An IRB Blog Central staffer recently found herself purchasing one of those fancy-schmancy beds that can be adjusted all kinds of ways. While wandering around the showroom, she noticed a screen flashing statistics about Arkansans’ sleep patterns, and how they compared to those in the rest of the country. All of it based on *data* — collected by beds. Large, impersonal data — just aggregate information about how Arkansans sleep.
The bed salesman showed the staffer the ins and outs of the new bed, including a downloadable app. She was sold on the app because the salesman said you could control the bed with the app, i.e. you’d have a backup in case the dog chewed up the bed remote or something. OK, cool. We’ve got dogs. They’re not big chewers, but one never knows what might get into their furry little heads one day regarding that bed remote.
Then, things got creepy. The app started collecting information on the people using this particular bed. It started sending them emails about their sleep. As in, nightly breakdowns about how long each had been in bed (almost 13 hours one night during Thanksgiving weekend!), when they were restless, when they were sleeping, when they got up, and what their average heart and respiration rates were.
That got our staffer to thinking about a couple of things. First and foremost, about how to opt out of this data collection. Secondly, the whole issue of data collection and data privacy. It really seems that there is no way to get through life anymore without leaving a trail of “data” in one’s wake. Those retail and grocery discount cards? Data collection. Library card? Data collection. Fitness or diet tracker app? Data collection. Scanning in at the gym? Data. Logging in to your Amazon Prime account and then shopping online? Data, data, and more data. And then here’s Netflix and (you guessed it) — Data. Netflix and Spotify — Data.
In one way or another, this data is all available for research. Marketing research, or research-research (remember the Facebook emotions study?), often without any sort of ethical review. Does this sea of data have any impact about how we at the IRB consider data and data privacy? Should it?