The ICC/ESOMAR Code on Market and Social Research sets out the professional and ethical rules which market researchers follow and has been adopted by more than 4,900 ESOMAR members and 60 national market research associations worldwide.
|2.1||Handling personal data|
|2.2||Notifications and e-mail|
|2.4||Children and young people|
Handling personal data
Data provided by respondents is confidential and the identity of respondents must be protected. The identity of respondents must not be revealed to the user of the information without respondents’ explicit consent and the researcher must ensure that information is collected for specified research purposes and not used in any manner incompatible with these purposes (see Article 7 of the ICC/ESOMAR International Code). No personally identifiable information may be used for subsequent non-research purposes such as direct marketing, list-building, credit rating, fund-raising or other marketing activities relating to those individual respondents (see Article 1d of the Notes to the ICC/ESOMAR International Code).
A respondent’s e-mail address or other personal identifiers (e.g. screen or user name or device identifier where it is recorded in the data) are personal data and must be protected in the same way as other identifiers. Read more
If all data which could lead to the identification of an individual are removed from data records (including identifying serial numbers which link to a separate file of identity data) the data set no longer contains personal data and is no longer subject to the requirements of data protection and privacy laws or to early deletion.
Notifications and e-mail
Researchers must remain mindful of concerns about privacy and intrusion and not make unsolicited e-mail approaches to potential respondents even in countries where this is still permitted by the law unless individuals have a reasonable expectation that they may be contacted for research.
Researchers must reduce any inconvenience such an e-mail might cause to the recipient by clearly stating its purpose in the subject heading and keeping the total message as brief as possible.
The same requirement applies to other electronic messages (eg instant messaging, SMS etc). See section 4.4 on Interactive mobile.
The general principle is that market researchers will not use unsolicited e-mails to recruit respondents for research purposes whether consumer or business-to-business. Read more
Researchers are required to verify that individuals contacted by e-mail for research have a reasonable expectation that they will receive a contact for research. Such agreement can be assumed when all of the following conditions exist:
Researchers must not use any subterfuge in obtaining electronic addresses of potential respondents, such as collecting e-mail addresses from public domains or under the guise of some other activity, or using technologies or techniques to collect e-mail addresses without individuals’ awareness.
Researchers must not use false or misleading return e-mail addresses when recruiting respondents over the internet.
Unsolicited survey invitation e-mails may be sent to business-to-business research respondents provided that researchers comply with points 3 and 4, as well as the anti-spam policies of their internet and e-mail service providers. This also applies to e-mail addresses of professionals whose details have been published in the public domain - e.g. lists of doctors or lawyers.
When receiving e-mail lists from clients or list owners, researchers must have the client or list provider confirm in writing and/or some durable form that individuals listed have a reasonable expectation that they will receive e-mail contact, as defined above.
It is good practice for researchers to keep copies of e-mails and other documents received from respondents agreeing to, or restricting, the use of or access to their personal information. This is a legal requirement in some countries, amongst others, all EU (European Union) member states, Argentina, Australia, Canada, New Zealand, and U.S. companies that participate in the U.S.-EU Safe Harbour Framework.
Statement of who is doing the research. This could include a hyperlink to the research company home page for more information.
Who it is for: explanation that each survey will contain information about the identity of the company/organisation the research is being done for, unless there are good reasons for not providing this information. If the research company is providing a data collection service, the identity and contact details of the company receiving the personal data and therefore the “data controller”, in EU terminology, should be provided. For further guidance on this issue see the Notes on how to apply the ICC/ESOMAR International Code note on Article 4.
Guarantee that in all circumstances identities of individual respondents and their answers will be treated as confidential and will be used only for research purposes unless the respondent explicitly requests or agrees to disclosure to a third party.
Will not mislead you: e.g. ”In obtaining your co-operation we will not mislead you about the nature of the research or the uses which will be made of the findings”.
Voluntary: e.g. “As with all forms of market, social and opinion research, your co-operation is voluntary. No personal information is sought from or about you without your prior knowledge and agreement”.
Withdraw: e.g. “You are entitled to withdraw at any stage of the interview, or subse¬quently, to ask that part or all of the record of your interview is destroyed or deleted. Wherever reasonable and practical we will conform to such a request”.
