D5.1.8 Final Ethics Review Report v1.0

This deliverable carries out an Ethics Review Report of the Open Access experiments in the
EXPERIMEDIA project. This deliverable provides an explanation of how legal and ethical
issues were approached during the Open Access phase of the project. It contains a summary
of the ethical and legal issues identified in the Open Access experiments. The deliverable also
includes an Appendix section listing the relevant material that provided guidance to the Open
Access experimenters in EXPERIMEDIA (e.g. the Ethical Guidelines for undertaking ICT
research in FP7 projects).
D5.1.8
Final Ethics Review Report
2014-09-30

Aleksandra Kuczerawy (ICRI - KU Leuven)
Pieter-Jan Ombelet (ICRI KU Leuven)
Prof. Peggy Valcke (ICRI - KU Leuven)

www.experimedia.eu
EXPERIMEDIA Dissemination level: PU

Copyright and other members of the EXPERIMEDIA consortium 2014 2

Project acronym EXPERIMEDIA
Full title Experiments in live social and networked media experiences
Grant agreement number 287966
Funding scheme Large-scale Integrating Project (IP)
Work programme topic Objective ICT-2011.1.6 Future Internet Research and Experimentation
(FIRE)
Project start date 2011-10-01
Project duration 36 months
Activity 5 Legal, sustainability and promotion
Workpackage 5.1 Legal, ethical and regulatory framework
Deliverable lead organisation KU Leuven
Authors Aleksandra Kuczerawy (KU Leuven)
Pieter-Jan Ombelet (KU Leuven)
Peggy Valcke (KU Leuven)
Reviewers Stephen C Phillips (IT Innov)
Version 1.0
Status Final
Dissemination level PU
Due date PM36 (2014-09-30)
Delivery date 2014-10-01



Table of Contents
1. Executive Summary ............................................................................................................................ 4
2. Introduction ........................................................................................................................................ 5
3. Legal and Ethical Issues in the Open Access Experiments ......................................................... 6
4. Open Access Experiments ................................................................................................................ 7
4.1. The Augmented Reality Table Tennis.................................................................................... 7
4.2. Student Competition Games ................................................................................................... 8
4.3. Beacon ........................................................................................................................................ 9
5. Conclusion ......................................................................................................................................... 11
Appendix A. Ethical Guidelines for undertaking ICT research in FP7 ...................................... 12
Appendix B. Legal requirements for privacy and data protection ............................................... 13
Appendix C. Checklist for the Experimenters ................................................................................ 16



1. Executive Summary
The presented deliverable provides a report of an ethical review of the Open Access
experiments, which was conducted by the legal partner in the project KU Leuven. The
deliverable explains, first, how legal and ethical issues are approached in the exploitation phase of
the EXPERIMEDIA project. It also provides a brief summary of the ethical and legal issues
identified in the Open Access experiments. The presented experiments include The Augmented
Reality Table Tennis, Beacon and Student Competition Games. These experiments were
developed by CAR, FHW, and Interactive Institute (respectively). Finally, the deliverable
includes an Appendix section listing the relevant material that provided guidance to the Open
Access experimenters in EXPERIMEDIA (e.g. the Ethical Checklist for the Experimenters).


2. Introduction
EXPERIMEDIA conducts research with human participants and is, in particular, interested in
human behaviour and experience with Future Internet technologies to understand how to
provide meaningful collective experiences to individuals and society.
Given that participants in social and networked media research should have confidence in the
experiments, good research is only possible if there is mutual respect and confidence between
experimenters and participants. Some areas of human experience and behaviour, however, may
be beyond the reach of experiments, observations or other forms of investigation. They may,
moreover, raise ethical considerations, which is the reason why EXPERIMEDIA provides an
ethics management process.
Such ethics management process is achieved through a cooperation of all the technical partners
of the EXPERIMEDIA project, with the legal partner KU Leuven and under the guidance of
the Data Protection Board.
The presented deliverable is a final ethics review report in the EXPERIMEDIA project. Its goal
is to address the situation of experiments developed for the exploitation phase of the project
(Open Access experiments). To fully tackle the issue, the next chapter explains the approach of
EXPERIMEDIA to the Open Access experiments.


