Privacy and data protection are often used as interchangeable terms and, indeed, there is no absolute consensus in relation to these concepts. At a basic level, privacy can refer to the appropriate use of data relating to an individual in each specific context and, at times, in relation to an expectation of privacy. The term "data protection" is used extensively throughout EU legislation and relates to the management of data in, for example, a CIS. The EU’s updated data protection framework has included more privacy-enhancing measures such as the right to delete, that provide end users with enhanced control over the use of their data. All of these concepts and complex privacy practices need to be embedded into CIS design.

  • Render identifiable information about research participants confidential
  • Protect collected data from unauthorised access and store participant data securely
  • Be aware of the difference implications between the law, algorithms that manage the law, and persons that interpret the law.
  • State clearly the intentions for what privacy provides and to what effect.
  • Include systems that enable end users with identifiable personal information in the CIS to assert their rights over this information.


Büscher, M., Perng, S.-Y., & Liegl, M. (2015). Privacy, Security, Liberty: ICT in Crises. International Journal of Information Systems for Crisis Response and Management (IJISCRAM).
Dratwa, J. (Ed.). (2014). Ethics of Security and Surveillance Technologies (Opinion no, pp. 1–165). Brussels: European Group on Ethics in Science and New Technologies to the European Commission.
Satori (2016) Ethics assessment for research and innovation - Annex B. CWA SATORI-1:2016
Weitzner, D. J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., & Sussman, G. J. (2008). Information accountability. Communications of the ACM, 51(6), 82–87. [Link

Related Guidance

Privacy and Personal Data Protection of subjects

Security in CIS

Transparency of Data Processing


Ensuring the Rights of Data Subjects