Published on in Vol 21, No 5 (2019): May

Preprints (earlier versions) of this paper are available at https://preprints.jmir.org/preprint/12273, first published .
Participatory Disease Surveillance Systems: Ethical Framework

Participatory Disease Surveillance Systems: Ethical Framework

Participatory Disease Surveillance Systems: Ethical Framework

Viewpoint

1Institute for Biomedical Ethics, University of Basel, Basel, Switzerland

2Institue for Scientific Interchange Foundation, Torino, Italy

3De Grote Griepmeting, Science in Action BV, Amsterdam, Netherlands

4Statens Serum Institut, København, Denmark

5Sorbonne Université, Institut National de la Santé et de la Recherche Médicale, Institut Pierre Louis d’Épidémiologie et de Santé Publique, Paris, France

6German Research Center for Artificial Intelligence (DFKI), Kaiserslautern, Germany

7ETH Zurich, Swiss Federal Institute of Technology, Zurich, Switzerland

8Novartis Pharma AG, Basel, Switzerland

9Institute of Global Health, Faculty of Medicine, University of Geneva, Geneva, Switzerland

10University Center of Legal Medicine, University of Geneva, Geneva, Switzerland

Corresponding Author:

Lester Darryl Geneviève, MBChB, MSc

Institute for Biomedical Ethics

University of Basel

Bernoullistrasse 28

Basel, 4056

Switzerland

Phone: 41 61 207 17 82

Fax:41 61 267 17 80

Email: lester.genevieve@unibas.ch


Advances in information technology are changing public health at an unprecedented rate. Participatory surveillance systems are contributing to public health by actively engaging digital (eg, Web-based) communities of volunteer citizens to report symptoms and other pertinent information on public health threats and also by empowering individuals to promptly respond to them. However, this digital model raises ethical issues on top of those inherent in traditional forms of public health surveillance. Research ethics are undergoing significant changes in the digital era where not only participants’ physical and psychological well-being but also the protection of their sensitive data have to be considered. In this paper, the digital platform of Influenzanet is used as a case study to illustrate those ethical challenges posed to participatory surveillance systems using digital platforms and mobile apps. These ethical challenges include the implementation of electronic consent, the protection of participants’ privacy, the promotion of justice, and the need for interdisciplinary capacity building of research ethics committees. On the basis of our analysis, we propose a framework to regulate and strengthen ethical approaches in the field of digital public health surveillance.

J Med Internet Res 2019;21(5):e12273

doi:10.2196/12273

Keywords



Advances in information technology are changing medical research [1] and public health at an unprecedented rate [2]. One of the most evident changes is that it has become easy for members of the general public to contribute to public health surveillance, practice, and policy [2] by sharing personal and health-related information through digital media. The pervasiveness of technology is underscored by the fact that as of 2018, almost 4 billion people are estimated to have access to the internet [3], and there are over 318,000 health-related mobile apps [4]. In public health surveillance (ie, public health data collection and analysis to inform public health practice [5]), vast real-time health data from informal sources (eg, health-related mobile apps and twitter) allow an early detection, prevention, and monitoring of public health threats and the potential for a prompt response from authorities to mitigate them. These informal sources have facilitated the reporting of diseases by complementing and reducing the time information is transmitted in multilevel public health infrastructures. Consequently, around the world, several early warning systems are now using this innovative approach [6].

Such activities have been termed digital epidemiology or digital disease detection [7,8]. Digital epidemiology can either be performed for nonresearch or research purposes. On the one hand, if the aims of the surveillance system are simply to monitor, control, and respond to health threats by producing data on the affected population, then this serves nonresearch purposes. On the other hand, if the purpose of the surveillance system is either to contribute to or to produce generalizable knowledge, potentially applicable to different populations and settings, then it serves research purposes [9].

