Designing Informed Consent

Published in

Ethics Kit

7 min readNov 6, 2018

Edit: Since writing this article I’ve turned the process described below into a web app which helps designers, researchers and digital teams obtain and manage their informed consent, called Consent Kit. It guides you through this process and makes light work of some of the more admin heavy aspects of doing the right thing.

Informed consent differs from traditional consent in that it moves beyond template forms and a signature. Fundamentally, it lets the participant know who you are, why they’re involved and what you’re going to do with the information they choose to share with you.

This additional transparency is important for a number of reasons beyond GDPR. It gives the particpant a better understanding of their involvement and let’s them make more informed decisions about any potential consequences of what or how much they share with you. Additionally, this transparency goes a long way in establishing trust between the researcher and participant; which ultimately leads to better insights.

The problems with reusing a template

Each project has it’s own unique context. For this reason, the reusable template approach to consent has never really worked for me. Instead, I was left wanting a framework or repeatable system which covered the ethical and legal bases while being sensitive to the individual context of my current project.

Another thing that bothered me about this approach to consent was the timing of the request itself. Turning up on the day, reading from a form and asking them to sign creates a degree of coercion (even more so when an incentive is involved). Some of the information (such as why we wanted to involve the participant in the session) should be shared ahead of time, giving them time and space to think. Other things, such as permission to use the information given was better revisited afterwards; when the participant knew what had been disclosed.

Finally, how we asked for consent also felt problematic. From the seemingly obvious like “is the language used understandable”, or “is it in their native language?” Through to more niche considerations such as “could the consent artifact itself cause harm?” (such as in research concerning domestic abuse where the consent form could be found by their abuser and give an indication that the participant had spoken to someone about them).

With these things in mind, I want to share with you a process I’ve been developing for Ethics Kit in order to address some of these issues. Ethics Kit is a community of designers, researchers, technologists and academics who are working together to close the gaps of ethical practice in contemporary design and development processes.

I’ve broken down the consideration of designing consent into three sections: What to share, When and what to ask and How to ask.

What to share with them

Let’s start with the heavy stuff. According to GDPR, you need to ensure that participants understand the following before they can adequately give their consent:

The controller’s identity: This means you need to identify yourself, and also name any third party controllers who will be relying on the consent. So, for example: If you are an agency and are doing the work for a client, you need to specify your agency and the client.
The purposes of the processing: For example; if you wanted to record the audio from an interview, you need to inform the participant why you need to record it, what you will do with it and for how long you will keep a copy of it. If it’s not confusing to the participant, they should be able to opt-in or out on a granular level where possible (eg: you can take pictures of my hands, but not of my face).
The processing activities: Where realistic, you should provide granular consent options for each separate type of processing, unless those activities are clearly interdependent. This could include transcripts from an interview, or anonymising the recordings and presenting them to the wider team or business at a show and tell.
The right to withdraw consent at any time: you should inform them of their right to withdraw and include details of how to do so. Eg: Email Lead Researcher to withdraw and give their email address.

When and what to ask

Let’s take a look at a potential timeline for a research project and consider it through the lens of a participant.

Firstly, what happens to the information they give you at each stage? Who will see it? Is it public or private? How will it be stored, and how long will you store it for? Knowing all this, what do you need to share with them and when is the best time to do so?

Try to preempt questions the participant might have while considering what is relevant to them at each stage. For example: At the point of deciding whether the participant wants to be involved or not, explaining the why and the intended social impact or objectives of the project could be useful. Additionally, explaining the nature of the research method you plan to use and what you need from them beforehand is also a good thing to do. In this way, participants will have all the information they need to know before deciding if they want to be involved.

Before a session, you might want to ask permission to record audio or video. At this point, questions like “will what I tell you link back to me?” “What will you do with the information I give you?” “How will it be stored?” “For how long?” might arise. You should also inform the participants of their right to withdraw from the project and give them clear instructions on how they could do that.

After a session both the participant and the researcher will know exactly what has been disclosed. This can be a good time to check that the participants are still happy for you to use all of that information. Its also worth considering beyond the session, such as what happens to their information when the project goes live? Is there anything that you might need additional permission from the participant for?

If you want a prompt to help thinking about these considerations, download the cards from Ethics Kit and jump into the Informed Consent section.

Clustering your considerations

After you’ve sketched out a timeline and you’ve got all of your considerations down for each section, look and see where the main clusters of questions or considerations are. Are there enough in one cluster for that section to have it’s own consent checkpoint? What information would you need to disclose to preempt those questions?

Although the level of detail you go into depends on the scope and potential severity of your project, you will need a minimum of two checkpoints: recruitment (accepting an invitation) and before a session. Only you and your team know the context of your project, so decide how many best suit your needs and go with that.

How to ask

One of the cornerstones of consent involves assessing a participants decision making capacity, or DMC. While issues such as drug abuse, or mental illness affect DMC other things such as an inability to understand the language in the terms and conditions for example are often less considered and much more prevalent.

The first and perhaps most obvious question is this: Are we informing and asking the participant for consent in their chosen language? When you’ve answered that simple question; make sure that your consent is in the participants chosen language and is written as plainly and simply as possible. This is always harder than it sounds!

If the participants are visually impaired or have poor literacy skills, you need to verify that your consent is accessible by a screen reader or that an audio version is available instead.

Format

The next consideration is what is the most appropriate format to obtain consent in? Going back to the timeline of the project we made earlier, consider the proximity, environment and circumstances of the participant at each stage. I found that the appropriate format follows consideration of these factors; typically resulting in one of the following at each stage: paper, digital or verbal agreement.

Note: Don’t limit yourself to these three formats if the circumstances of your participants require more creative solutions as a result of the challenges they face.

What is legally admissible?

According to the Information Commissioners Office (ICO) in the UK, evidence of clear affirmative action that is verifiable as belonging to the participant is required for it to be legally admissible under the EU’s GDPR regulations.

In practice this could mean a range of things from opting in on a link to a website (clear affirmative action) sent to their email address (verifiable as belonging to the participant), to a person giving verbal consent (where their voice could be used to identify them). Essentially, you need a clear indication from the participant that they have chosen to give their consent (that they must opt into themselves) and something that verifies them as the individual giving that consent.

Just one more thing…

The level of detail that you decide to go into will greatly depend on the context of the subject you are studying. Also, there is a balancing point where too little or too much information can under or over inform the participant and lead them to being uncomfortable or disengaging.

Use your judgement as to what feels right and take some time to reflect on how people react after you’ve asked for consent — paying particular attention to what questions they ask or any awkward moments that arise. As a very general rule of thumb, If you feel uncomfortable justifying why you need certain information, you probably shouldn’t ask for it.

Informed consent is one of the biggest things I get asked about and I hope this has been helpful in answering any questions you might have had. Let me know in the comments if you try this and have feedback. You can find more tools and a community of like minded designers, researchers, technologists and academics over at Ethicskit.org.