligations [67] create uncertainties, barriers, or appropriate protections for:

    i. Online service providers to voluntarily share pervasive data with researchers?

    ii. Data intermediaries' ability to store and provide access to pervasive data?

    iii. Researchers' ability to collect and analyze pervasive data?

    e. How are researchers constrained by provisions in online service's terms of service, such as online services' general end-user agreements or the terms associated with APIs and other researcher access programs? [68]

    f. Pervasive data can include data subjects that reside outside of the U.S. and are therefore subject to different laws.[69] In what ways do international and foreign laws create uncertainties or barriers for:

    i. Online service providers to voluntarily share pervasive data with researchers?

    ii. Data intermediaries' ability to store and provision access to pervasive data?

    iii. Researchers' ability to collect and analyze pervasive data?

    13. What structured processes (questionnaires, rubrics, assessment frameworks) could be used to determine which techniques should be used to mitigate risks to data subjects and society in research that relies on pervasive data? [70]

    14. How should ethical guidelines take into account future technological advances around research with pervasive data?

    Dated: December 5, 2024.

    Stephanie Weiner,

    Chief Counsel, National Telecommunications and Information Administration.

    Footnotes

    1.  The term pervasive data is intended to mean data about people—user-contributed, observed, derived, or inferred—collected through online services regardless of the extent to which the data is publicly available, is aggregated, or could lead to the identification of an individual. Pervasive data may include text, images, videos, biometric information, information about a data subject's behavior (purchases, financial standing, media consumption, search history, medical conditions, location, etc.), and other information that makes up a person's digital footprint. Online services may include a wide range of information technologies throughout the technology stack/technical infrastructure, including but not limited to web-based monitoring tools, content delivery networks, blockchain technology, digital labor platforms, education technology, Internet of Things devices, connected cars, wearable devices, mobile sensors, data brokers, streaming services, search engines, online marketplaces, social media platforms, and AI systems. The term pervasive data is informed by research conducted under NSF Grant Award Number 1144934 ( https://www.nsf.gov/​awardsearch/​showAward?​AWD_​ID=​1144934).

    Back to Citation

    2.   See e.g. Michael Zimmer, Addressing Conceptual Gaps in Big Data Research Ethics: An Application of Contextual Integrity, Social Media + Society 4, no. 2 (2018), https://doi.org/​10.1177/​2056305118768300; aline shakti franzke et al., internet Research: Ethical Guidelines 3.0, Association of internet Researchers (2020), https://aoir.org/​reports/​ethics3.pdf.

    Back to Citation

    3.  The ethics and privacy guidelines described for consideration in this Request for Comments focus on the flow of data from online service providers to independent researchers that operate outside of the online service provider and are often affiliated with an academic or non-profit institution.

    Back to Citation

    4.  The term data intermediary is intended to describe an independent entity that is operated specifically to facilitate data access and sharing under commercial or non-commercial agreements between researchers and online service providers or that evaluates and approves researcher requests for access to designated subsets of stored pervasive data. See Organisation for Economic Co-operation and Development, Data Stewardship, Access, Sharing, and Control: A Going Digital III module synthesis report, DSTI/CDEP(2022)6/FINAL (2023) at 37.

    Back to Citation

    5.   See Office for Human Research Protections (OHRP), Federal Policy for the Protection of Human Subjects ('Common Rule'), OHRP (June 23, 2009), https://www.hhs.gov/​ohrp/​regulations-and-policy/​regulations/​common-rule/​index.html.

    Back to Citation

    6.   See, e.g., the Privacy Act of 1974, 5 U.S.C. 552a (1974); the Paperwork Reduction Act of 1980, 44 U.S.C. 3501-3521 (1980); the Federal Information Security Modernization Act of 2014, Public Law 113-283 (2014); the E-Government Act of 2002, 44 U.S.C. 101 (2002).

    Back to Citation

    7.  Kids Online Health and Safety Task Force, Online Health and Safety for Children and Youth: Best Practices for Families and Guidance for Industry, Substance Abuse and Mental Health Services Administration (July 19, 2024), https://www.samhsa.gov/​kids-online-health-safety-task-force/​kohs-report-safe-internet-use; Office of the Assistant Secretary for Health (OASH). Surgeon General Issues New Advisory About Effects Social Media Use Has on Youth Mental Health, OASH (May 23, 2023), https://www.hhs.gov/​about/​news/​ 2023/05/23/surgeon-general-issues-new-advisory-about-effects-social-media-use-has-youth-mental-health.html.

