Documenting consent

Documenting consent

Typically, written consent documentation includes an information sheet and a consent form that is signed by the participant. This division allows the background information to be as detailed as necessary while keeping the signature form short and concise.

It is also important to consider in advance how the personal information collected will be used in the research project and beyond, as the legal sharing of personal research data becomes more commonplace in research. Please find out more about this below:

An information sheet should cover the following topics:

  • Nature and purpose of the research.
  • Nature of involvement.
  • Benefits and risks of participating.
  • Procedures for withdrawal.
  • Information on a lawful basis that is being used to collect personal data.
  • Usage of the data during research, dissemination, storage, publishing, and archiving.
  • Details of the research: funding source, sponsoring institution, name of project, contact details for researchers, and how to file a complaint.

We recommend that consent forms include three key sections to ensure clarity and transparency for participants. These sections, outlined in our model consent form, are:

Participating in the research: The consent form should be written in plain language, free from jargon, and should allow the participant to clearly respond to points such as:

  • The participant has read and understood information about the project.
  • The participant has been given the opportunity to ask questions.
  • The participant voluntarily agrees to participate in the project.
  • The participant understands that they can withdraw at any time without giving reasons and without penalty.

The use of information in the study: This section of the consent form should explain how participants’ data will be used as part of the study. For example:

  • Data handling procedures.
  • How confidentiality will be protected, e.g. whether real names will be used or pseudonyms (with permission), how data will be anonymised, etc.
  • How information will be used in publications, e.g. Quotes.
  • Outlining processes for analysing and reporting.
  • Granularity such as separately asking for data that contain personal information, such as text, audio recordings, videos or pictures.

By clearly outlining these details, this section helps manage participants’ expectations and fosters trust by guaranteeing the confidentiality and security of their data.

Future use and reuse of information: This section is vital for obtaining consent for the potential future use of participants’ data, ensuring they understand how their information might be used beyond the study. For example:

  • Communicating that the data will be deposited for future use.
  • Procedures for maintaining confidentiality of information about the participant and information that the participant shares, especially in relation to data archiving and reuse.
  • Specifying in which form the data will be deposited, e.g. de-identified, anonymised transcripts, audio recording, survey database, etc.
  • Specifying whether use or access restrictions will apply to the deposited data in future, e.g. exclude commercial use, apply safeguarded access, etc.

This is especially significant in the context of open science and data archiving. Securing consent for future use is a cornerstone of responsible data management and promotes a culture of transparency and accountability in research.

Consent for processing personal data

In the UK, institutions such as universities often rely on “research in the public interest” as the lawful basis for processing such data, provided appropriate safeguards are in place. However, the legal basis is usually defined by the host organisation; therefore, researchers should consult with their institution to determine the appropriate lawful basis for their specific project.

Where consent is being used as the lawful basis for processing personal information (e.g. Name, address, and date of birth), then the best practice would also be to provide information to participants on:

  • How personal information will be processed and stored and for how long?
  • Procedures for maintaining confidentiality of information about the participant and information that the participant shares.
  • Procedures for assuring ethical use of the data: Procedures for safeguarding personal information, maintaining confidentiality, and de-identifying or anonymising data, especially in relation to data archiving and reuse.

For onward sharing of data, the GDPR applies, and further information needs to be provided:

  • The contact details of the data controller (the entity that determines the reason for processing personal data).
  • Who will receive or have access to the personal data?
  • A clear statement on the right of the participant to request access to their personal data and the correction (rectification) or removal (erasure) of such personal data.

Participants should be given a copy of the form and the researcher should retain the signed original.

For further information, see Documenting consent for personal data.

Consent forms should not preclude the sharing of research data. So, promises to destroy any data or that data will only be seen or accessed by the research team should be avoided. Terms such as ‘fully anonymous’ or ‘strictly confidential’ should be avoided, as they are often impossible to define. It is better to indicate how data will be anonymised (e.g. by removing all directly indefiable information such as names and addresses, and treating information that might indirectly identify a person such as their occupation, level of education, etc.). The following is an example of wording that does not preclude sharing from the Interuniversity Consortium for Political and Social Research (ICPSR) adapted for the UK.

Study staff will protect your personal information closely so no one will be able to connect your responses and any other information that identifies you. National laws may require us to show information to university or government officials (or sponsors), who are responsible for monitoring the safety of this study. Directly identifying information (e.g. names, addresses) will be safeguarded. You will not be identified in any publication from this study unless you have consented to waive anonymity.

As research is a dynamic process the original consent may not be informed ‘enough’, that is, contain sufficient and up-to-date information about the aims of the research. Therefore, it is always advisable to keep any consent forms under constant review.

The retention of consent forms depends on the retention policy of host organisation. For example, if data is collected under the lawful basis of public task and subsequently anonymised, an organisation may specify in its retention schedule that consent forms must be kept for a certain number of years after the project concludes. After this period, the consent forms can be destroyed, as retaining personal data beyond its purpose would be unnecessary. Meanwhile, the archived data, having been anonymised, can be retained indefinitely for future research and reproducibility.