April 12, 2016

Datensparsamkeit is a German word that refers to collecting only the minimal amount of information necessary to complete a task.

I learned about datensparsamkeit from a colleague who was creating a confidential survey tool. I thought about it again recently while considering what information news organizations may collect and store from users, either through themselves or third-party tools.

March brought a particularly egregious example of poor data collection. CNBC put up a tutorial to teach visitors about secure password creation, but the passwords were collected and then sent without encryption to a Google spreadsheet, which means anyone in an individual users’ Wi-Fi network or CNBC’s network with the correct permissions could see it. The tutorial was also set up so that the 30 or so advertisers whose ads appeared on the page could also see the passwords.

CNBC took down the tutorial, but they’re not the only news organization that routinely collects data about users through quizzes or survey results or apps. Some news organizations then transmit this collected information to advertisers or third-party tools. Should news organizations ponder the ethical considerations of transmitting personal information like IP addresses to third-party tools or advertisers without asking for explicit permission?

Some more questions: What are the ethics that help publishers think about the types of information they’re gathering with third-party tools? What does ethical consent for users look like? As a user of a news website, what expectations do I have of privacy? And should those expectations be different on a news website vs. other sites? Should there be journalism review boards that assess data-collecting stories before they go live?

I’m not sure of the answers to these questions, but I am concerned that the people making decisions about partnerships or third-party tools in newsrooms don’t necessarily have the technical (or legal) chops to properly evaluate the software partnerships that they’re making with other organizations.

So, I’ve come up with a lists of questions that news organizations could ask before integrating third-party tools or collecting information from users through apps. These lists are not comprehensive, and I would love to see you build on them, either in the comment section or in an essay of your own. I see this list as a start to what I hope is a much larger discussion in the news industry

For data visualizations and other apps:

  1. What is the minimal amount of data that needs to be collected to complete this task?
  2. Who should have permission to view this data? Everyone in our newsroom? Some people in our newsroom? Advertisers? Third-party tools that are on our site?
  3. Will some of the above-mentioned groups have exclusive access to data that the news organization collects but doesn’t share with all groups?
  4. How do we let users know who has permission to see their data?
  5. Do users have to grant explicit permission to news organizations for data to be stored?
  6. Do users have access to what data is stored? For how long?
  7. How long will we store this data?
  8. How will we make sure the data we’re storing is secure?
  9. Is there another way to tell the same story without collecting this data?
  10. Is there an institutional review board or other editorial review before the app goes live?

For third-party tools or platforms:

  1. Has my newsroom properly vetted and assessed other options before deciding on this tool? Have we considered all of the ethical implications?
  2. What data is the third-party tool or platform allowed to collect? If that changes, who makes that decision? How long is the data stored?
  3. How does a third-party tool or platform support a publisher who no longer wants to use the tool?
  4. How does the third-party tool or platform share data back to my news organization?
  5. If the third-party tool or platform works with many news organizations, is my data secure or is there a chance it is being shared with others? If so, am I being informed?
  6. Can I adapt or modify the privacy policy of the third-party tool or platform? Do I need to put their privacy policy on my website? How will I inform users?
  7. If there is a data breach of the third-party tool or platform, how does my news organization inform users? How would we be informed?
  8. Is the third-party tool or platform sharing data with other parties? What if it’s sold?
  9. Will my organization be compensated for bringing additional business or users to the third-party tool or platform? Should I inform my audience?
  10. How do we report on the third-party tool or platform itself as a user of the tool?
  11. Do I want my brand to be featured in advertising for the third-party tool or platform? If the third-party tool or platform has advertising, am I allowed to say no to certain types of advertising with my content?
  12. Can the third-party tool or platform send push notifications to my users?
  13. What does informed consent look like for users of my website?
  14. If the third-party tool or platform folds, who owns the data and content? What happens to it?
  15. Have I gotten an outside opinion from someone informed about the software we’re thinking about using?
  16. What is the minimum amount of data that I would feel comfortable sharing?
  17. Is this something my users really want or need?
Support high-integrity, independent journalism that serves democracy. Make a gift to Poynter today. The Poynter Institute is a nonpartisan, nonprofit organization, and your gift helps us make good journalism better.
Donate
Mel leads audience growth and development for the Wikimedia Foundation and frequently works with journalism organizations on projects related to audience development, engagement, and analytics.…
Melody Kramer

More News

Back to News