3. Legal and Ethical Issues in the Open Access Experiments
The Open Access experiments are not a part of the research phase of EXPERIMEDIA.
Nevertheless, they provide a great possibility to test the functioning of the EXPERIMEDIA
Platform. The three Open Access experiments addressed specifically in this deliverable were
created or supervised by the core EXPERIMEDIA partners: CAR, FHW, and Interactive
Institute as test cases for the platform. This factor allowed for the review of the experiments. In
the future, however, Open Access experiments will be created by any external experimenter who
wishes to use the components developed in EXPERIMEDIA. Being outside of the project
framework, such future experiments do not fall under the EXPERIMEDIA ethical oversight
process. This is because none of the EXPERIMEDIA partners will have any control over the
details of an experiment. Creators of such experiments must, hence, assume their responsibility
for legal and ethical compliance. The future experimenters can, of course, rely on the guidelines
and rules used by or developed during the project. Documents such as Legal Requirements for
Privacy and Data Protection, as well as Ethical Checklist for the Experimenters will be made
available to the Open Access experimenters on the EXPERIMEDIA Platform. Providing these
materials to the experimenters is meant to facilitate their compliance with their national rules and
regulations. However, they do not constitute any form of advice or attestation. Experimenters
are informed about this separation of roles and responsibilities through the EXPERIMEDIA
Platform Terms and Conditions.
1

1
See Annex to Deliverable D5.2.8, Final sustainability and exploitation plan.


4. Open Access Experiments
4.1. The Augmented Reality Table Tennis
Key information on the experiment:
The Augmented Reality Table Tennis Project was conducted by CAR & Interactive Institute, at
CAR, Sant Cugat, Spain.
The project provides an automatic notation analysis system for table tennis based on the capture
of the bouncing of the ball on the table through sound or vibration. The data obtained from the
bouncing location and time is shown projected on the same table and/or a second screen.
Statistics, game zones, accuracy, flight time or winning points, can be shown in real-time or after
the game to analyse what happened. All the team can be involved in the discussionathletes,
coaches and technical and scientific staffto help the process to be more efficient.
The way the data can be analysed will change forever the point of view of discussing the game of
table tennis. This first pilot opens new opportunities to share this information with TV in the
case of live events or through colleagues and the team using images and data.
The focus groups results were the definition of three basic scenarios where the technology could
be applied. It was decided to use both the table and the computer screen to display the data, and
to avoid using the table to show the menu, since the interaction of the one of the demo was too
slow and error-prone.
1. Target training: the scenario foresees the presence of two players (or one player and one
assistant) where the trainee has to practice a particular kind of stroke returning the ball in
a specific area for a certain amount of times. The area, the number of times and the
repetitions of the exercise are set by the assistant. At the end of each repetition,
information about the practice is shown on the table and on the screen. The stakeholder
required to display a percentage of success, coded with a specific colour. The motivation
behind this scenario is to quantify the precision of the player.
2. Service training: the scenario foresees the presence of one player, practicing the service.
The system should display the hits on the table with a relative ID to show the order and
the time differences between the bounces on the screen. The trainer should set the
number of services to be practiced. The scenario has the goals of representing exactly
where the ball is bouncing (difficult to be seen from the player perspective) and shorten
the time between the first two bounces. The coach wants also to use it to experiment a
hypothesis that he elaborated about associating different time differences according the
kind of spin applied.
3. Point pattern: the players play a rally (one point) and the system should show who wins
it, and using lines and circles it should represent the situation of the point just played. It
had been agreed to use a gradient scale to colour the lines to code the time of the hits
(from cold colours for older hits till warm colours for the recent ones). The goal of the
scenario is to try to represent the gameplay of the players and make post-game analysis.


