1
Basic Principles
Opinion and marketing research conducted over the Internet must conform to the same standard rules and ethical
principles outlined in Marketing Research Association’s (MRA) Code of Data Collection Standards.
This document is intended to focus on those areas of Internet research where new technologies have impacted on
data capture and data collection techniques, disclosure issues, responsible business behavior, and consumer
protection and rights to privacy.
It is now and always has been the intent of the MRA and its membership to respect and protect respondents
during data collection in all of its legitimate forms. MRA understands that the research process must be
acceptable to the general public and that all efforts must be made to self-regulate the research industry in such a
way that consumers and research users will have confidence in the process and the results.
In an age of globalization at many levels of business, it is the goal of MRA to assure that only legitimate opinion
and marketing research is conducted on the Internet with full disclosure, respectful recruiting techniques, and
consumer protection in accordance with MRA’s Code of Data Collection Standards.
Introduction
The rapid growth of the Internet has opened dramatic new opportunities for collecting and disseminating research
information worldwide. At the same time it raises a number of ethical and technical issues which must be
addressed if the Internet is to be used effectively and responsibly for opinion and marketing research purposes.
The fact that the Internet is inexpensive to use and difficult to regulate means that it can be open to misuse by less
experienced or less scrupulous organizations, often based outside the research industry. Any Internet surveys that
fall below the high standards promoted by the MRA under the Code of Data Collection Standards and
Recommended Best Business Practices will make it more difficult for legitimate researchers to use the Internet for
research. Misuse of Internet opinion and marketing research could seriously damage the credibility of legitimate
opinion and marketing research and is an abuse of the goodwill of Internet respondents and users in general.
MRA has issued these Ethical Guidelines to protect the interests both of Internet respondents and of the users of
Internet research findings. Because information technology and the Internet are evolving and changing so rapidly,
it is not practical to discuss in detail all the technical features of Internet research in such a guideline. This,
therefore, concentrates on the main principles that must be followed in carrying out research on (or about) the
Internet and in reporting the findings of such research.
These Ethical Guidelines include:
• Respondent Cooperation Should Be Voluntary
• Researcher’s Identity Should Be Disclosed to Respondents
• Respondents’ Rights to Anonymity Should Be Safeguarded
• Privacy Policy Statements Should Be Posted Online
• Data Security Should Be Maintained
• Reliability and Validity of Findings Should Be Disclosed to the Public
• Researchers Interviewing Minors Should Adhere to the Children’s Online Privacy Protection Act
• Unsolicited Email Should Not Be Sent to Those Requesting Not to Receive Any Further Email
2
I. Respondent Cooperation Should Be Voluntary
Opinion and marketing researchers and their companies should avoid intruding unnecessarily on the privacy of
Internet respondents. Survey respondents’ cooperation should at all times be voluntary. No personal information
unnecessary to the project, which is additional to that already available from other sources, should be sought from
or about respondents without their prior knowledge and consent.
In obtaining the necessary agreement from respondents, the opinion and marketing researcher must not mislead
them about the nature of the research or the uses that will be made of the findings. In order to prevent biased
responses there may be occasions, however, when the purpose of the research cannot be fully disclosed to
respondents at the beginning of the interview. The researcher should avoid deceptive statements that would be
harmful or create a nuisance to the respondent; for example, the respondent should be told the likely length of the
interview or about the possibilities of being re-interviewed on a later occasion. Respondents should also be told in
advance if they may incur costs (e.g., as online time) if they cooperate in the survey. Respondents may request at
any time during or after the interview that part or all of the record of their responses be destroyed or deleted and
the opinion and marketing researcher must conform to any such request where reasonable.
(Refer to Council for Marketing and Opinion Research: Respondent Bill of Rights at www.cmor.org)
II. Researcher's Identity Should Be Disclosed to Respondents
The company conducting Internet research should identify itself to all potential respondents and provide
appropriate contact information (email address, physical address, phone number, etc.). This is so respondents can
easily verify the validity of a research project or make inquiries prior to deciding to participate in the study or
survey.
III. Respondents’ Rights to Anonymity Should Be Safeguarded
Unless respondents give their verifiable informed consent to allow themselves to be identified with the
information they are providing, opinion and marketing research companies should ensure that the respondents’
anonymity is safeguarded. Opinion and marketing research companies should further ensure that the information
provided by respondents is used only for the research study in which each respondent consented to participate.
