One of our main targets is to make the data available and show how people cope with the same virus in different situations in different countries. We have created an online data visualization tool for policymakers and analysts to compare psychological responses across countries.
In this file, you can find a full overview of how we handle your responses to ensure that your responses remain secure and well protected. In general, there are five main steps:
Filling out the baseline survey is pretty straight-forward. For every question, you can decide if you would like to answer it or not. There are no negative consequences if you decide to not answer a question.
There are two questions you can decide to answer that are considered “directly identifiable personal data” from a data protection point of view, namely your email address and your ZIP code. To protect this information we take a number of measures, namely:
There are only two data managers who are allowed to work with the raw data (i.e., data that links your email address and ZIP code to your survey responses):
The two data managers, who have access to the raw data, are working from secured machines (e.g. all data is encrypted, password-protected, and remains on a local hard drive). The data is stored in an encrypted data storage facility and will only remain on the (encrypted) local hard drives of the data managers for the duration of data processing.
A full overview of this process is presented below. In general, there are four types of data files the data managers handle:
Baseline file: The most important data file is the baseline file. The baseline file consists of the same version of the questionnaire that is distributed through different channels. For example, you may have answered the questionnaire on Qualtrics or on google forms. All these different versions come together in Groningen where the data managers pseudonymize your responses.
Pseudonymized data: Here your responses to the questions are stored together with all the other participants that decided to take the survey. In this data file, your emails and your ZIP codes, both of which count as “directly identifiable personal data” data, have been removed and have been replaced by a random string (your pseudonym). This datafile only gets shared with researchers at universities subject to the General Data Protection Regulation of the European Union (GDPR) and the American Psychological Association (also see “How do we share data with other researchers” below). If you are interested in how we pseudonymize your responses please have a look here.
Local coronavirus spread information: A specialized team based in Utrecht, the Netherlands is gathering information on how the coronavirus is spreading. If you have optionally provided your ZIP code, we will match it with other related information from your general area, e.g. number of covid-19 cases. This can help us understand whether there are specific psychological variables that help to combat the spread of the virus. After the merge has happened, your ZIP code information will be deleted and your pseudonym (see the above section) will be used to link local virus spread information to your responses in the pseudonymized baseline file. We will attempt to locate geographical regions first by GPS coördinates (according to Qualtrics, these coördinates are accurate if the participant enabled GPS on their device, and otherwise, resolves to the city or country level. They do not identify specific individuals). We then attempt to geolocate participants by their handwritten country name, and by handwritten ZIP code, both of which are ambiguous. Conflicts between GPS-location and country name/ZIP code geolocation are resolved manually.
If you decide to provide your email address and wish to be recontacted, we will contact you in around a week on Fridays. Every Friday you can decide whether you want to be recontacted again or not. Your email address is solely used for recontacting you for upcoming waves. In order to protect your privacy, your email is stored locally in a separate file and only your pseudonym (see step 2 if you are interested in how pseudonymization works) is used to link your responses from the recontact to your responses from the baseline survey (or other recontacts).
Other researchers may have ideas about how your responses can help understand how humans deal with the coronavirus (you can see a list of people that have been working on the project here). To protect your (sensitive) personal data, collaborating researchers need to request access to the dataset. To do so, they first have to propose an analysis plan. If the analysis plan is approved, the University of Groningen will share a pseudonymized dataset with them that contains only the variables the researchers are interested in. By sharing only the most relevant variables we ensure that only minimal data is shared. There are two special teams within this whole process we would like to introduce to you in more detail (see Joint controllers group)
This research project is a close collaboration between the University of Groningen (dr. Pontus Leander), New York University – Abu Dhabi NYUAD (dr. Jocelyn Belanger), and Utrecht University (dr. Caspar van Lissa). This means that these teams have additional privileges but also responsibilities. We specify these responsibilities and privileges here:
Data collection: NYU-AD and the University of Groningen are responsible for collecting data for the baseline measure. NYU-AD uses partners to collect data. The University of Groningen is responsible for managing recontact surveys and raw data collected by NYU-AD.
Data handling: The data managers at the University of Groningen are responsible for data security. This means that the University of Groningen takes care of downloading all raw data and pseudonymizing your responses. Only in Groningen come ZIP codes and region information, e-mail addresses, your responses to the baseline survey, and your responses to the recontact surveys together. Researchers at the University of Groningen then merge these datasets and create pseudonymized datasets.
By reading the above we hope to have given you an understanding of how we are trying to do our utmost to keep your responses as safe and secure as possible. We would also like to let you know that we think consent is a relation that we build over time. We will, therefore, periodically further develop information on collaboration and try to make the best decisions to further ensure your privacy rights. Thank you for your trust and support during this research.