Data in digital epidemiology can be obtained through 2 distinct approaches, with similar public health objectives but usually different challenges [10]. With a passive approach for data collection, data subjects are not directly informed that their everyday data (stored, eg, on social platforms, blogs, and Web search queries) are being mined and processed by advanced algorithms involved in big data analytics to monitor or predict disease outbreaks [10-12]. One of the first notable examples of such passive data collection approach to digital epidemiology was Google Flu Trends (GFT). There are numerous challenges to this approach, including big data hubris and unstable algorithm dynamics. Big data hubris states that big data are simply a replacement for data collected and analyzed by conventional means rather than an adjunct to traditional public health surveillance. Unstable algorithm dynamics refer to the continuous changes made by the company to the search algorithms, as a means of improving their searching capabilities by incorporating, for instance, new search terms. However, as the case of GFT demonstrated, these improvements led to biased estimates [13]. Nonetheless, big data surveillance offers an unprecedented opportunity to monitor in a timely manner the spatial and temporal evolutions of epidemics with increased granularity compared with more traditional surveillance systems, provided that the potential flaws of big data analytics are taken into consideration [12,13].

On the other hand, a participatory disease surveillance system has an active approach involving digital communities of volunteer citizens who consciously provide data. This can be done either interactively by reporting their symptoms and other relevant information through an appropriate interface or by donating sensor data (eg, location traces) from their digital devices. Such a participatory approach not only supports the detection of potential public health threats but also empowers individuals to reflect on them and adapt their behavior accordingly [10]. An example of such participatory disease surveillance system is the European Influenzanet Consortium, which monitors influenza-like illness (ILI) activity during flu seasons, with data from volunteer citizens using digital national platforms and in some cases, mobile apps [14,15]. Details on the Influenzanet Consortium and its inclusion as an adequate model to illustrate ethical issues pertinent to participatory disease surveillance systems have been covered in a previous publication [16].

In 2009, the Influenzanet Consortium was formed to standardize practices among the individual national ILI surveillance platforms to promote collaboration [17]. Recent research started exploring the use of crowdsourcing for detection of epidemic flu spreading, improving the self-reporting experience of symptoms with a more user-friendly mobile phone apps, and enriching the data with context data recorded by the phone’s sensors [15]. The Consortium follows the top-down model of citizen participation [2], which guarantees the scientific requirements and integrity of the disease surveillance network while relying on volunteer citizens’ data. This technology-driven public health surveillance has some benefits for its participants. Real-time information on ILI activity at local and national levels is provided to participants, who are also advised on strategies for disease prevention [17,18]. Importantly, the participants contribute directly to the ultimate goal of this public health initiative by providing real-time granular health-related data on ILI [19]. Such information complements the data of the European Influenza Surveillance Network (EISN) at finer levels, as EISN receives mainly epidemiological and virological data from its network of general practitioners [17,18]. The large cohorts of Influenzanet (eg, over 36,000 volunteer citizens for the flu season 2015/2016) also allow detection of even small epidemics of ILI [17,20]. This early detection [21] could potentially enable timely mitigation strategies to reduce the health burden of influenza and decrease health expenditures associated with increased hospitalization and treatment. In addition, Influenzanet enables research and the study of subgroups, for example, influenza vaccine effectiveness in vaccinated groups [22], attitudes toward vaccination [23], health status of population outside the health care system [24], and differences in medical care–seeking behavior across the European Union (EU) [20].

However, such top-down model of citizen participation in surveillance, specifically for research purposes, raises its own set of ethical issues on top of those inherent in traditional forms. Participants are involved actively in scientific research [2], but researchers have limited personal interaction with participants to ensure that they have indeed understood the research information provided on the national platforms or mobile apps and potential risks that their participation entails. In addition, participants could be influenced by the promise of expected benefits and the imperative of altruism. Therefore, it becomes a challenge to combine protection of research participants with the promotion of high-quality data collection for ethically acceptable research purposes [25]. In participatory disease surveillance systems, these are closely linked and mutually dependent on each other. On the one hand, ensuring participants’ trust and engagement through adequate safeguards is crucial for the sustainability and quality of these surveillance systems. If participants perceive the risk of privacy violation, they might refrain from giving important information, thus, affecting the effectiveness of disease surveillance and subsequent future public health interventions [26]. On the other hand, if surveillance systems follow low-quality standards and operate outside an ethical framework, protection and collaborations of data subjects cannot be secured. Numerous ethical frameworks have been developed in the field of public health surveillance and the use of big data [27-29]. However, a 2017 systematic review on ethical issues of public health surveillance revealed that there is a need for more context-specific analyses to guide public health practice [5]. Consequently, providing an ethical framework for the regulation of such innovative participatory surveillance methods, using a real-world example, becomes of utmost importance.

