Areas for action
Two examples of Coerle's work
© Inria / Photo C. Morel
Below are just a few examples of situations that were referred to Coerle, to show the scope of the committee's work.
Ethics approval prior to publication
Responsible journals and conferences now seek approval for the ethical aspect of the project that generated an article or paper. This approval must be granted by the operational ethics committee of the authors' home establishment. At Inria, it is therefore Coerle that shoulders the responsibility of analysing the work and drafting an opinion. It should be pointed out here that some journals and conferences side-step this approval process. However, the editors of the journals or the conference proceedings are responsible for the material they publish, in the same way as the authors, and similarly liable to any ensuing legal action.
Ethics and data management
Many scientific projects collect observational data, experimental data or open-source data. The collection, storage, security, anonymisation and use of this data raises ethical and legal issues that scientists must have identified and adequately dealt with before beginning to carry out their project. The French Data Protection Law often plays a fundamental role and the data protection officer (DPO) must be approached about data privacy issues when projects are being designed. For this reason, Inria's DPO is systematically invited to Coerle meetings. Frequently met examples concern masses of data mined from social networks or observational data yielded by experiments in human-computer interaction.
In the case of information extracted from social networks, we have to manage the legal and ethical issued raised by tens of millions (if not much more) of digital records concerning tens of millions of entities (people, accounts, groups, etc.). In the case of human-computer interaction, personal data can be very detailed and concern adults, minors, and minors or representatives of certain minorities. In any event, it is essential to consider the ethical implications before carrying out any experiment or collecting any data. This often involves the local Coerle contacts and Inria's data protection officer. It may also entail security audits to guarantee the quality of the data storage and processing conditions. The Security and Defence Officer and the Information Systems Security Manager may also be involved, or involved in approving the project.
Projects involving human-computer interaction
For project-teams working on human-computer interaction, we examine and issue opinions on proposals for individual experiments or groups of experiments. Our aim is to help provide a clear ethical and legal framework in order to ensure that participants have all the necessary information about their experiments and any potential consequences they may have.
Research on cybersecurity often poses ethical and legal issues. Typically, when a security loophole is detected, an ethical disclosure process must be carried out so that the corrections can be made without the loophole being used for improper purposes, which could incur the criminal liability of the person that detected the loophole. It should also be noted that companies such as Zerodium offer to buy "zero-day exploits", i.e. hitherto undetected security loopholes, for sums that, in March 2017, could attain up to $1.5 million, posing serious integrity and ethical issues for scientists in the field.
On 16 November 2016, the so-called "Jardé Law" on clinical trials came into force. It may have an impact on some of the research in digital health and biology conducted by Inria project-teams, in particular if their purpose is to advance biological or medical knowledge. All research protocols involving humans, including non-interventional studies (defined as not entailing any risk or specific constraint) are now subject to prior approval by an ethical review committee (in French: comité de protection des personnes or CPP) and must be able to demonstrate that they are conducted "for the purposes of expanding biological or medical knowledge".
In practice, scientific research involving humans for the purpose of expanding scientific knowledge in information technology or mathematics does not systematically come under the provisions of the Jardé Law. Accordingly, Coerle and its local correspondents may need to examine projects individually to check whether they lie within the scope of the law. If the research lies within the scope of clinical trials and if Inria is the promoter, it will be necessary to obtain a registration number for the research on the ANSM website before any further steps can be taken. The requirements and the procedure are set out in full in Inria’s decision No. 12137 dated 9 March 2017.
Any research project in the field of digital technology now calls for a consideration of the ethical aspects. The points covered below are not exhaustive: they are provided to get the scientists involved to think about the ethical implications, especially when they are elaborating their project.
- Are the people contributing to the project aware of or trained in ethical issues? If so, provide factual supporting information. If not, state whether there are plans for awareness-raising or training initiatives.
- Have the project's societal and ethical consequences been discussed with all of the participants?
- In the event of a chance discovery, what processes will be established?
- How will scientists joining the project in the course of its completion be involved in the ethical considerations and processes in place?
- Does the project handle sensitive data (e.g. data of a medical or personal nature, or concerning security, economic information, reputation, etc.)?
- Would comparing project data with open-source data produce results that raise ethical issues?
- What provisions has the project made to stimulate its ethical considerations and incorporate the outcome of these considerations in the project and its process?
- Has a self-assessment form been used (such as the form drawn up for the H2020 proposals)?
- When legal or ethical risks are identified, how are their likelihood, importance and potential impact assessed?
- If an ethical risk is shown to exist, what effect will it have on the completion of the project? Describe how the risk-analysis process is carried out.
- What provisions have been made for the reproducibility of the outcomes?
- Will the publication of the findings call for consideration of the ethical implications? Has adequate consideration been given to the software?
These articles could interest you:
The advices are passed on to the Chairman.
Most of them are intended for internal dissemination, however those mentionned below are public.