Back to Forum Back to Top


Online (In App) Consent

research ethics informed consent Mobile Apps

Back to Forum

Browsing: Online (In App) Consent



Are there any best practices regarding online (in app) consent?

Jacob Metcalf

Posts: 1

What is the domain? Biomedical, psych, social media? I'm not sure I will have an answer either way, but that makes a difference.

Rubi Linares-Orozco

Posts: 34

Depending on the consent, and for what purpose, will determine the right answer.

I will assume you are asking about "online consent" in a human research setting. "Online consent" still affords the same requirement of informed consent (as applicable). Review OHRP informed consent requirements for human research -

Depending on the details of your research study will determine other factors for consideration. For example consent being obtained in a mobile app setting/web setting; here some considerations:
1. How will participants data will be secured- requires resercher to be familiar with the software application being used, the types of information being collected (IP address, email address, other identifiers), the options the software provides regarding what information to collect, the ways in which information will be stored, and how any identifying information will be de-linked from data, etc.
2. Does the software have third party sharing, and what does that sharing entail in terms of maintaining subject confidentiality.
3. Researcher will need to be aware of how and where data is stored and maintained- physical location of server (different countries, different privacy laws).
4. Researcher will need to know how the data, once retrieved from the software provider (app) will be maintained (i.e. – on password protected computers, on password protected cloud storage [What are the Terms Of Service for cloud storage company], etc).
5. Upon completion of the research study, how will the data be deleted or removed from the application?

If you are using a commerical application, please make sure you carefully review the privacy agreement, and ensure that the confidentiality you are promising participants is consistent with the platform you are trying to utilize. If you haven't already engaged your IRB, Privacy, or Risk Management at your institution, I would recommend you do so sooner than later.

This information is necessary for the IRB to assess the level of security and subsequent risk to participants data being divulged. Information regarding data security would need to be included in the protocol submission and in the consent form.