In this paper, we use Influenzanet to illustrate challenges in protection of health and other sensitive information reported in participatory disease surveillance systems. We discuss and analyze challenges and needs of participant consent in surveillance and research using participant surveillance systems data. We argue that research ethics committee (RECs) should play an important role in this developing field. Finally, we propose a framework for the regulation of digital participatory disease surveillance systems, which strengthens protection of participants’ data and privacy, while promoting the concept of justice.


Traditional Informed Consent in Internet-Based Surveillance

In public health surveillance, there are 2 antithetical forces. Although these systems pursue the improvement of population health through surveillance of diseases (such as in the case of Influenzanet, providing protection for vulnerable populations at risk of serious adverse outcomes of influenza infection), they must also safeguard individuals against any abuse of their data by researchers [30,31]. To strike a balance between the pursuit of societal welfare and protection of individual rights, consent from participants plays a fundamental role. Originating from the necessity to protect research subjects both physically and mentally, written informed consent is traditionally obtained for medical research, and its importance has emerged even more in the current era of data protection [32]. However, this type of consent seems to be poorly adapted to the collection and use of digital data in public health surveillance [2].

In light of the inadequacy of traditional informed consent for participatory public health surveillance, 1 potential response is to reject the need for further consent in these types of studies [33] because of the fact that participants enroll on their own and not in continued medical contact. The “no problem” solution rests also on the assumption that consent is not necessary, as in public health surveillance, individual interests may be put aside to protect the public good [33]. For example, in the United States, the issue of consent in public health surveillance is circumvented by considering the latter as public health practice instead of research, thus exempting it from institutional review boards’ approval [34] and in most cases, of traditional informed consent requirements. Indeed, a participatory disease surveillance platform active in the United States, Flu Near You, received a waiver for informed consent [35]. However, this approach may not be the best solution for participatory disease surveillance where data are actively generated by participants, underscoring the urgent need to adapt the traditional model of informed consent more adequately to this type of surveillance system.

Informed consent in research was originally designed for studies involving a limited number of participants where it was practically and financially feasible for researchers to engage participants, provide details about the research, and obtain written informed consent before the beginning of the study [32]. A further problem with traditional informed consent is that it was designed to authorize the use of data only by those subjects and for those purposes according to which the data had been originally collected. It was, however, not intended to also cover retrospective research on samples or data. In the case of big data for surveillance of infectious diseases, which is often retrospective in nature (2 out of the 3 electronic data sources are medical encounter and nonhealth digital data) [12], obtaining traditional informed consent proves problematic, as it requires disclosing all potential risks of primary and retrospective research, but the latter are usually unknown at the time when data are collected [32].

There have been substantial efforts made by some Influenzanet national platforms at their outset to ensure some form of personal interaction with their participants to better explain the nature of the surveillance system. In 2003, the original Belgian/Dutch platform, called de Grote Griepmeting (ie, the Great Influenza Survey), received a lot of media attention, which led to the registration of tens of thousands of participants in 2003/2004. The participants’ age distribution from youth to the elderly and their wide geographic spread and different levels of education made de Grote Griepmeting more accurate and quicker to signal the onset of a flu epidemic than the general practitioners’ surveillance system organized by Netherlands Institute for Health Services Research (NIVEL). The Belgian/Dutch research team invited participants for an information, question and answer session, where they were provided with notes on the rationale of the survey questions to the flu survey study. Moreover, a forum was also created where participants could ask any remaining questions, and when specific virology questions were asked, consultation would follow with partners from the NIVEL and the National Institute for Health and Environment in the Netherlands. The team managed to answer all incoming questions from participants by email and during various local, national, and regional live radio interviews from people listening in. In 2009, the team started a public community on Facebook named De Grote Griepmeting–Influenzanet, where members would have their questions answered by the team. Such measures (ie, the information session and the team answering all additional questions received via email, through their forum, on the social platform Facebook, and during radio interviews) could be viewed as an equivalent solution to obtaining the informed consent of these participants (De Grote Griepmeting, email communication, April 3, 2018 and February 7, 2019).

The inadequacies of traditional informed consent have led to the development of many other ethically acceptable solutions. For instance, in retrospective research where risks are minimal, consent would not be necessary as long as the right to opt out and the right to be forgotten are preserved and enforced [36,37]. Alternatively, the requirement of informed consent upholds but is paired with waivers, which dispense researchers from requesting consent for secondary use of data, if the recontacting and reconsenting are unfeasible or would lead to nonrepresentative samples [38].