    Back to Citation

    8.  William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Public Law 116-283, § Division E (2021). https://www.congress.gov/​bill/​116th-congress/​house-bill/​6395/​text; CHIPS and Science, Public Law 117-167 (2022). https://www.congress.gov/​bill/​117th-congress/​house-bill/​4346/​text.

    Back to Citation

    9.   See e.g. National Institute of Science and Technology, NIST Researchers Suggest Historical Precedent for Ethical AI Research, NIST (February 15, 2024), https://www.nist.gov/​news-events/​news/​2024/​02/​nist-researchers-suggest-historical-precedent-ethical-ai-research.

    Back to Citation

    10.   See e.g. Jakob Ohme, et al., Digital Trace Data Collection for Social Media Effects Research: APIs, Data Donation, and (Screen) Tracking, Communication Methods and Measures 18, no. 2, 124-41 (April 2, 2024), https://doi.org/​10.1080/​19312458.2023.2181319; Michael W. Wagner, Independence by Permission, Science 381, no. 6656, 388-91 (July 28, 2023), https://doi.org/​10.1126/​science.adi2430.

    Back to Citation

    11.   See e.g. The White House, U.S-EU Joint Statement of the Trade and Technology Council, The White House (April 5, 2024), https://www.whitehouse.gov/​briefing-room/​statements-releases/​2024/​04/​05/​u-s-eu-joint-statement-of-the-trade-and-technology-council-3/​; UNESCO, Guidelines for the Governance of Digital Platforms: Safeguarding Freedom of Expression and Access to Information through a Multi-Stakeholder Approach, UNESCO (2023), https://unesdoc.unesco.org/​ark:/48223/​pf0000387339.

    Back to Citation

    12.  Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act), OJ L § Article 40 (2022), http://data.europa.eu/​eli/​reg/​2022/​2065/​oj/​eng.

    Back to Citation

    13.  In addition to ethical guidelines, laws regulating privacy are also relevant for researchers to consider. While the U.S. does not currently have an over-arching data protection law, sectoral laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Family Educational Rights and Privacy Act (FERPA), Children's Online Privacy Protection Act (COPPA), Electronic Communications Privacy Act (ECPA), Federal Trade Commission Act, Digital Millennium Copyright Act (DMCA) and other provisions in Title 17 of the United States Code, Title 9 of the United States Code, Title 18 of the United States Code, the 21st Century Cures Act, and other statutes may be relevant for researchers in certain contexts. Additionally, some online service providers may be under federal consent orders that affect how they can collect and share their users' data, including with researchers.

    Back to Citation

    14.  Office for Human Research Protections (OHRP), The Belmont Report, OHRP (January 28, 2010), https://www.hhs.gov/​ohrp/​regulations-and-policy/​belmont-report/​index.html. For more history on human subjects research, see Michael G. White, Why Human Subjects Research Protection Is Important, The Ochsner Journal 20, no. 1, 16-33 (2020), https://doi.org/​10.31486/​toj.20.5012.

    Back to Citation

    15.  Office for Human Research Protections (OHRP), Federal Policy for the Protection of Human Subjects ('Common Rule'), OHRP (June 23, 2009), https://www.hhs.gov/​ohrp/​regulations-and-policy/​regulations/​common-rule/​index.html.

    Back to Citation

    16.  Office for Human Research Protections (OHRP), Federal Policy for the Protection of Human Subjects ('Common Rule'), OHRP (June 23, 2009), https://www.hhs.gov/​ohrp/​regulations-and-policy/​regulations/​common-rule/​index.html.

    Back to Citation

    17.  Office for Human Research Protections (OHRP), 2018 Requirements (2018 Common Rule, OHRP (March 7, 2017), https://www.hhs.gov/​ohrp/​regulations-and-policy/​regulations/​45-cfr-46/​revised-common-rule-regulatory-text/​index.html.

    Back to Citation

    18.   See A. Michael Froomkin, Big Data: Destroyer of Informed Consent, 21 YALE J.L. & TECH. 27 (2019). See also, Edmund G Howe III, Falicia Elenberg, Ethical Challenges Posed by Big Data, 17 Innov Clin Neurosci. 24-30 (2020). See also, Jessica Vitak et al., Beyond the Belmont Principles: Ethical Challenges, Practices, and Beliefs in the Online Data Research Community, In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing, 941-53. CSCW '16. New York, NY, USA: Association for Computing Machinery (2016), https://doi.org/​10.1145/​2818048.2820078; Michael S. Bernstein, et al., ESR: Ethics and Society Review of Artificial Intelligence Research, arXiv/Stanford University (July 9, 2021), https://doi.org/​10.48550/​arXiv.2106.11521.