Participation of minors: Most of the athletes at CAR are minors. Their consent, as well as consent of
their parents, to train in CAR, to have their data (also sensitive data) processed and to participate
in specific EXPERIMEDIA experiments is handled by CAR and its legal department as part of
its ordinary operation protocol.
Data collection: Real identity of the participants, as well as email addresses, need to be revealed to
provide meaningful feedback to the athletes and coaches. Other personal data processed in this
experiment include athletes performance parameters such as spin, strength, speed, and
telemetry.
Data storage: Data is stored at CAR. After the end of the experiment it is kept by CAR as it might
be relevant for coaches to consult this data in future to continue improving the training and the
performance of the athletes. This data storage is reflected in the CAR consent form.
Other purposes than scientific research: If such need occurs, it should be mentioned in the consent
form. This would include dissemination, and valorisation purposes; as well as possible further
processing by other controllers from within the consortium. If such further research is required,
use of personal data from the experiments should be avoided.
Exclusivity: the experiment is aimed at a very special group professional athletes. The
experiment, at the current stage, is not aimed at recreational sport performance.
Formal requirements:
Data controller: CAR;
Consent form for the athletes with all the relevant information;
Specification of the purpose, if broader than just scientific research, should cover as well
dissemination, valorisation but possibly also further research on FMI requirements;
Point of contact on the site is communicated to the participants in case of questions/
concerns/ objections;
Points of contact at the later stage should be indicated in the information provided
(CAR);
Language of the communication: English and Spanish.
4.2. Student Competition Games
The student competition games take place in Schladming resort, Austria.
The student competition games were created by two teams who created one game each. In
Schladming they perform several technical and play tests with these games using each other as
participants. No external participants are taking part. The two games are "Schladming
GeoExplorer" and "Light Miners".


Schladming GeoExplorer is a geolocation game where a user can either add locations, by
taking a geo-tagged picture and upload to the game server, or explore locations, in which they
try to find the locations where other pictures were taken.
In Light Miners, three interactive lanterns were built and placed around Schladming. Two
teams try to find lanterns and tag them with their team, which makes them change colour to the
team colour. Points are received for the time a lantern has a teams colours.
Both games are implemented on Android phones. These phones record GPS data and WiFi
signal strength during the experiments, which is uploaded to the game server. The logging is
actively turned on and off by the participants themselves.
No data from any Social Networks is obtained.
Data collection: Real identity of the participating students is known, location data of the participant
(only when logging is turned on) is collected during the game. No other data from the phone is
accessed.
Other purposes than scientific research: Students are informed if their data is used for other purposes
within the framework of EXPERIMEDIA. Other purposes could include dissemination, and
valorisation purposes; as well as possible further processing by other controllers from within the
consortium. If such further research is required, use of personal data from the experiments
should be avoided.
Exclusivity: Experiment is aimed only at students voluntarily participating in the competition.
There are no external participants.
Data controller: Interactive;
Students consent to participate in the competition and in the games which they design
themselves. They are informed of what data is collected, and for what purposes;
The logging of data (location and other) is actively controlled by the participating
students;
Students are informed if any of their data will be used for dissemination, valorisation or
further research on FMI requirements;
Point of contact (Interactive) is known to the participating students;
Language of the communication: English and Swedish.
4.3. Beacon
The Beacon experiment takes place in FHW, Athens, Greece.
The aim of the Beacon experiment is to develop a proximity triggered enhanced reality platform
for next generation venues, using the iBeacons technology a new class of low-powered, low-
cost transmitters that can notify nearby smart devices of their presence. In the experiment the


application developed will be working on android devices (tablets and smart phones with
Android 4.3 l) and not IOS, but the general ambition is to develop a cross-platform application
as the Bluetooth 4.0 protocol will be used in all the smart devices in the coming years.
iBeacon uses Bluetooth low energy proximity sensing to transmit a universally unique
identifier picked up by the compatible application that the user has already uploaded. The
identifier can then be looked up over the internet to determine the device's physical location and
help with the navigation of the venue or the current exhibition and decide that the visitor is in
front of a specific exhibit and trigger an action on the device which in this experiment case will
be a check-in on social media, resulting on receiving more information on the specific exhibit in
the form of multimedia content. The user then can decide to like/comment/share the
information on her/his own social media page.
Users are participating on the basis of their consent. Names are collected solely for
organizational purposes (return of the devices). No other personal data (pictures, content from
the social media) is collected by the experimenter. After the end of the experiment re-log in to
the social media account from the devised is not possible.
Participation of minors: Minors are not participating in the experiment.
Data collection: Participants name is collected solely for organizational purposes. The main goal is
to make sure that the devices given to the users for the experiment are returned. This data will
not be required for other purposes. The consent form, signed by the participants, can be
returned to them after they have returned the device.
Data storage: The collected personal data will be deleted after the game has finished by our
technicians.
Data controller: FHW;
Notification to all the participants should include all the relevant information (purpose,
responsible entity, contact point, etc.);
Consent form for the participants with all the relevant information;
Clear policy on participation of minors;
Point of contact on the site should be communicated to the participants in case of
questions/ concerns/ objections;
Points of contact at the later stage should be indicated in the information provided
(FHW);
Language of the communication: English and Greek.