Another alternative to traditional informed consent is an extended version of consent, which is more suitable to public health/big data research, known as broad or general consent [2,32,39-41]. The key difference between traditional and broad or general consent is that data subjects provide their consent for entire classes of research [42]. This extended form of consent differs from blanket consent as data subjects do not give permission for any use of their data but rather define in broad terms the purposes of use [42]. Moreover, broad consent is only considered acceptable if 2 criteria are met. First, every new study needs to be approved by an REC or another competent entity [43]. Second, the right of participants to withdraw their consent at any time has to be maintained [32,44]. Despite the presence of these safeguards, consensus on whether broad consent can be considered truly informed is lacking [45-47]. The informative nature of broad consent rests on the assumption that autonomy is protected, as REC approval is necessary, and strategies to regularly update the data donor on ongoing opt-out opportunities are devised [48]. Furthermore, any modification to the research should automatically lead to reconsenting procedures [49]. However, broad consent cannot be entirely informed because of the unspecified nature of future research [48]. Although broad consent seems suitable for secondary uses in public health research involving digital communities of volunteer citizens or big data, it is uncertain whether broad consent represents the best solution in terms of respect for autonomy. Given the issues raised by broad consent and the fact that it requires initial face-to-face contact, seeking consent electronically could be an ethically satisfying alternative to traditional informed consent.

Electronic Consent, An Adaptation of Traditional Informed Consent

Electronic consent (e-consent) implies that participants give informed consent using an information technology (eg, digital technologies). In this sense, e-consent does not represent a new form of consent but simply an adaptation of informed consent to the electronic environment [50]. E-consent is currently being used in the Influenzanet Consortium and in similar participatory surveillance platforms such as Flu Tracking (Australia and New Zealand) as a valid form of consent for participants. Data subjects agree to the conditions, terms, and privacy policies when registering on their respective national platforms [16,51].

Although e-consent offers the substantial benefit of a tailored fit to the digital environment, it also has some inherent problems. A unique feature of internet-based research is the absence of personal interaction between researchers and participants, where researchers would traditionally be able to provide individually tailored information and answer any question participants might ask concerning the study and the collection of health data. Therefore, one of the major risks posed by e-consent is the provision of consent through automatic processes in the digital world, as parties are not directly involved. The provision of consent is rather based on a set of computer rules determining whether access to an individual’s data by researchers could be granted on reasonable grounds [50]. For this reason, it is possible that participants provide their consent without fully understanding—or even reading—the information, terms, and conditions that data collectors provide by simply clicking the relevant buttons in the digital forms [52]. We thus recommend that several precautions ought to be implemented when e-consent is obtained. For instance, e-consent should be designed in such a way that information is delivered through a simple PDF file where participants digitally put their signature (instead of clicking a button) to increase the likelihood of the document being read. Alternatively, other possibilities offered by information technology could be exploited to help verify participants’ understanding of the information provided during the e-consent process. These include tools such as the use of audio files, PowerPoint presentations, videos, pictures, or gamification (for instance, through quizzes and animation) [53].

Though the above recommendations could foster the informed nature of e-consent, the lack of personal interaction between study participants and researchers remains. Therefore, a properly implemented e-consent would be particularly beneficial in those studies where it is impossible to provide individual counseling and where the conditions, terms, and privacy policies would otherwise not be read [54,55]. In addition, one might even argue that participants are potentially less likely to consent under undue influence or constraints because of limited interaction with researchers. They can thus easily decline consent by signing out from the digital platforms whenever they feel the need to do so [52]. In this regard, e-consent increases the autonomy of participants.