    Back to Citation

    19.  45 CFR 46.102. Note that the Common Rule also includes definitions of both “private information” and “identifiable private information.” Specifically, “[p]rivate information includes information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information that has been provided for specific purposes by an individual and that the individual can reasonably expect will not be made public ( e.g., a medical record)” and “[i]dentifiable private information is private information for which the identity of the subject is or may readily be ascertained by the investigator or associated with the information.” Also, note that not all Common Rule signatories incorporate the Common Rule regulations into their own agency-specific regulations.

    Back to Citation

    20.  Office for Human Research Protections (OHRP), Human Subject Regulations Decision Charts: 2018 Requirements (December 28, 2010), https://www.hhs.gov/​ohrp/​regulations-and-policy/​decision-charts-2018/​index.html.

    Back to Citation

    21.  Office for Human Research Protections (OHRP), Human Subject Regulations Decision Charts: 2018 Requirements (December 28, 2010), https://www.hhs.gov/​ohrp/​regulations-and-policy/​decision-charts-2018/​index.html.

    Back to Citation

    22.   See Homeland Security, Menlo Report: Ethical Principles Guiding Information and Communication Technology Research (August 3, 2012). See also, Megan Finn and Katie Shilton, Ethics Governance Development: The Case of the Menlo Report, Social Studies of Science 53, no. 3, 315-40 (2023), https://doi.org/​10.1177/​03063127231151708.

    Back to Citation

    23.   See aline shakti franzke et al., internet Research: Ethical Guidelines 3.0, Association of internet Researchers (2020), https://aoir.org/​reports/​ethics3.pdf.

    Back to Citation

    24.   See Ethical Guidelines for Statistical Practice, American Statistical Association (February 2022), https://www.amstat.org/​docs/​default-source/​amstat-documents/​ethicalguidelines.pdf.

    Back to Citation

    25.   See, e.g., Patrick S. Park, et al., The Strength of Long-Range Ties in Population-Scale Social Networks, Science 362, no. 6421 (December 21, 2018), https://doi.org/​10.1126/​science.aau9735. See also, Claire E. Robertson, et al., Negativity Drives Online News Consumption, Nature Human Behaviour 7, no. 5, 812-22 (May 2023), https://doi.org/​10.1038/​s41562-023-01538-4. See also, Markus Schläpfer, et al., The Universal Visitation Law of Human Mobility, Nature 593, no. 7860, 522-27, (May 2021), https://doi.org/​10.1038/​s41586-021-03480-9.

    Back to Citation

    26.   See e.g. The World Medical Association, WMA Declaration of Taipei on Ethical Considerations Regarding Health Databases and Biobanks (October, 2016), https://www.wma.net/​policies-post/​wma-declaration-of-taipei-on-ethical-considerations-regarding-health-databases-and-biobanks/​. For example, The World Medical Association also codified the Declaration of Taipei in 2016, which includes ethical principles for research with health databases.

    Back to Citation

    27.  European Union.

    Back to Citation

    28.   See e.g. The White House, U.S.-EU Joint Statement of the Trade and Technology Council, The White House (May 31, 2023), https://www.whitehouse.gov/​briefing-room/​statements-releases/​2023/​05/​31/​u-s-eu-joint-statement-of-the-trade-and-technology-council-2/​; U.S.- EU Trade and Technology Council (TTC), Joint Principles on Combatting Gender Based Violence in the Digital Environment | Shaping Europe's Digital Future (April 5, 2024), https://digital-strategy.ec.europa.eu/​en/​library/​us-eu-trade-and-technology-council-ttc-joint-principles-combatting-gender-based-violence-digital.

    Back to Citation

    29.   See aline shakti franzke et al., internet Research: Ethical Guidelines 3.0, Association of internet Researchers (2020), https://aoir.org/​reports/​ethics3.pdf.