Information provided by respondents in an opinion and marketing research study cannot be used for unrelated,
non-research purposes such as direct marketing, non-consent list generation, credit rating, push polling, fund-
raising or other intrusive marketing, or political activities.
IV. Privacy Policy Statements Should Be Posted Online
Researchers should post their privacy policy statement on their online site. When such privacy policy statements
exist, they should be easy to find, easy to use and comprehensible.
• Notice – Disclose their information practices before collection of personal information from individuals.
• Choice – Give an individual options with respect to whether and how personal information collected about
them may be used for purposes beyond those for which the information was provided.
• Access – Individuals should be able to view and contest the accuracy and completeness of data collected
about them. The Federal Trade Commission (FTC) has acknowledged that the access requirement will vary
from site to site, business to business, taking into account various types of businesses.
• Security – Take reasonable steps to assure that information collected from individuals is accurate and secure
from unauthorized use.
• Enforcement – The use of a reliable mechanism to impose sanctions for noncompliance with these fair
information practices.
3
V. Data Security Should Be Maintained
Companies conducting Internet opinion and marketing research should be able to provide adequate security for
both respondents and clients in the transmission and storage of information and data. All reasonable precautions
should be taken to secure and protect computer servers and databases from unauthorized access to proprietary
files and information.
VI. Reliability and Validity of Findings Should Be Disclosed to the Public
Clients and other users of opinion and marketing research and the general public should not be in any way misled
about the reliability and validity of any Internet research findings. Researchers should:
• Follow scientifically sound sampling methods consistent with the purpose of the research;
• Publish a clear statement of the sample universe definition used in a given survey, the research approach
adopted, the response rate achieved and the method of calculation;
• Publish any reservations about the possible lack of projectability or other limitations of the research findings,
for instance resulting from non-response and other factors.
It is equally important that any research about the Internet (e.g., to measure penetration, usership, etc.) that
employs other data collection methods, such as telephone or mail, also clearly refers to any sampling or other
limitations on the data collected.
VII. Researchers Interviewing Minors Should Adhere to the Children’s Online
Privacy Protection Act
Opinion and marketing research companies conducting surveys or studies with minors should adhere to the
Children’s Online Privacy Protection Act (COPPA) set by the Federal Trade Commission (FTC). The Act applies
to the online collection of personal information from children under 13 years old.
COPPA applies to individually identifiable information about a child that is collected online, such as full name,
home address, email address, telephone number or any other information that would allow someone to identify or
contact the child. The Act also covers other types of information - for example, hobbies, interests and information
collected through “cookies” (an attachable unique identifier to a person’s preferences on a Web site) or other
types of tracking mechanisms - when they are tied to individually identifiable information.
Before collecting, using or disclosing personal information from a child, the researcher must obtain verifiable
parental consent from the child's parent. (Until April 2002, the FTC will use a sliding scale approach to parental
consent in which the required method of consent will vary based on how the child's personal information is used.
That is, if the researcher uses the information for internal purposes, a less rigorous method of consent is required.
If the researcher discloses the information to others, the situation presents greater dangers to children, and a more
reliable method of consent is required.)
The researcher must post a link to the privacy policy on the home page of its Web site and in each area where
opinion and marketing researchers collect personal information from children. The link to the privacy notice must
be clear and prominent. (For more information refer to section IV in this Ethical Guideline about privacy
policies). Also you can contact MRA Headquarters or visit the FTC Web site at www.ftc.gov for the full text of
COPPA.
The notice must be clearly written and comprehensible. It should not include any unrelated or confusing
materials.
4
It must provide the following information:
• The name and contact information (address, telephone number and email address) of all researchers collecting
or maintaining children's personal information through the Web site or online service. If more than one
researcher is collecting information at the site, the site may select and provide contact information for only
one researcher who will respond to all inquiries from parents about the site's privacy policies. Still, the names
of all the researchers must be listed in the notice.
• The kinds of personal information being collected from children
(e.g., name, address, email address, hobbies, etc.) and how the information is collected - directly from the
child or passively, say, through “cookies.”
If the researcher discloses information collected from children to third parties, then the researcher also must
disclose:
• The kinds of businesses in which the third parties are engaged;
• The general purposes for which the information is used;
• Whether the third parties have agreed to maintain the confidentiality and security of the information;
• That the parent has the option to agree to the collection and use of the child's information without consenting
to the disclosure of the information to third parties.