Nonetheless, a further challenge raised by the absence of face-to-face contact is how to ensure that participants have the required legal capacity to legitimately give their e-consent after they electronically authenticate [52], because of the difficulty of verifying the participants’ identity. In this sense, even if measures were taken—such as quizzes or questionnaires—to ensure that participants have understood the research information, there would be little guarantee that those quizzes or study questionnaires are actually being completed by data subjects. A potential solution to this authentication issue could come from advances made in biometric identification technologies, commonly used for security purposes [52]. For instance, the use of face recognition technology [56] on computers and mobile phones or fingerprint recognition sensor in smartphones (eg, Touch ID by Apple Inc) could be used to verify the identity of participants throughout the process of e-consent. However, processing biometric data raises additional ethical and legal issues, in particular with respect to privacy. Biometric data, similar to genetic material, carries biological traits that are unique to data subjects and which could be easily used to reidentify them [57]. However, it must be noted that, although entailing sensitive personal information, the processing of biometric data can be lawful even without subjects’ consent if processing serves the public interest or scientific or statistical research purposes (eg, Article 9.2.(j) of the European General Data Protection Regulation, GDPR) [58]. Ethical concerns with respect to biometric data might also be mitigated if, for example, the gathered biometric information was stored locally on the participants’ computers or mobile devices and not transmitted to the research team or any third party.

In the case of multinational studies such as Influenzanet, an adequately implemented e-consent could consist of a standard informed consent information form [16], as a single PDF file, being delivered to participants at the time of their registration on the digital platform and followed by a new document each and every time new information is added on the single country websites. The information provided would have to be reader-friendly and succinctly summarized, thus nudging participants to read it thoroughly. Awareness of all potential ramifications because of their participation could be further improved through the provision of quiz questions. Grading of these quiz questions could then serve as a proxy to ensure adequate understanding of the informed consent information. This method has been employed at the Harvard Personal Genome Project (PGP) [59]. Participants were even provided with a study guide and were required to pass an enrollment test to be considered for the project. This additional burden to participation, which is justified for genetic research (genetic exceptionalism), should nonetheless remain minimal for Influenzanet to retain engagement of its participants. This is supported by the mildly sensitive nature of the gathered information and the low risks associated with this kind of surveillance. Indeed, the enrollment examination for the PGP was the main barrier to participation, with almost 60% of its users dropping out [59]. Digital signature of the consent form could also be a more personalized alternative, and it would also provide additional evidence on the identity of the participant, which altogether would enhance the informed nature of this e-consent procedure.


Epidemics forecasting studies and other public health research often gather useful and sensitive data on their participants, potentially interfering with their privacy. In the case of Influenzanet, protection of participants’ privacy is secured by data anonymization and the use of a centralized database [18].

One might argue that full anonymization is not necessary for some public health surveillance, as part of the collected data is only mildly sensitive (eg, age group and gender) and thus poses only a minor threat to the fundamental rights and the privacy of participants even in case of misuse [60]. However, even nonpersonal information could be used to reveal much more sensitive information on data subjects if the former is coupled with additional geographical information, which is often collected by public health surveillance systems [61]. For instance, 1 of the core functions of Influenzanet is to map cases of ILI for the identification of hotspots of influenza outbreaks to model disease progression and implement effective prevention strategies. This spatiotemporal dimension of collected health data can enhance the privacy-invasive nature of epidemics forecasting research such as Influenzanet [62]. The collection of sensor and usage data from smartphones adds additional behavioral and context information, which, as shown in related work [15], has the potential to improve forecasting and risk analysis. Despite these potential benefits, even apparently nonpersonal data, such as a list of installed apps, can be an additional risk to the participant’s privacy [63]. The Consortium took great care in protecting the privacy of its participants. In case of sensor data, information is processed directly on the user’s device and only transmitted to Influenzanet in anonymized and highly aggregated form [15]. Location information of reported cases is, for example, never mapped to the individual level but rather to the postal code level [17], with only the aggregate number of cases shown. Some platforms went even further by randomizing virtual locations around the center of a large number of postal code areas taken together (eg, the De Grote Griepmeting platform). The grouping of postal codes areas was paramount for better protection of the privacy of participants, for example, in the case of a single participant in a postal code area (De Grote Griepmeting, email communication, April 3, 2018).

However, with increasing technological capabilities to integrate and analyze health data with local data, there are risks of leakage of sensitive information concerning participants’ locations, which may lead to stigmatization of the particular locations as well as residents [62,64]. Even with full anonymization, cross-referencing of essential data gathered for epidemics research purposes (eg, sex, age, and medical conditions) with other databases could eventually lead to reidentification of data subjects [2,65]. For instance, 2 researchers showed it was feasible to reidentify individuals by matching a deidentified database on Netflix movie recommendations to available Web-based information (eg, Internet Movie Database) [66]. Hence, anonymization per se is not a sufficient measure to adequately protect privacy. The long life span of some anonymized datasets, which is often the case with epidemics forecasting studies, de facto increases the risks of reidentification and privacy breaches through repetitive data enrichment over time [54]. Consequently, reidentification should be considered a real risk for data subjects [2] even in case of anonymization. It is, thus, paramount to ensure ethical and accountable sharing of anonymized datasets between research institutions and to combine anonymization with other adequate data security measures to prevent misuse of data and unauthorized reidentification.