5. Conclusion
In EXPERIMEDIA, legal and ethical oversight was an important part of the project.
Throughout the project lifetime the legal partner KU Leuven, together with the Data Protection
Board (DPB) and the Ethical Advisory Board (EAB), were providing assistance and monitoring
the experiments. Their role was to ensure that the experiments developed in the framework of
EXPERIMEDIA were conducted in accordance to the applicable laws and ethical standards as
well as with respect to the participating volunteers. In order to achieve these goals a close
cooperation between all the project partners was required.
During the project lifetime KU Leuven, the EAB and DPB expressed several concerns about
possible ethical and data protection issues related to the experiments. They included, for
example, social inclusion, participation of children, as well as unaware individuals,
indispensability of personal data processing to conduct experiments, specification of the purpose
of the processing of personal data (if involved), informing the users about the relevant aspects of
the experiment and obtaining their consent in an informed and unambiguous way. These
concerns were taken into account in the further stage of the project. It led to the creation of
guidance material for the experimenters such as, for example, the Ethical Checklist (Appendix
C).
The Open Access experiments reviewed in this deliverable were created by the core partners of
the Consortium: CAR, FHW, and the Interactive Institute. These partners are very familiar with
legal and ethical issues present in FMI experiments. The issues described in the presented
deliverable are, in fact, homogeneous with those observed in the previous EXPERIMEDIA
experiments conducted in the same venues (CAR, FHW and Schladming).
In the exploitation phase of EXPERIMEDIA no formal ethical oversight is foreseen. This is
because the EXPERIMEDIA Platform will have no control of or influence over the details of
the future experiments. Providers of the technical components for the EXPERIMEDIA
Platform will be merely processing data on behalf of the experimenters. For this reason the
future experimenters must assume their responsibility for compliance with the applicable
national laws and regulations, as well as ethical standards. EXPERIMEDIA Platform is,
however, willing to share the experience gathered in this project. This will be achieved by sharing
the help materials created during the project, such as the Ethical Checklist or the Legal
Requirements for Privacy and Data Protection. Providing these materials to the candidates for
experimenters will facilitate their compliance process by allowing them to prepare their
experiments better (e.g. by implementing certain principles from the start). This role division
between the providers of the EXPERIMEDIA Platform components and the following
obligations are described in details in the Platform Terms and Conditions.



Appendix A. Ethical Guidelines for undertaking ICT
research in FP7
The present guidelines are derived from the Ethical Guidelines for undertaking ICT research in
FP7.
2

1) Are the researchers taking a responsible approach? As the Ethical Guidelines point out
in Paragraph 2.1, researchers need to be aware of the principles of the Charter of
Fundamental Rights of the European Union
3
and especially the principles of dignity,
freedom, equality, solidarity, citizens rights and justice.
2) Are issues of individuals privacy and autonomy taken care of? The Ethical Guidelines
are clear that ICT research must comply with Article 8 of the European Human Rights
Convention
4
. To be able to done so researchers need to:
a) Identify sensitive implications of their proposals for privacy and autonomy;
b) Carry out a prior assessment of risks to privacy and autonomy the research may
expose individuals to;
c) Identify potential actions proportionate to the risk/harm;
d) Recognise that volunteers have a right to remain anonymous;
e) Comply where applicable with national Data Protection legislation;
f) Ask for informed consent from volunteers after informing the volunteers of the
purpose, procedures and outcomes of the research and advising them of the
possibility to withdraw/or modify participation;
g) Identify whether the volunteers are in situations where they are more vulnerable than
in normal situations;
h) Ensure that research outcomes are reported in a way that does not contravene the
right to privacy and data protection;
i) Evaluate the implications (for personal privacy) of the intended use of the research
outcomes.
3) Are there particularly sensitive areas that need further consideration? Paragraph 3.1 of
the Ethical Guidelines identifies particular ICT applications that require specific
guidance. These include: ICT implants and wearable computing; eHealth and genetics;
and ICT and Bio/Nano-electronics.

