Consumer devices, applications and services are becoming increasingly common in human subjects research. I'm interested in how various institutions are navigating the following situation:
A study requires participants use an third-party commercially available product. Data will be collected via this product of interest to the research study. This might be a something like a Fitbit or a downloadable app. It might also be creation of an account on the third party's website.
Some participants will already have downloaded the application and/or created an account. Many more will do so to take part in the study.
There are no access concerns related to cost, resources or technology.
The third-party commercial entity has agreed to provide any data in a secure format. The format meets all confidentiality, security and research needs.
The participant risk of engaging with this third party commercial entity are low. They are no more or no less than a of a general consumer. Informed consent outlines any extra risks presented by the research study.
All good, but ...
Given GDPR, we're finding third party commercial entities are less willing to change privacy policies for specific research efforts.
Have these issues come up? How are you dealing with them? Do you have work arounds?
1) Are you only allowing participants who are current users/customers to take part in studies? How are you compensating for that bias?
2) Have you told participants to engage with the third party commercial entity just before the consent process? IE the participant is aware of the study, but has not officially joined.
3) Have you found consensus in disclosure language that directs participants to engage with third parties as part of the study? When do you present these disclosures?
Are there other approaches that have been successful and replicated across more than one study?
Thanks so much for your input. This is an emerging issue we're seeing frequently now with academic institutions as groups beyond the IRB become involved in reviews of digital health. Without a solution, it may seriously impact some institutions capacity to work with consumer health technology.