The researcher may not require a child to disclose more information than is reasonably necessary to participate in
an activity as a condition of participation. The parent can review the child's personal information, ask to have it
deleted, and refuse to allow any further collection or use of the child's information. The notice also must state the
procedures for the parent to follow. (Refer to the FTC Web site at www.ftc.gov for more information)
VIII. Unsolicited Email Should Not Be Sent to Those Requesting Not to Receive Any
Further Email
Overall respondents’ rights to privacy should be acknowledged by researchers by:
• Specifically offering the potential respondent the opportunity to “opt-out” or be removed from an email list;
• Not sending unsolicited messages online to respondents who have indicated they do not wish to receive such
messages relating to a research project or any follow-up research resulting directly from it;
• Not collecting email addresses under the guise of some other activity or by some means that does not allow
the respondent to be aware of this.
All email messages to respondents will carry the researcher's valid reply-to address and will clearly state the
purpose of the message in the email subject heading. Research companies will honor the respondents’ rights to
request that they receive no further email contact.
Issued December, 2000 – Marketing Research Association
5
Our thanks to the MRA Internet Ethics Guidelines Task Force
who worked diligently to organize these guidelines.
Members of the Task Force were:
Ed Sugar, Triton Technology, Chair
Joan Dempsey, J. Dempsey Marketing Research
Warren French, University of Georgia
Jamie Ohler, Market Measures Interactive
Gabe Oshen, Interviewing Service of America, Inc., New York
Keith Price, Greenfield Online, Inc.
Steve Runfeldt, JustASKthem.com
Credits:
• ESOMAR and ARF have given permission to MRA to incorporate excerpts from the joint ESOMAR/ARF Guideline on Conducting Marketing and
Opinion Research Using the Internet. Copyright © 2000 by ESOMAR, Amsterdam, The Netherlands. All rights reserved. The full text of the
ESOMAR/ARF Guideline, which is endorsed by the ICC, WFA and WAPOR, is available at www.esomar.nl and www.arfsite.org
• Council for Marketing and Opinion Research (CMOR) - Respondent Bill of Rights Copyright © 1999 - The Council for Marketing and Opinion
Research www.cmor.org
• Federal Trade Commission (FTC) www.ftc.gov
doc_732579255.pdf
Basic Principles
Opinion and marketing research conducted over the Internet must conform to the same standard rules and ethical
principles outlined in Marketing Research Association’s (MRA) Code of Data Collection Standards.
This document is intended to focus on those areas of Internet research where new technologies have impacted on
data capture and data collection techniques, disclosure issues, responsible business behavior, and consumer
protection and rights to privacy.
It is now and always has been the intent of the MRA and its membership to respect and protect respondents
during data collection in all of its legitimate forms. MRA understands that the research process must be
acceptable to the general public and that all efforts must be made to self-regulate the research industry in such a
way that consumers and research users will have confidence in the process and the results.
In an age of globalization at many levels of business, it is the goal of MRA to assure that only legitimate opinion
and marketing research is conducted on the Internet with full disclosure, respectful recruiting techniques, and
consumer protection in accordance with MRA’s Code of Data Collection Standards.
Introduction
The rapid growth of the Internet has opened dramatic new opportunities for collecting and disseminating research
information worldwide. At the same time it raises a number of ethical and technical issues which must be
addressed if the Internet is to be used effectively and responsibly for opinion and marketing research purposes.
The fact that the Internet is inexpensive to use and difficult to regulate means that it can be open to misuse by less
experienced or less scrupulous organizations, often based outside the research industry. Any Internet surveys that
fall below the high standards promoted by the MRA under the Code of Data Collection Standards and
Recommended Best Business Practices will make it more difficult for legitimate researchers to use the Internet for
research. Misuse of Internet opinion and marketing research could seriously damage the credibility of legitimate
opinion and marketing research and is an abuse of the goodwill of Internet respondents and users in general.
MRA has issued these Ethical Guidelines to protect the interests both of Internet respondents and of the users of
Internet research findings. Because information technology and the Internet are evolving and changing so rapidly,
it is not practical to discuss in detail all the technical features of Internet research in such a guideline. This,
therefore, concentrates on the main principles that must be followed in carrying out research on (or about) the
Internet and in reporting the findings of such research.