    Back to Citation

    30.   See e.g. Omer Tene & Jules Polonetsky, Big Data for All: Privacy and User Control in the Age of Analytics, 11 NW. J. TECH. & INTELL. PROP. 239 April 2013; Jonathan A. Obar & Anne Oeldorf-Hirsch, The Biggest Lie on the internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services, Information, Communication & Society 23, no. 1, 128-4 (January 2, 2020), https://doi.org/​10.1080/​1369118X.2018.1486870; Transparency and various forms of user control are at the heart of the Fair Information Practice Principles, which were first articulated in a 1973 Federal Government report from the Department of Health, Education, and Welfare Advisory Committee, “Records, Computers and the Rights of Citizens.” See FPC.gov, Fair Information Practice Principles (FIPPs) (1973), https://www.fpc.gov/​resources/​fipps/​.

    Back to Citation

    31.   See e.g. Casey Fiesler & Nicholas Proferes, Participant' Perceptions of Twitter Research Ethics, Social Media + Society 4, no. 1 (2018), https://doi.org/​10.1177/​2056305118763366; Michael Zimmer, But the Data Is Already Public': On the Ethics of Research in Facebook, Ethics and Information Technology 12, no. 4, 313-25 (December 1, 2010), https://doi.org/​10.1007/​s10676-010-9227-5.

    Back to Citation

    32.   See Michael Zimmer, Addressing Conceptual Gaps in Big Data Research Ethics: An Application of Contextual Integrity, Social Media + Society 4, no. 2 (2018), https://doi.org/​10.1177/​2056305118768300; Daniel J. Solove & Danielle Keats, Privacy Harms, GW Law Faculty Publications & Other Works. 1534 (2021), https://scholarship.law.gwu.edu/​faculty_​publications/​1534.

    Back to Citation

    33.   See Mary L. Gray, A Human Rights Framework for AI Research Worthy of Public Trust, Issues in Science and Technology, May 21, 2024, http://issues.org/​ai-ethics-research-framework-human-rights-gray/​; Danah Boyd, Untangling Research and Practice: What Facebook's `Emotional Contagion' Study Teaches Us. Research Ethics 12, no. 1, 4-13 (2016), https://doi.org/​10.1177/​1747016115583379.

    Back to Citation

    34.   See Jonathan Herington, et al., Ethical Imperatives for Working With Diverse Populations in Digital Research, Journal of Medical internet Research 25, no. 1 (September 18, 2023), https://doi.org/​10.2196/​47884; Alex Thompson, et al., Ethical Considerations and Challenges for Using Digital Ethnography to Research Vulnerable Populations, Journal of Business Research 124, 676-83 (January 1, 2021), https://doi.org/​10.1016/​j.jbusres.2020.02.025.

    Back to Citation

    35.   See Jude Coleman, AI's Climate Impact Goes beyond Its Emissions, Scientific American (Dec 7, 2023), https://www.scientificamerican.com/​article/​ais-climate-impact-goes-beyond-its-emissions/​; See also Irene V. Pasquetto, What Is Research Data ‘Misuse’? And How Can It Be Prevented or Mitigated?, Journal of the Association for Information Science and Technology (July 27, 2024), https://doi.org/​10.1002/​asi.24944.

    Back to Citation

    36.   See Kristen K. Greene et al., Avoiding Past Mistakes in Unethical Human Subjects Research: Moving From Artificial Intelligence Principles to Practice, Computer 57, no. 2, 53-63 (February 2024), https://doi.org/​10.1109/​MC.2023.3327653; Anja Bechmann & Bendert Zevenbergen, AI, and Machine Learning: internet Research Ethics Guidelines, IRE 3.0 Companion 6.1, Association of Internet Researchers, 33-49 (2020), https://aoir.org/​reports/​ethics3.pdf.

    Back to Citation

    37.   See Jessica Vitak et al., Beyond the Belmont Principles: Ethical Challenges, Practices, and Beliefs in the Online Data Research Community, In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing, 941-53. CSCW '16. New York, NY, USA: Association for Computing Machinery (2016), https://doi.org/​10.1145/​2818048.2820078; Katie Shilton & Sheridan Sayles, We Aren't All Going to Be on the Same Page about Ethics': Ethical Practices and Challenges in Research on Digital and Social Media, In Proceedings of the 2016 49th Hawaii International Conference on System Sciences (HICSS), 1909-18. HICSS '16. USA: IEEE Computer Society (2016), https://doi.org/​10.1109/​HICSS.2016.242. See also Madhulika Srikmar et al., Advancing Ethics Review Practices in AI Research. Nature Machine Intelligence 4, no. 12, 1061-64 (December 2022), https://doi.org/​10.1038/​s42256-022-00585-2.

