The Perils of Parity: Should Citizen Science and Traditional Research Follow the Same Ethical and Privacy Principles?
J. L. Med. & Ethics 48(Supp. 1), 2020 Forthcoming
22 Pages Posted: 10 Jan 2020 Last revised: 18 Mar 2020
Date Written: December 19, 2019
The individual right of access to one’s own data is a crucial privacy protection long recognized in U.S. federal privacy laws. Mobile health devices and research software used in citizen science often fall outside the HIPAA Privacy Rule, leaving participants without HIPAA’s right of access to one’s own data. Absent state laws requiring access, the law of contract, as reflected in end-user agreements and terms of service, governs individuals’ ability to find out how much data is being stored and how it might be shared with third parties. Efforts to address this problem by establishing norms of individual access to data from mobile health research unfortunately can run afoul of the FDA’s investigational device exemption requirements. This article offers a cautionary example on why, in practice, it may be difficult to achieve parity of the ethical and privacy principles that govern citizen science and traditional research. There are alternatives to implementing identical standards for the two environments, and not all of these alternatives would represent unpalatable moral compromises or ethical derogations.
Keywords: Data privacy, individual access rights, HIPAA Privacy Rule, citizen science, FDA research regulations
JEL Classification: I1
Suggested Citation: Suggested Citation