Before you do any research, you need to get evidence that the person you are learning from has understood your research, the potential consequences for them and that they have given you their permission to take part. This applies to people both outside and inside your organisation.
In this article we will explore consent meaning in more detail and break it down to the specific legal requirements.
According to the Government Digital Service (GDS) in the UK, by getting informed consent, you’ll help make sure that:
- participants understand what they’re signing up to, making your sessions more effective
- your research is ethical
- you comply with data protection law
Informed consent definition
Informed consent isn’t just an ethical thing, it’s also a legal requirement when processing someone’s personal data and is binding as a document. So how do the different countries define what is required legally?
According to the European Commission; When consent is required to process personal data, for that consent to be valid the following conditions must be met:
- it must be freely given;
- it must be informed;
- it must be given for a specific purpose;
- all the reasons for the processing must be clearly stated;
- it is explicit and given via a positive act (for example an electronic tick-box that the individual has to explicitly check online or a signature on a form);
- it uses clear and plain language and is clearly visible;
- it is possible to withdraw consent and that fact is explained (for example an unsubscribe link at the end of an electronic newsletter email).
There are some terms that need defining here.
If the individual is able to refuse or withdraw without being at a disadvantage, then the consent is freely given. For example, if you advertised an incentive to take part in your research and then told applicants on the day that they wouldn’t receive it if they didn’t take part; you could argue that their consent was not freely given.
So, what does informed mean? As per Article 7 of the GDPR; For consent to be informed, the individual must receive at least the following information:
- the identity of the organisation processing data;
- the purposes for which the data is being processed;
- the type of data that will be processed;
- the possibility to withdraw the given consent (for example, an unsubscribe link at the end of an email)
- where applicable the fact that the data will be used for solely automated-based decision-making, including profiling;
- if the consent is related to an international transfer, the possible risks of data transfers to third countries which are not subject of a Commission adequacy decision and where there are no appropriate safeguards.
Processing data in the context of design research essentially means any type of synthesis which occurs after the data is collected.
Why ask for it electronically?
In the last few years, the development of “eConsent” has been gaining popularity in medical research. Recently, the NHS Health Research Authority (HRA) and the Medicines and Healthcare Products Regulatory Agency (MHRA) stated that eConsent has a number of potential benefits over traditional approaches, namely:
- improving understanding
- testing and reinforcing participant comprehension
- providing feedback on how consent materials could be improved
- improving patient recruitment process and reducing dropout rates
- enabling process efficiencies
These benefits are all the more significant when moving at the speed in which design research often occurs. The opportunity to enable process efficiencies by removing administrative friction alone make it an attractive proposition. For us here at Consent Kit, the most exciting thing is the role of digital consent in shaping relationships with participants while building trust through transparency and autonomy.
The human requirements of informed consent
If you put yourself in the shoes of the people you’re learning from, being faced with a legal document asking for complicated permissions over several pages will either be a) too daunting and put them off or b) too long to read so they skip through and blindly agree to it. Which hardly feels like you’re informing them.
So, there’s a balance. Whatever you specify has to be legally compliant, but it can also be brief and easy to understand. I particularly like the recommendations outlined by the UK’s Government Digital Service (GDS) around informed consent.
In addition to what is required under GDPR, the GDS recommends also including the following information:
- what will happen during the research
- how you will use the results of the research, and who you’ll share them with
- how long their data will be kept
These additions feel like they reassure the user, not only about what will happen on the day (they probably won’t know what “user research” is and might be nervous about it) but also what will happen beyond the session to what they have contributed.
One of the benefits of Consent Kit is that we send a reminder to you as the researcher to delete the data within the agreed time period - but also give you the option to send a notification to the participant telling them exactly what and when you deleted it.
We’ve found that this small gesture of closure towards participants at the end of your project is appreciated - contributing towards greater trust with your brand or organisation over time.
There are lots of different variables which govern how you might write a consent document. Beyond the context of the specific project you’re working on, the tone of voice and issues presented by internal processes for you or your client will affect how you word it specifically.
Hopefully this has been useful in giving you some confidence around what is and isn’t good practice or legally compliant when asking participants.
Sign up to our Early Access program to use our consent document templates and find out more about Consent Kit and how you can take advantage of the benefits of managing your consent process electronically.