The concept of justice in research ethics is fully embodied by the policies of the Influenzanet Consortium as participation is free, open, voluntary, and nondiscriminative of any resident of the respective countries (except for Sweden, where some representativeness and comparison purposes are guaranteed by allowing participation through invitations only) [17]. This ensures a fair distribution of risks and benefits to all research participants and the public at large. If epidemics forecasting studies keep up with the high standards in terms of justice (ie, participation to the surveillance system is free, open, voluntary, and nondiscriminative) followed by the Influenzanet Consortium and similar platforms such as Flu Near You [35], the only remaining challenge would be dealing with those limitations on participation that are inherent to digital technologies. These limitations are commonly referred in the literature as the “ digital divide ” [2,67], and they concern both access to and proficiency with digital technologies. Access to digital technologies is also a product of many sociodemographic elements such as age, educational level of participants, ethnic groups, and their socioeconomic status [68,69]. This is reflected in the data collected by Influenzanet, which present an underrepresentation of younger age and elderly groups, an overrepresentation of the middle age group for both genders, and a higher educational level of participants in comparison with the general population [70]. In this respect, it could be claimed that epidemics forecasting studies such as Influenzanet are potentially empowering a more dynamic, informed societal group with a penchant for digital technology, whereas at the same time perpetuating the health inequalities between others [2]. However, it must also be stressed that public health surveillance benefits the public at large and not exclusively the participants. Public health surveillance, like biomedical research, is a public good, as the health benefits resulting from its interventions (based on knowledge generated from data subjects) are ultimately going to be shared with society [71]. In addition, the digital divide is decreasing annually, with technology becoming more and more pervasive [72]. Nevertheless, concerns about justice can be avoided only if results and disease prevention strategies are shared evenly and on a regular basis among all societal groups, something which the Influenzanet Consortium is promoting (eg, weekly national surveillance bulletins, regular press releases during the study, and radio broadcasting) [73,74]. Such regular results dissemination initiatives undeniably help in ensuring that expected benefits of research are shared more equally between societal groups. This could be further improved by granting access to more targeted and granular information on influenza activity to nonparticipants [74] under the concept of solidarity [75]. Such measures would allow a better protection of society as the spread of an influenza epidemic is an individual as well as a collective concern.


Influenzanet and similar systems are faced with multifocal ethical and legal issues. For the safeguard of data subjects, appropriate oversight and specific regulation might be needed in the future. Currently, such oversight is beyond the governance capacity of RECs, as technological advances outpace national regulatory frameworks and undermine the definitions of those concepts—such as “anonymization,” “encryption,” and “personally identifiable information” [55]—upon which RECs rely. However, RECs should be actively involved in the design and implementation of public health research involving digital communities of volunteer citizens or big data. These RECs need to act as safety nets to fill the gaps of the current regulatory framework, which often dates back to an era where modern computational and technological capabilities were not foreseeable [55]. In this perspective, we recommend RECs to undergo interdisciplinary capacity building in those innovative research methods through mutual exchange of information and training with citizen science experts, big data researchers, data scientists, ethicists, legal experts, and sociologists. This would allow the identification of ethical and legal grey zones. Stakeholders could further anticipate potential conflicting situations resulting from the enactment of new legislation. This appears even more urgent as we have entered the GDPR era. This regulation came into force in May 2018, to replace the EU Data Protection Directive 95/46/EC [1,76]. The GDPR tries to harmonize EU data protection laws with the goal of guaranteeing the same level of freedom and protection to EU citizens, while protecting personal data during cross-border sharing with international organizations and third countries [76]. This legislative reform is likely to have a considerable impact on consent requirements and exemptions from obtaining consent [1]. This could affect the expected benefits that big data can bring to society by increasing the regulatory burden on public health surveillance studies [1]. Furthermore, as stressed in the study by Mittelstadt, the GDPR classifies “data concerning health” as a “special category of personal data” [77]. As this category includes any personal data that reveals information on the health status (physical or mental) of participants [77], health-related information gathered from Influenzanet participants or similar epidemics forecasting studies might—until properly anonymized—fall in this special category. It is, thus, possible that detailed limitations to health data usage are imposed in the future because of the protective stance endorsed by the GDPR [77]. Therefore, interdisciplinary capacity building and acquaintance of RECs with this innovative and developing research field will be paramount to proactively ensure an adequate protection of data subjects while preventing the development of additional research barriers. Such barriers could undermine the excellent contribution to the preservation of public health made by epidemics forecasting systems such as Influenzanet.


