GDPR large

I spent an afternoon with fellow anthropologists at SOAS University of London on 9th May to discuss what it might mean for us as a discipline, and for our research practice. Is anthropology in danger of being legislated out of existence?  

Anthropologists (and other ethnographically inclined researchers) have long been finding their way through forests of conflicting demands in terms of policies and guidelines at different institutional levels that often contradict each other. Institutions, researchers and informants form a triangle of demands and interests that need to be balanced. The codes used to guide us are designed for data protection, marketing and social media – not anthropology. The GDPR will force us to rethink how we go about our research.

The new EU-wide data protection regulation will replace the current UK Data Protection Act (1998) when it comes into force in the UK on the 25th May 2018.

The stated aims of the GDPR are:

  • To enable data subjects to have greater control over their personal data whilst also modernising and unifying European data protection rules.
  • To strengthen and enhance previous rights that data subjects hold under the Data Protection Act.
  • Data controllers (often the University) and processors will be required to provide clarity and transparency to data subjects about how and why their personal data is being processed.

The GDPR permits EU member states to make specific domestic provisions for particular aspects of the GDPR. The UK Government is seeking to achieve this through the Data Protection Bill, which is currently progressing through Parliament. The GDPR applies to all data or all researchers from and within the EU (there is no information as to how Brexit will affect this).

The specifics of the GDPR have not yet been formalised and the UK Data Archive has not yet released guidance, although it is apparently working on it. However, the UK Data Service does provide useful principles relating to the processing of personal data and how this will shape our research practice. These include:

  • Processing is lawful, fair and transparent
  • The participant is informed of what will be done with the data and data processing should be done accordingly
  • Keep to the original purpose
  • Data should be collected for specified, explicitly and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • Minimise data size
  • Don’t collect information you don’t need

At the moment, some of the main aspects of the GDPR that we need to consider are:

  • Who will receive or have access to the personal data (including information on any safeguards if the personal data is to be transferred outside the EU)?
  • The period of retention for holding the data and the criteria used to determine this
  • The right of the participant to request access to their personal data and the correction (rectification) or removal (erasure) of such personal data
  • A reminder that the participants have the right to lodge a complaint with the Supervisory Authority

From the discussion at SOAS, it emerged that the use of consent forms is going to be key in our compliance with the GDPR. We will need to have ‘granular’ consent, which will, for example, detail exactly what people are giving consent for such as videos, photos and interviews. If the purpose of our research changes we also need to renegotiate consent with our informants. Consent needs to be broken down into 3 stages:

  1. Taking part
  2. Use of information
  3. Future use and reuse of the information by others (this is particularly important for the data sharing and archiving regulations if funded by a research council)

As well as ethical committees, research management and governance, legal frameworks, and organisational guidelines, what remains central to me is our own moral reflexive research practice. This does not seem to be given much weight in the current discussions and it is here that I think three main contradictions and conflicts emerge between anthropological practice and the GDPR.

First, these new guidelines may turn fieldwork into something that we weren’t trained to do - share. We are used to thinking that field notes are our own. We may have to get used to writing field notes (or some kind of record of our fieldwork) that can be archived for others to read and use. 

The difficulties in doing this are manifold. Writing field notes for someone else might change the whole notion of field notes. Field notes take many different forms and may not often reflect the experiential process the field work that has taken place. Field notes often have a dialectical relationship with our memory – can anyone else use them? The process of sharing field notes has the danger of shifting what is fundamentally considered to be anthropological ‘data’.

While it is not entirely clear (yet) whether field notes will have to be shared (this also depends on your data management plan), some form of record of fieldwork will need to be archived for research funded by research councils. Therefore, we need to rethink who we are writing for and what we are writing down. This provokes further reflection on how to orient ourselves as researchers and what we are doing in anthropological research. This would seem to be an ongoing relationship that occurs at many different levels and will affect how we train the next generation of ethnographic researchers.

ASA guidelines state that we must always be anticipating harms to our research participants and we must constantly negotiate consent. For qualitative researchers involved in fieldwork, consent is not a one-off event and therefore the requirement to renegotiate consent if the scope of the project changes should not be novel. However, previously these harms have been all about proportion. For example, we could ask how much harm is there in someone knowing this information. Under the GDPR this is no longer the case.  

Intellectual property rights are also a key concern for anthropologists. If all data needs to be anonymised we may no longer be able to identify and therefore acknowledge the intellectual property of our research participants. Therefore, we are not upholding our ethical requirements to minimise harm. This is a key legal and ethical duty that has not been resolved.

Anonymisation is perhaps the thorniest issue in reconciling the GDPR and the principles that underpin anthropological research. If we anonymize field notes our participants and the descendants of the participants may not be able to identify themselves or their kin. The GDPR also does not address what happens when participants refuse to be anonymised such as activists, collaborators or artists.

There has been a long-standing debate on why or whether anthropologists should anonymise data. A strong argument has been made that it is as much to do with protecting researchers as it is protecting research participants. Anonymisation could be described as an engine of detachment, a cutting of the network that maintains an ethnographic fiction. As Nancy Shepherd-Hughes puts it, ‘anonymisation makes rogues of us all’. In order to assuage some of these fears, we need to fully understand why people are engaging in our research. This may help us to disentangle some of the conflicts between ethics and the legality of conducting field work, but it certainly doesn’t solve them.

There are those who argue that GDPR is an opportunity to give informants and the subjects of our research their power back and therefore we should embrace it. There are others who argue that GDPR will take away rights from informants (to be named and recognised for example). Whatever side of the debate, what is clear is that there is no longer the time to debate the pros and cons. The GDPR is upon us and we must find a new way to negotiate these regulations.   

Useful documents:

*This title was the title of the SOAS workshop and also the title of Ed Simpson’s provocative article: Simpson, E. (2016). Is anthropology legal?, Focaal, 2016(74). Retrieved May 9, 2018, from https://www.berghahnjournals.com/view/journals/focaal/2016/74/focaal740109.xml