    Back to Citation

    38.   See aline shakti franzke et al., internet Research: Ethical Guidelines 3.0, Association of internet Researchers (2020), https://aoir.org/​reports/​ethics3.pdf.

    Back to Citation

    39.   See e.g. Katie Shilton, et al., Excavating Awareness and Power in Data Science: A Manifesto for Trustworthy Pervasive Data Research, Big Data & Society 8, no. 2 (2021), https://doi.org/​10.1177/​20539517211040759; Annette Markham, Ethic as Method, Method as Ethic: A Case for Reflexivity in Qualitative ICT Research, Journal of Information Ethics 15, no. 2, 37-54 (November 1, 2006), https://doi.org/​10.3172/​JIE.15.2.37.

    Back to Citation

    40.  This project does not include biospecimens as pervasive data.

    Back to Citation

    41.  For the purpose of this project, online services do not include health plans, healthcare clearinghouses, or healthcare providers as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

    Back to Citation

    42.  Here, the term digital artifact is intended to include digital information that may not immediately be recognized as data, regardless of whether the information satisfies any particular definition of data. Examples might include AI models or systems, algorithm-to-human response patterns, or digital items exchanged in a marketplace.

    Back to Citation

    43.   See e.g. U.S -EU Trade and Technology Council, Commission and White House Published Workshop Report on Researcher Access to Online Platform Data and Its Role for Research on Gender-Based Violence Online | Shaping Europe's Digital Future, European Commission (May 6, 2024), https://digital-strategy.ec.europa.eu/​en/​news/​commission-and-white-house-published-workshop-report-researcher-access-online-platform-data-and-its.

    Back to Citation

    44.   See, e.g., Omer Tene & Jules Polonetsky, Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. & Intell. Prop. 239 (2013), https://scholarlycommons.law.northwestern.edu/​njtip/​vol11/​iss5/​1/​.

    Back to Citation

    45.   See, e.g., Ifeoma Ajunwa, Kate Crawford & Jason Schultz, Limitless Worker Surveillance, 105 Calif. L. Rev. 735 (2017), https://heinonline.org/​HOL/​LandingPage?​handle=​hein.journals/​calr105&​div=​28&​id=​&​page=​.

    Back to Citation

    46.   See Michael Zimmer, Addressing Conceptual Gaps in Big Data Research Ethics: An Application of Contextual Integrity, Social Media + Society 4, no. 2 (2018), https://doi.org/​10.1177/​2056305118768300; Sarah Gilbert, When Research Is the Context: Cross-Platform User Expectations for Social Media Data Reuse, Big Data & Society 10, no. 1 (2023), https://doi.org/​10.1177/​20539517231164108; Kristen E. Martin, Diminished or Just Different? A Factorial Vignette Study of Privacy as a Social Contract, Journal of Business Ethics 111, no. 4, 519-39 (December 1, 2012), https://doi.org/​10.1007/​s10551-012-1215-8; Kirsten Martin & Katie Shilton, Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices, The Information Society, 32:3, 200-216 (2016), https://doi.org/​10.1080/​01972243.2016.1153012.

    Back to Citation

    47.  Considerations may include, for example, the type of online service (social media, marketplace, infrastructure), the type of data collected (comments, photos, geolocation), demographics of the data subjects as a group, the situation in which data is collected ( e.g., in the workplace), online service features, values and norms on the online service, feasibility of reidentification or research topic, how research output might be used for other purposes, and the data quality and fitness for purpose, See, e.g., Russell T. Vought, Office of Management and Budget, Memorandum re: Improving Implementation of the Information Quality Act (April 24th, 2019), https://www.whitehouse.gov/​wp-content/​uploads/​2019/​04/​M-19-15.pdf.

    Back to Citation

    48.  Considerations may include, for example, high-profile accounts, audience settings, requirements that users log in to view content, encryption services, data sharing/linking provisions, and privacy policies. See also James M. Hudson & Amy Bruckman, “Go Away”: Participant Objections to Being Studied and the Ethics of Chatroom Research. The Information Society 20, 2, 127-139 (April 2004), https://doi.org/​10.1080/​01972240490423030.