2
Ethical Guidelines for undertaking ICT research in FP7, ftp://ftp.cordis.europa.eu/pub/fp7/docs/guidelines-
annex5ict.pdf.
3
European Union (2000). Charter of Fundamental Rights of the European Union. OJ (2000) C 364/1.
4
Council of Europe (1950). Convention for the Protection of Human Rights and Fundamental Freedoms, CETS
No. 005, 04 November 1950.


Appendix B. Legal requirements for privacy and data
protection
Basic data protection requirements:
Actors identified as data controllers must be aware of the precise definitions of national
data protection legislation applicable to the processing under their control. Collaboration
with the competent national Data Protection Authority will ensure a correct
understanding of the specific national implementation of the definitions of the applicable
notions.
The data subjects free, informed, specific and unambiguous consent must be obtained
for legitimate processing of personal data. While such consent is only one of the possible
justification grounds for legitimate personal data processing, it will in most cases be the
only viable justification ground for personal data processing with relation to the
EXPERIMEDIA experiments. (Further on consent, see infra).
Fair and lawful processing of personal data must demonstrate legality or transparency.
The purposes of the processing of personal data must be clearly indicated in advance.
The processing of personal data may only include relevant and non-excessive data, in
relation to the specified purposes. Data must be collected for a specified, explicit and
legitimate purpose and may not be further processed in a way incompatible with those
purposes. Duration of data storage must be limited and stored data must be destructed
once the purpose for which that data was collected has been attained.
Data minimization can also be achieved by employing methods for anonymisation or
pseudonymisation of personal data. Here, data unlinkability should be kept in mind as
linkability could lead to the identification of a particular data subject.
The data controller must ensure sufficient information to the data subject.
The data controller must ensure that the data subject can fully enforce his right of access,
his right to correction and his right to object.
The data controller must ensure confidentiality and security of the processing of personal
data under his control.
Due notification must be made to the competent national Data Protection Authority (or
Authorities), in compliance with national legislation.
Data transfers to third States must comply with applicable legislation.
Consent requirements:
Carefully drafted privacy policies and consent forms must ensure compliance to the
requirement of consent and the right to information. Note that such privacy policies and
consent forms must be compliant with national data protection legislation. For instance,
certain jurisdictions require written consent, while others allow for implicit consent in
many cases.
User-friendliness should be the focal point in obtaining the data subjects consent. While
unintelligible texts may lead to the data subject not reading a privacy policy or consent


form, elaborate procedures to grant consent may result in the data subject refraining
from using such service, thus damaging the business of the data controller. A balance
between the interests of both parties should therefore be struck.
When dealing with minors, elderly and/or persons with a mental illness, the data
controller is advised to seek consent from both the data subject and its statutory or legal
guardians. The general legal capacity of the data subject determines its capacity to
consent.
Informed consent must be given freely. In order to determine whether the data subjects
consent was given freely, one must analyse the external pressure exercised on his
decision. Positive persuasion cannot invalidate his freely given consent, while negative
coercion will invalidate his consent as it could not have been given freely.
Consent should be limited in time and should be renewed for continuously on-going
processing of personal data. Consent should also be revocable.
Confidentiality and security:
In the processing of personal data, the data controller must restrict access to this
personal data to the persons that need such access for the processing they perform under
his authority. Such access need to comply with the proportionality principle, meaning
that no user may be awarded access to more data than strictly required for his processing
tasks.
In order to achieve proportional access control, the data controller must provide for
differentiated access levels for different user groups in order to ensure proportionality.
This must be combined with an access procedure that includes registration,
identification, authentication and authorization.
In the processing of personal data, the data controller must adopt appropriate and state
of the art technical and organizational measures to ensure data security. Also the
processor must be bound to such security policy.
Such security policy should include, inter alia, actions to be taken in case of data breach,
the use of cryptography to protect data and audit trails to log and trace data access and
use. These security policies should also take into account user-friendliness and should
require minimal user effort. When using audit trails, the data controller must define the
purposes and scope of this logging and make transparent who can access these logs as
audit trails constitute personal data processing.
While previous requirements only apply in the context of the processing of personal data,
adherence thereto in other cases of security and access management is strongly
recommended as they provide valuable minimal requirements.
Regardless of the technology used, the data subject should be made fully aware of the
presence of the technology and of its activities and of the possibility for deactivation.
As geolocation data must be viewed as personal data, the processing thereof must
comply with the principles of the Data Protection Directive and its national
implementations.