Identification and tracking technologies: clear state¬ment of any technologies and processing related to the survey that are taking place. In addition to specific software that may be downloaded to a respondent’s computer or device, most web surveys can detect information about the respondent without their knowledge such as browser type, user name and computer identification. Statements should say clearly what information is being captured and used during the interview (e.g. data collected for tracking purposes to deliver a page optimised to suit the browser) and whether any of this information is being retained as part of the survey or administrative records.
Children: clear statement about how interviews with children will be carried out e.g. “In research involving children, we will seek the verifiable permission of a parent, legal guardian or other person legally responsible for the child before an interview commences”.
How to contact us: e.g. “We will provide a postal address, an e-mail address and/or a freephone number for respondents to contact us to discuss any concerns about a particular survey”.
Security measures: e.g. “Our web site has security measures in place to protect the loss, misuse, and alteration of the information you provide to us. Only authorised employees have access to the information for data analysis and quality control purposes. If personal data are transferred to third parties, we ensure that they employ at least an equivalent level of security measures”.
Unsolicited mail: state policy not to send unsolicited mail or pass on e-mail addresses to others for this purpose.
Where the data is held/processed: as many companies operate globally and may collect data in one country and process in another.
Registered address of the organisation.
Date the policy was last updated.
The sign up process: describe the registration process.
The panel database: describe information that will be stored in a research participant database, for panel management, control and sample selection and the process for updating it, deleting it or deleting all personal identifiers.
Frequency of contact: give an indication of what participation involves e.g. how often, for how long.
Password identity system: if it is used, describe how it works and the security it offers.
Opt in and opt out policies for communications other than surveys, such as panel maintenance or reward schemes. State what communications will be sent, which are optional and clarify any potential communications on behalf of third parties.
Reward: explain any reward scheme and if this forms the basis for a contract.
Source of information: clear statement of where the e-mail address came from or that this will be included in the information given in the survey itself. A statement that the list provider has verified to the researcher that the individuals listed have a reasonable expectation that they will receive e-mail contact.
Spamming: will not knowingly send e-mail to people who have not consented to helping in research and must include a mechanism for the researcher to remove their name from future surveys or notify the provider of the e-mail list.
Password identity system: if it is used describe how it works and the security it offers.
Stop and start interview process: if this is possible explain how, and any information stored to allow it.
Explain intercept technique: e.g. random selection.
Password identity system: if it is used, describe how it works and the security it offers.
Stop and start interview process: if this is possible, explain how, and any information stored to allow it.
Invisible processing: describe any invisible processing used to make the intercept or re-direct respondents to the survey.
Children and young people
Researchers must be sensitive to concerns of parents, consumer groups and legislators about the potential exploitation of children and young people on the internet. All reasonable measures must be taken to ensure verifiable and explicit permission is obtained from a parent or legal guardian to invite a child to participate in a research survey although it is recognised that the identification of children and young people is not possible with certainty on the internet at this time.
Researchers must observe all relevant laws and national codes specifically relating to children and young people noting that the age definition for children varies from country to country. Read more
Where there is no specific national definition, the ESOMAR Guideline on Interviewing Children and Young People recommends those aged under 14 should be treated as “children” and those aged 14-17 as “young people” since market research is founded in the social sciences and recognizes different stages of mental and psychological development.
Before interviewing children, researchers must ensure that permission is obtained from a parent, legal guardian or other person legally responsible for the child (hereafter referred to as ‘parent’).
Questionnaires on websites aimed at children must require a child to give their age before any other personal information is requested. If the age given is below the nationally agreed definition of a child, the child should not be invited to provide further personal information until the appropriate permission has been obtained. This notice must be clear and prominent, include an explanation of the subject and refer to the fact that permission will be verified where relevant. A request to the parent for their permission must be provided on the research provider’s website or e-mailed to a parent.
Where personal information collected from children will only be used for research purposes and no personal data will be passed on for any other purpose, permission can be a return e-mail from the parent or other suitable method that is in compliance with the relevant laws and national codes.
Reasonable steps must be taken to validate that they actually have agreed by following up with an e-mail, letter or phone call for example, having asked the child to provide their parent’s contact details so that their permission can be sought.
Prior parental permission is not required to:
In ensuring that all reasonable precautions are taken to ensure respondents are not adversely affected as a result of participating in a research project, asking children and young people questions on topics generally regarded as sensitive must be avoided wherever possible and in any case handled with extreme care.
Personal information relating to other people (for example, parents) must not be collected from children.
Where researchers are setting out to recruit children for repeated surveys they should consider:
Where necessary, researchers should consult their national research association or the ESOMAR Guideline for advice.