    Back to Citation

    49.   See Matt Scherer, Warning: Bossware May Be Hazardous to Your Health, Center for Democracy & Technology (2021), https://cdt.org/​wp-content/​uploads/​2021/​07/​2021-07-29-Warning-Bossware-May-Be-Hazardous-To-Your-Health-Final.pdf; Alexander Hertel-Fernandez, Estimating the prevalence of automated management and surveillance technologies at work and their impact on workers' well-being, Washington Center for Equitable Growth (n.d.), https://equitablegrowth.org/​research-paper/​estimating-the-prevalence-of-automated-management-and-surveillance-technologies-at-work-and-their-impact-on-workers-well-being/​; Katie Shilton, et al., Excavating Awareness and Power in Data Science: A Manifesto for Trustworthy Pervasive Data Research, Big Data & Society 8, no. 2 (2021), https://doi.org/​10.1177/​20539517211040759; Anne Beaulieu & Adolfo Estalella, Rethinking Research Ethics for Mediated Settings, Information, Communication & Society 15, no. 1, 23-42 (2012), https://doi.org/​10.1080/​1369118X.2010.535838.

    Back to Citation

    50.   See, e.g., Office of the Assistant Secretary for Health (OASH). Surgeon General Issues New Advisory About Effects Social Media Use Has on Youth Mental Health, OASH (May 23, 2023), https://www.hhs.gov/​about/​news/​2023/​05/​23/​surgeon-general-issues-new-advisory-about-effects-social-media-use-has-youth-mental-health.html.

    Back to Citation

    51.   See e.g. Nathan J. Matias & Merry Mou, CivilServant: Community-Led Experiments in Platform Governance, In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 1-13. CHI '18. New York, NY, USA: Association for Computing Machinery (2018), https://doi.org/​10.1145/​3173574.3173583; Tom Denison & Larry Stillman, Academic and Ethical Challenges in Participatory Models of Community Research, Information, Communication & Society 15, no. 7, 1037-54 (2012), https://doi.org/​10.1080/​1369118X.2012.656138.

    Back to Citation

    52.  Societal-level risks may include risks to groups including historically marginalized or otherwise vulnerable communities, crowd workers (workers that label data and/or complete surveys), the environment, trust in research, national security, and others. See Anja Bechmann & Bendert Zevenbergen, AI and Machine Learning: internet Research Ethics Guidelines, IRE 3.0 Companion 6.1, Association of internet Researchers, 33-49 (2020), https://aoir.org/​reports/​ethics3.pdf, at 46; Michael S. Bernstein, et al., ESR: Ethics and Society Review of Artificial Intelligence Research, arXiv/Stanford University (July 9, 2021), https://doi.org/​10.48550/​arXiv.2106.11521.

    Back to Citation

    53.  Risks to researchers may include but are not limited to, legal risks, challenges associated with studying content that evokes strong emotional reactions, or personal and professional hazards from performing public research on controversial topics. See aline shakti franzke et al., internet Research: Ethical Guidelines 3.0, Association of internet Researchers (2020), https://aoir.org/​reports/​ethics3.pdf, at 11; Aya Yadlin, Understanding Researcher Risk and Safety in Qualitative Research Online, Digital Society 3, no. 1, 4 (February 1, 2024), https://doi.org/​10.1007/​s44206-024-00089-z.

    Back to Citation

    54.  See, e.g., Sandvig, C., Hamilton, K., Karahalios, K., & Langbort, C. (2014). Auditing algorithms: Research methods for detecting discrimination on internet platforms. Data and discrimination: converting critical concerns into productive inquiry, 22(2014), 4349-4357. Responses may address the following methods as well as any others not listed: Web scrapers/crawlers, Application Programming Interfaces (APIs), clean rooms/data enclaves/secure computer interfaces, data donations through data portability features built within an online service, data donations through data exports provided to the user by request to the online service (a mandate in some data protection laws), data donations through a passive sensing app or browser extensions, contract-based partnerships between researchers and online service providers, contracts or data purchases between researchers and data intermediaries, virtual data centers, research data centers such as FSRDCs and FFRDCs, or workplace observation.

    Back to Citation

    55.   See Jacob Metcalf & Kate Crawford. “Where Are Human Subjects in Big Data Research? The Emerging Ethics Divide.” Big Data & Society 3, no. 1 (2016), https://doi.org/​10.1177/​2053951716650211. See also Networking and Information Technology Research and Development Subcommittee of the National Science and Technology Council, National Strategy to Advance Preserving Data and Analytics, White House (March 2023), https://www.whitehouse.gov/​wp-content/​uploads/​2023/​03/​National-Strategy-to-Advance-Privacy-Preserving-Data-Sharing-and-Analytics.pdf.

