Collecting Survey and Smartphone Sensor Data With an App: Opportunities and Challenges Around Privacy and Informed Consent

The new European General Data Protection Regulation (GDPR) imposes enhanced requirements on digital data collection. This article reports from a 2018 German nationwide population-based probability app study in which participants were asked through a GDPR compliant consent process to share a series of digital trace data, including geolocation, accelerometer data, phone and text messaging logs, app usage, and access to their address books. With about 4,300 invitees and about 650 participants, we demonstrate (1) people were just as willing to share such extensive digital trace data as they were in studies with far more limited requests; (2) despite being provided more decision-related information, participants hardly differentiated between the different data requests made; and (3) once participants gave consent, they did not tend to revoke it. We also show (4) evidence for a widely-held belief that explanations regarding data collection and data usage are often not read carefully, at least not within the app itself, indicating the need for research and user experience improvement to adequately inform and protect participants. We close with suggestions to the field for creating a seal of approval from professional organizations to help the research community promote the safe use of data.