These Ethical Guidelines include:
• Respondent Cooperation Should Be Voluntary
• Researcher’s Identity Should Be Disclosed to Respondents
• Respondents’ Rights to Anonymity Should Be Safeguarded
• Privacy Policy Statements Should Be Posted Online
• Data Security Should Be Maintained
• Reliability and Validity of Findings Should Be Disclosed to the Public
• Researchers Interviewing Minors Should Adhere to the Children’s Online Privacy Protection Act
• Unsolicited Email Should Not Be Sent to Those Requesting Not to Receive Any Further Email
2
I. Respondent Cooperation Should Be Voluntary
Opinion and marketing researchers and their companies should avoid intruding unnecessarily on the privacy of
Internet respondents. Survey respondents’ cooperation should at all times be voluntary. No personal information
unnecessary to the project, which is additional to that already available from other sources, should be sought from
or about respondents without their prior knowledge and consent.
In obtaining the necessary agreement from respondents, the opinion and marketing researcher must not mislead
them about the nature of the research or the uses that will be made of the findings. In order to prevent biased
responses there may be occasions, however, when the purpose of the research cannot be fully disclosed to
respondents at the beginning of the interview. The researcher should avoid deceptive statements that would be
harmful or create a nuisance to the respondent; for example, the respondent should be told the likely length of the
interview or about the possibilities of being re-interviewed on a later occasion. Respondents should also be told in
advance if they may incur costs (e.g., as online time) if they cooperate in the survey. Respondents may request at
any time during or after the interview that part or all of the record of their responses be destroyed or deleted and
the opinion and marketing researcher must conform to any such request where reasonable.
(Refer to Council for Marketing and Opinion Research: Respondent Bill of Rights at www.cmor.org)
II. Researcher's Identity Should Be Disclosed to Respondents
The company conducting Internet research should identify itself to all potential respondents and provide
appropriate contact information (email address, physical address, phone number, etc.). This is so respondents can
easily verify the validity of a research project or make inquiries prior to deciding to participate in the study or
survey.
III. Respondents’ Rights to Anonymity Should Be Safeguarded
Unless respondents give their verifiable informed consent to allow themselves to be identified with the
information they are providing, opinion and marketing research companies should ensure that the respondents’
anonymity is safeguarded. Opinion and marketing research companies should further ensure that the information
provided by respondents is used only for the research study in which each respondent consented to participate.
Information provided by respondents in an opinion and marketing research study cannot be used for unrelated,
non-research purposes such as direct marketing, non-consent list generation, credit rating, push polling, fund-
raising or other intrusive marketing, or political activities.
IV. Privacy Policy Statements Should Be Posted Online
Researchers should post their privacy policy statement on their online site. When such privacy policy statements
exist, they should be easy to find, easy to use and comprehensible.
• Notice – Disclose their information practices before collection of personal information from individuals.
• Choice – Give an individual options with respect to whether and how personal information collected about
them may be used for purposes beyond those for which the information was provided.
• Access – Individuals should be able to view and contest the accuracy and completeness of data collected
about them. The Federal Trade Commission (FTC) has acknowledged that the access requirement will vary
from site to site, business to business, taking into account various types of businesses.
• Security – Take reasonable steps to assure that information collected from individuals is accurate and secure
from unauthorized use.
• Enforcement – The use of a reliable mechanism to impose sanctions for noncompliance with these fair
information practices.
3
V. Data Security Should Be Maintained
Companies conducting Internet opinion and marketing research should be able to provide adequate security for
both respondents and clients in the transmission and storage of information and data. All reasonable precautions
should be taken to secure and protect computer servers and databases from unauthorized access to proprietary
files and information.
VI. Reliability and Validity of Findings Should Be Disclosed to the Public
Clients and other users of opinion and marketing research and the general public should not be in any way misled
about the reliability and validity of any Internet research findings. Researchers should:
• Follow scientifically sound sampling methods consistent with the purpose of the research;
• Publish a clear statement of the sample universe definition used in a given survey, the research approach
adopted, the response rate achieved and the method of calculation;
• Publish any reservations about the possible lack of projectability or other limitations of the research findings,
for instance resulting from non-response and other factors.
It is equally important that any research about the Internet (e.g., to measure penetration, usership, etc.) that
employs other data collection methods, such as telephone or mail, also clearly refers to any sampling or other
limitations on the data collected.
VII. Researchers Interviewing Minors Should Adhere to the Children’s Online
Privacy Protection Act
Opinion and marketing research companies conducting surveys or studies with minors should adhere to the
Children’s Online Privacy Protection Act (COPPA) set by the Federal Trade Commission (FTC). The Act applies
to the online collection of personal information from children under 13 years old.