Prior informed consent must be obtained for the processing of geolocation data, as this
will mostly be the only viable justification ground for the processing of this data. This
consent must be revocable and must be regularly renewed.
Geolocation services should be switched off by default. The user should be made aware
of active geolocation services. The user should also be given the option to choose the
granularity of his consent. The user should also be given the option to opt-out from
databases containing Wi-Fi access points.


Appendix C. Checklist for the Experimenters
Checklist for general ethical issues:
It must be specified what the key values are behind the service/application;
It must be specified what the conditions are for participating;
It must be specified where the data will be located;
It must be specified what the content is of the processing of data;
It must be specified what the purpose is of the processing of the data;
It must be specified what the data lifetime is;
It must also be specified how the informed consent is obtained;
It must be specified whether the consent must be written or not, whether a pop-up
screen type is considered to be good enough;
It must be specified who the participants of the experiments are.
Checklist for location data issues:
It must be specified whether or not it is necessary to store the personal data;
It must be specified when the data should be stored;
It must be specified whether the user have any choice;
It must be specified if the consent can be withdrawn;
It must be specified whether or not the data will be erased;
It must be specified whether it is possible for the user to opt-out for one day, or it must
be stated that such an opt-out is a permanent yes or no choice. In the former case, it
must be reviewed how long you can keep the information when the server is switched
off;
It must be specified whether a user can use a pseudonym which changes every day;
It must be specified who has access to the data, whether if it is only the administrators or
also other persons, e.g. the stalkers-case;
It must be specified if there is an admin log for every data file. It must also be specified
who can change these log files, who can access them and who can delete them;
It must be specified for how long the log data are stored;
It must be specified if the administrator can manipulate them.
Checklist for profiling issues:
It must be specified whether if it is possible to connect the data from different locations;
It must be specified what about the use of the data for profiling: is location data used to
reach other inferences: e.g. is the person rich? Does he live nearby?
It must be specified if the processing of the data is only for improvement of content or
also for tracking characteristics/traits of persons;
It must be specified if the service needs to know the real identity of the users or can they
use nicknames;


It must be specified to which other data sets the feedback of the users will be linked to.
This consideration was made since the linking of the users feedback on different
information feeds can be useful to learn whether it is always the same user.
It is necessary to log who accessed the ECC. It must be clear who can access what data,
alter that data or delete it.
Checklist for tracking issues:
It must be specified whether the user will be followed between two usages of the service
or not. This question is asked since in case of tracking stricter requirements will apply. It
must therefore be carefully reconsidered whether such tracking is really necessary;
Location should only be stored when the user asks for information about a location
not otherwise, e.g. not while being on the move in between the locations about which
information is asked.
Checklist for consent issues:
If consent is given for participating in the experiment with a mobile application, it must
be specified what happens when the mobile phone is given to someone else;
It must be specified whether the user must be reminded of his given consent every day.
WP29 recommends to remind the user about it once every month (but this has to be
checked with the Austrian, Spanish and Greek law);
The practical implementation of giving consent: it is not necessary to have the real name
of the user since the email address can be used to offer a user channel to exercise the
users rights;
Potentially there can be two user groups: a group with and one group without an
account. Inform user during app installation about the informed consent. It is important
to list the assumptions/limitations of risks of the project.
Checklist for anonymisation issues:
Some data cannot (automatically) be anonymised (e.g. textual feedback which refers to
names, photos and videos where applicable);
It must be specified where the data will be kept, whether it is in one territorial location or
more. In this matter it must also be reviewed if there is a cross-border exchange.

D5.1.8 Final Ethics Review Report v1.0

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

D5.1.8 Final Ethics Review Report v1.0

Transféré par

Droits d'auteur :

Formats disponibles

This deliverable carries out an Ethics Review Report of the Open Access experiments in the

Vous aimerez peut-être aussi