    Back to Citation

    56.   See Christopher Morten et al., Researcher Access to Social Media Data: Lessons from Clinical Trial Data Sharing, 38 Berkeley Tech. L.J. 109 (2024), U of Michigan Public Law Research Paper No. 24-017 (April 1, 2024), https://doi.org/​10.2139/​ssrn.4716353. See also, Jeffrey Mervis, Accessing U.S. Data for Research Just Got Easier, Science (December 8, 2022), https://doi.org/​10.1126/​science.adg2113; National Institutes of Health, Designating Scientific Data for Controlled Access | Data Sharing, (Accessed August 31, 2024). https://sharing.nih.gov/​data-management-and-sharing-policy/​protecting-participant-privacy-when-sharing-scientific-data/​designating-scientific-data-for-controlled-access; The National Secure Data Service Demonstration, https://ncses.nsf.gov/​initiatives/​national-secure-data-service-demo; The Standard Application Process, https://ncses.nsf.gov/​initiatives/​standard-application-process.

    Back to Citation

    57.  Considerations might include, for example, the researcher ( e.g., affiliation), the research project ( e.g., research design, data security), the type of data ( e.g., identifiability, publicness, source, level of sensitivity, or information modality) or other factors.

    Back to Citation

    58.   See National Institutes of Health, Informed Consent for Research Using Digital Health Technologies, 2024, https://osp.od.nih.gov/​wp-content/​uploads/​2024/​05/​DigitalHealthResource_​Final.pdf; Nathan J. Matais & Merry Mou, CivilServant: Community-Led Experiments in Platform Governance, In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 1-13. CHI '18. New York, NY, USA: Association for Computing Machinery (2018), https://doi.org/​10.1145/​3173574.3173583; Casey Fiesler & Nicholas Proferes, Participant' Perceptions of Twitter Research Ethics, Social Media + Society 4, no. 1 (2018), https://doi.org/​10.1177/​2056305118763366.

    Back to Citation

    59.  Considerations may include assumptions made about the data, methodological flaws, misapplication of AI/ML systems, or statistical techniques used to analyze data. See e.g., Anja Bechmann & Bendert Zevenbergen, AI and Machine Learning: internet Research Ethics Guidelines, IRE 3.0 Companion 6.1, Association of internet Researchers, 33-49 (2020), https://aoir.org/​reports/​ethics3.pdf; See also Zeynep Tufekci. Big Questions for Social Media Big Data: Representativeness, Validity and Other Methodological Pitfalls, Proceedings of the International AAAI Conference on Web and Social Media 8, no. 1, 505-14 (May 16, 2014), https://doi.org/​10.1609/​icwsm.v8i1.14517.

    Back to Citation

    60.   See e.g. Anja Bechmann & Bendert Zevenbergen, AI and Machine Learning: internet Research Ethics Guidelines, IRE 3.0 Companion 6.1, Association of internet Researchers, 33-49 (2020), https://aoir.org/​reports/​ethics3.pdf at 43; Irene V. Pasquetto, What Is Research Data `Misuse'? And How Can It Be Prevented or Mitigated?, Journal of the Association for Information Science and Technology (July 27, 2024), https://doi.org/​10.1002/​asi.24944.

    Back to Citation

    61.   See e.g. U.S.-EU Trade and Technology Council, Status Report: Mechanisms for Researcher Access to Online Platform Data | Shaping Europe's Digital Future, Section 1.5.2 (April 5, 2024) https://digital-strategy.ec.europa.eu/​en/​library/​status-report-mechanisms-researcher-access-online-platform-data.

    Back to Citation

    62.  See Moving towards Reproducible Machine Learning, Nature Computational Science 1, no. 10, 629-30 (October 2021), https://doi.org/​10.1038/​s43588-021-00152-6. See also Committee on Reproducibility and Replicability in Science, et al., Reproducibility and Replicability in Science, Washington, DC, National Academies Press (2019), https://doi.org/​10.17226/​25303.

    Back to Citation

    63.  Such factors might include but are not limited to: Treatment of user-created data that either the user or the online service provider deleted after the research project; Storage of data that includes information about data subjects that are not users; Length of time to store data following the conclusion of a research project and when and how to delete that data; Level of access to stored data ( e.g., is it available to the public or only researchers that have been granted access); Prior communication with data subjects, including whether data subjects received notice or gave informed consent; The types of data collected and the level of aggregation/deidentification performed; Restrictions or controls on how data can be reshared or used, including whether data can be used for commercial purposes.