COPPA applies to individually identifiable information about a child that is collected online, such as full name,
home address, email address, telephone number or any other information that would allow someone to identify or
contact the child. The Act also covers other types of information - for example, hobbies, interests and information
collected through “cookies” (an attachable unique identifier to a person’s preferences on a Web site) or other
types of tracking mechanisms - when they are tied to individually identifiable information.
Before collecting, using or disclosing personal information from a child, the researcher must obtain verifiable
parental consent from the child's parent. (Until April 2002, the FTC will use a sliding scale approach to parental
consent in which the required method of consent will vary based on how the child's personal information is used.
That is, if the researcher uses the information for internal purposes, a less rigorous method of consent is required.
If the researcher discloses the information to others, the situation presents greater dangers to children, and a more
reliable method of consent is required.)
The researcher must post a link to the privacy policy on the home page of its Web site and in each area where
opinion and marketing researchers collect personal information from children. The link to the privacy notice must
be clear and prominent. (For more information refer to section IV in this Ethical Guideline about privacy
policies). Also you can contact MRA Headquarters or visit the FTC Web site at www.ftc.gov for the full text of
COPPA.
The notice must be clearly written and comprehensible. It should not include any unrelated or confusing
materials.
4
It must provide the following information:
• The name and contact information (address, telephone number and email address) of all researchers collecting
or maintaining children's personal information through the Web site or online service. If more than one
researcher is collecting information at the site, the site may select and provide contact information for only
one researcher who will respond to all inquiries from parents about the site's privacy policies. Still, the names
of all the researchers must be listed in the notice.
• The kinds of personal information being collected from children
(e.g., name, address, email address, hobbies, etc.) and how the information is collected - directly from the
child or passively, say, through “cookies.”
If the researcher discloses information collected from children to third parties, then the researcher also must
disclose:
• The kinds of businesses in which the third parties are engaged;
• The general purposes for which the information is used;
• Whether the third parties have agreed to maintain the confidentiality and security of the information;
• That the parent has the option to agree to the collection and use of the child's information without consenting
to the disclosure of the information to third parties.
The researcher may not require a child to disclose more information than is reasonably necessary to participate in
an activity as a condition of participation. The parent can review the child's personal information, ask to have it
deleted, and refuse to allow any further collection or use of the child's information. The notice also must state the
procedures for the parent to follow. (Refer to the FTC Web site at www.ftc.gov for more information)
VIII. Unsolicited Email Should Not Be Sent to Those Requesting Not to Receive Any
Further Email
Overall respondents’ rights to privacy should be acknowledged by researchers by:
• Specifically offering the potential respondent the opportunity to “opt-out” or be removed from an email list;
• Not sending unsolicited messages online to respondents who have indicated they do not wish to receive such
messages relating to a research project or any follow-up research resulting directly from it;
• Not collecting email addresses under the guise of some other activity or by some means that does not allow
the respondent to be aware of this.
All email messages to respondents will carry the researcher's valid reply-to address and will clearly state the
purpose of the message in the email subject heading. Research companies will honor the respondents’ rights to
request that they receive no further email contact.
Issued December, 2000 – Marketing Research Association
5
Our thanks to the MRA Internet Ethics Guidelines Task Force
who worked diligently to organize these guidelines.
Members of the Task Force were:
Ed Sugar, Triton Technology, Chair
Joan Dempsey, J. Dempsey Marketing Research
Warren French, University of Georgia
Jamie Ohler, Market Measures Interactive
Gabe Oshen, Interviewing Service of America, Inc., New York
Keith Price, Greenfield Online, Inc.
Steve Runfeldt, JustASKthem.com
Credits:
• ESOMAR and ARF have given permission to MRA to incorporate excerpts from the joint ESOMAR/ARF Guideline on Conducting Marketing and
Opinion Research Using the Internet. Copyright © 2000 by ESOMAR, Amsterdam, The Netherlands. All rights reserved. The full text of the
ESOMAR/ARF Guideline, which is endorsed by the ICC, WFA and WAPOR, is available at www.esomar.nl and www.arfsite.org
• Council for Marketing and Opinion Research (CMOR) - Respondent Bill of Rights Copyright © 1999 - The Council for Marketing and Opinion
Research www.cmor.org
• Federal Trade Commission (FTC) www.ftc.gov
doc_732579255.pdf