commit: 3d9b0fc3743a7bc82df5220a1288158dc25a0f32
parent 689a53b8f586f1508cfe704e98cb1e9f0d4d1355
Author: Drew DeVault <sir@cmpwn.com>
Date: Fri, 4 Dec 2020 09:23:23 -0500
Analytics and informed consent
Diffstat:
2 files changed, 68 insertions(+), 0 deletions(-)
diff --git a/content/blog/Analytics-and-informed-consent.gmi b/content/blog/Analytics-and-informed-consent.gmi
@@ -0,0 +1,17 @@
+Research conducted on human beings, at least outside of the domain of technology, has to meet a minimum standard of ethical reasoning called informed consent. Details vary, but the general elements of informed consent are:
+
+* Disclosure of the nature and purpose of the research and its implications (risks and benefits) for the participant, and the confidentiality of the collected information.
+* An adequate understanding of these facts on the part of the participant, requiring an accessible explanation in lay terms and an assessment of understanding.
+* The participant must exercise voluntary agreement, without coercion or fear of repercussions (e.g. not being allowed to use your website).
+
+So, I pose the following question: if your analytics script wouldn’t pass muster at your university’s ethics board, then what the hell is it doing on your website? Can we not meet this basic minimum standard of ethical decency and respect for our users?
+
+Opt-out is not informed consent. Manually unticking dozens of third-party trackers from a cookie pop-up is not informed consent. “By continuing to use this website, you agree to…” is not informed consent. “Install uBlock Origin” is not informed consent.
+
+I don’t necessarily believe that ethical user tracking is impossible, but I know for damn sure that most of these “pro-privacy” analytics solutions which have been cropping up in the wake of the GDPR don’t qualify, either.
+
+Our industry’s fundamental failure to respect users, deliberately mining their data without consent and without oversight for profit, is the reason why we’re seeing legal crackdowns in the form of the GDPR and similar legislation. Our comeuppance is well-earned, and I hope that the regulators give it teeth in enforcement. The industry response — denial and looking for ways to weasel out of these ethical obligations — is a strategy on borrowed time. The law is not a computer program, and it is not executed by computers: it is executed by human beings who can see through your horseshit. You’re not going to be able to seek out some narrow path you can walk to skirt the regulations and keep spying on people.
+
+You're going to stop spying on people.
+
+P.S. If you still want the data you might get from analytics without compromising on ethics, here’s an idea: compensate users for their participation in your research. Woah, what a wild idea! That’s not very growth hacker of you, Drew.
diff --git a/content/blog/Analytics-and-informed-consent.md b/content/blog/Analytics-and-informed-consent.md
@@ -0,0 +1,51 @@
+---
+title: Web analytics should at least meet the standards of informed consent
+date: 2020-12-04
+outputs: [html, gemtext]
+---
+
+Research conducted on human beings, at least outside of the domain of
+technology, has to meet a minimum standard of ethical reasoning called
+[informed consent](https://en.wikipedia.org/wiki/Informed_consent). Details
+vary, but the general elements of informed consent are:
+
+1. Disclosure of the nature and purpose of the research and its implications
+ (risks and benefits) for the participant, and the confidentiality of the
+ collected information.
+2. An adequate understanding of these facts on the part of the participant,
+ requiring an accessible explanation in lay terms and an assessment of
+ understanding.
+3. The participant must exercise voluntary agreement, without coercion or fear
+ of repercussions (e.g. not being allowed to use your website).
+
+So, I pose the following question: if your analytics script wouldn't pass muster
+at your university's ethics board, then what the hell is it doing on your
+website? Can we not meet this basic minimum standard of ethical decency and
+respect for our users?
+
+Opt-out is not informed consent. Manually unticking dozens of third-party
+trackers from a cookie pop-up is not informed consent. "By continuing to use
+this website, you agree to..." is not informed consent. "Install [uBlock
+Origin](https://ublockorigin.com/)" is not informed consent.
+
+I don't necessarily believe that ethical user tracking is *impossible*, but I
+know for damn sure that most of these "pro-privacy" analytics solutions which
+have been cropping up in the wake of the GDPR don't qualify, either.
+
+Our industry's fundamental failure to respect users, deliberately mining their
+data without consent and without oversight for profit, is the reason why we're
+seeing legal crackdowns in the form of the GDPR and similar legislation. Our
+comeuppance is well-earned, and I hope that the regulators give it teeth in
+enforcement. The industry response — denial and looking for ways to weasel
+out of these ethical obligations — is a strategy on borrowed time. The law
+is not a computer program, and it is not executed by computers: it is executed
+by human beings who can see through your horseshit. You're not going to be able
+to seek out some narrow path you can walk to skirt the regulations and keep
+spying on people.
+
+You're going to stop spying on people.
+
+*P.S. If you still want the data you might get from analytics without
+compromising on ethics, here's an idea: compensate users for their participation
+in your research. Woah, what a wild idea! That's not very growth hacker of you,
+Drew.*