    Back to Citation

    64.   See, e.g., Ethical Guidelines for Statistical Practice, American Statistical Association (February 2022), https://www.amstat.org/​docs/​default-source/​amstat-documents/​ethicalguidelines.pdf. See also aline shakti franzke, et al. Internet Research: Ethical Guidelines 3.0 (2020), https://aoir.org/​reports/​ethics3.pdf.

    Back to Citation

    65.   See, e.g., Artificial Intelligence And Worker Well-being: Principles And Best Practices For Developers And Employers, Department of Labor (n.d.), https://www.dol.gov/​general/​AI-Principles; Ethics Principles for Access to and Use of Veteran Data, Department of Veterans Affairs (n.d.), https://digital.va.gov/​ethics-principles-for-access-to-and-use-of-veteran-data/​; NIST Privacy Framework (2020), https://doi.org/​10.6028/​NIST.CSWP.01162020.

    Back to Citation

    66.   See e.g. Jessica Pater, et al., No Humans Here: Ethical Speculation on Public Data, Unintended Consequences, and the Limits of Institutional Review, Proc. ACM Hum.-Comput. Interact. 6, no. GROUP 38, 1-13 (January 14, 2022), https://doi.org/​10.1145/​3492857.

    Back to Citation

    67.  In addition to the laws referenced in the Background, laws such as the Confidential Information Protection and Statistical Efficiency Act and Title 13 of the U.S. Code also set requirements for interactions with data.

    Back to Citation

    68.   See U.S.-EU Trade and Technology Council, Status Report: Mechanisms for Researcher Access to Online Platform Data | Shaping Europe's Digital Future, Section 1.5.2 (April 5, 2024) https://digital-strategy.ec.europa.eu/​en/​library/​status-report-mechanisms-researcher-access-online-platform-data at Section 1.5. See also Casey Fiesler, et al., No Robots, Spiders, or Scrapers: Legal and Ethical Regulation of Data Collection Methods in Social Media Terms of Service, Proceedings of the International AAAI Conference on Web and Social Media 14, 187-96 (May 26, 2020), https://doi.org/​10.1609/​icwsm.v14i1.7290. See also Emil Chiauzzi, & Paul Wicks, Digital Trespass: Ethical and Terms-of-Use Violations by Researchers Accessing Data From an Online Patient Community, Journal of Medical internet Research 21, no. 2 (February 21, 2019), https://doi.org/​10.2196/​11985.

    Back to Citation

    70.  See, for example, the following examples of frameworks, questionaries, rubrics, and assessment tools to help researchers reason through ethical principles and select best practices: Michael S. Bernstein, et al., ESR: Ethics and Society Review of Artificial Intelligence Research, arXiv/Stanford University (July 9, 2021), https://doi.org/​10.48550/​arXiv.2106.11521; Katie Shilton et al., PERVADE Decision Support Tool—PERVADE, University of Maryland (April 10, 2024), https://pervade.umd.edu/​2024/​04/​pervade-decision-support-tool/​; European Digital Media Observatory, EDMO Releases Report on Researcher Access to Platform Data, 76 (May 31, 2022), https://edmo.eu/​2022/​05/​31/​edmo-releases-report-on-researcher-access-to-platform-data/​; Annette N Markham et al., Ethics as Methods: Doing Ethics in the Era of Big Data Research—Introduction, Social Media + Society 4, no. 3 (2018), https://doi.org/​10.1177/​2056305118784502; Lorrie Cranor et al., Conference Submission and Review Policies to Foster Responsible Computing Research, Washington, DC Computing Research Association (2024) https://cra.org/​wp-content/​uploads/​2024/​07/​Report-Conference-Submission-and-Review-Policies.pdf.

    Back to Citation

    [FR Doc. 2024-29064 Filed 12-10-24; 8:45 am]

    BILLING CODE 3510-60-P

Visit the Official Version
Leave a Comment

Document Information

Published:
12/11/2024
Department:
National Telecommunications and Information Administration
Entry Type:
Notice
Action:
Notice, request for public comments.
Document Number:
2024-29064
Dates:
Interested persons are invited to submit comments on or before January 15, 2025.
Pages:
99844-99850 (7 pages)
Docket Numbers:
Docket No. 241204-0309
RINs:
0660-XC06
PDF File:
2024-29064.pdf