Beyond IRBs: Designing Ethical Review Processes for Big Data




Beyond IRBs: Designing Ethical Review Processes for Big Data Research

In the age of Big Data, innovative uses of information are continuously emerging in a wide variety of contexts. Increasingly, researchers at companies, not-for-profit organizations and academic institutions use individuals’ personal data as raw material for analysis and research. For research on data subject to the Common Rule, institutional review boards (IRBs) provide an essential ethical check on experimentation. Still, even academic researchers lack standards around the collection and use of online data sources, and data held by companies or in non-federally funded organizations is not subject to such procedures. Research standards for data can vary widely as a result. Companies and non-profits have become subject to public criticism and may elect to keep research results confidential to avoid public scrutiny or potential legal liability.

To prevent unethical data research or experimentation, experts have proposed a range of solutions, including the creation of “consumer subject review boards,”[1] formal privacy review boards,[2] private IRBs,[3] and other ethical processes implemented by individual companies.[4] Organizations and researchers are increasingly encouraged to pursue internal or external review mechanisms to vet, approve and monitor data experimentation and research. However, many questions remain concerning the desirable structure of such review bodies as well as the content of ethical frameworks governing data use. In addition, considerable debate lingers around the proper role of consent in data research and analysis, particularly in an online context; and it is unclear how to apply basic principles of fairness to selective populations that are subject to research.

To address these challenges, the Future of Privacy Forum (FPF) is hosting an academic workshop supported by the National Science Foundation, which will discuss ethical, legal, and technical guidance for organizations conducting research on personal information. Authors are invited to submit papers for presentation at a full-day program to take place on December 10, 2015. Successful submissions may address the following issues:

  • What are the key ethical questions surrounding data-driven research and consumer testing? Should analysis of online data be treated differently than subject testing generally? Which issues warrant additional review?
  • What lessons can be learned from existing institutional review boards (IRBs), including both academic panels and standalone private entities? Which features of existing IRB structures are applicable to corporate and non-profit big data research?
  • Which existing government or industry practices offer insights into how researchers can approach ethical questions for Big Data?
  • How should organizations structure an ethical review process? Which substantive requirements and principles should govern it? How should organizations ensure independent review? Could review mechanisms be wholly internal or must external stakeholders or committees be involved?
  • What is the proper scope of review? While IRBs currently focus on human-subject testing, Big Data raises a different set of concerns focusing on subsequent analysis and novel uses of data. Which factors are essential for consideration in an ethical process?
  • What is the proper role of consent in data-driven research environment?

Papers for presentation will be selected by an academic advisory board and published in the online edition of the Washington and Lee Law Review. Four papers will be selected to serve as “firestarters” for the December workshop, awarding each author with a $1000 stipend.

Submissions must be 2,500 to 3,500 words, with minimal footnotes and in a readable style accessible to a wide audience.

Submissions must be made no later than October 25, 2015, at 11:59 PM ET, to [email protected]. Publication decisions and workshop invitations will be sent in November.


[1] Ryan Calo, Consumer Subject Review Boards: A Thought Experiment, 66 Stan. L. Rev. Online 97 (2013).

[2] White House Consumer Privacy Bill of Rights Discussion Draft, Section 103(c) (2015).

[3] Jules Polonetsky, Omer Tene, & Joseph Jerome, Beyond the Common Rule: Ethical Structures for Data Research in Non-Academic Settings, 13 Colo. Tech. L. J. 333 (2015).

[4] Mike Schroepfer, CTO, Research at Facebook (Oct. 2, 2014),