We propose the following 4 components ethical framework to provide guidance on how to ensure an adequate ethical oversight of participatory disease surveillance systems while safeguarding participants’ privacy and eliminating barriers to the work of these surveillance platforms (Table 1).

Table 1. Ethical framework for the regulation of participatory disease surveillance systems.
PrincipleEthical componentConsiderations
Autonomy of participantsElectronic consentStandard, reader-friendly, and multilingual informed consent form with succinctly summarized information (eg, as a single PDF file) delivered at the time of registration and each time new information is added to the digital platforms


Informed nature of consent can be fostered through the provision of a few quiz questions to reduce the risk of participants simply “clicking through” the consent process


Require digital signature of the consent form to incentivize participants to read the information form and as evidence of their identity


Making participants aware of the fact that despite best effort to protect their privacy, the residual risk of a privacy leak cannot be ruled out
NonmaleficenceProtection of participants’ privacyAnonymization of participants’ data should be combined with other data security measures such as a highly protected centralized database for storage of participants’ data


Location data of participants should never be mapped to the individual level but rather to the postal code level to reduce the risk of reidentification in case of rare value entries


Sensor data from mobile phones should only be transmitted in anonymized and highly aggregated form


Ensure ethical and accountable sharing of anonymized datasets between research institutions to reduce reidentification risks for participants through database triangulation
JusticeAccess to information on disease activity and prevention strategiesFree, open, and nondiscriminative participation should be offered to members of the general public


Disease prevention strategies and results obtained through the participatory surveillance platforms should be disseminated on a regular basis to members of the public through various means
Beneficence and nonmaleficenceResearch ethics committees (RECs)Interdisciplinary capacity building of RECs is required to keep up with technological advances, thereby ensuring an adequate protection of data subjects


RECs should play a proactive role in the design and implementation of public health research involving digital communities of volunteer citizens


RECs should act as safety nets to prevent barriers to public health surveillance by identifying ethico-legal grey zones and anticipate potential conflicting situations resulting from the evolving legal landscape

Conclusions

In the developing field of participatory disease surveillance systems, the main ethical dilemma is how to ensure adequate protection of data subjects while at the same time obtaining the full benefits that public health surveillance directly involving digital communities of citizens could bring. In this complex situation, 1 of the key ethical safeguards proposed in our framework is a properly implemented e-consent. To pursue this objective, national platforms of the Influenzanet Consortium will put continuous effort in enhancing and adequately developing their e-consent procedures. Current e-consent procedures could be improved by providing standard, reader-friendly, multilingual information about the study, participants’ rights, the risks associated with their participation, and, in addition, a short series of quiz questions to verify proper understanding of the potential benefits and risks. Furthermore, requiring participants to digitally sign the Web-based consent form could both serve as a motivation for them to read properly the information provided and as a solution to allow personal identification. However, such additional burdens of participation need to remain minimal to ensure the sustainability of the platforms.

Acknowledgments

LDG, AM, TW, and BSE acknowledge the financial support provided by the Swiss National Science Foundation (SNF NRP-74 Smarter Health Care, grant number 407440_167356). The views expressed in this paper are those of the authors and not necessarily those of the funder. The authors would like to thank Ricardo Mexia for his contribution to the conceptualization of the manuscript. LDG thanks Christopher Poppe and Maddalena Favaretto for their help. OWM was affiliated with ETH Zurich, the Swiss Federal Institute of Technology when the work for the publication was carried out and is currently affiliated with Novartis Pharma AG.

Authors' Contributions

All authors (except PL) contributed to the conceptualization of this paper. All authors contributed to the writing, editing, and critical evaluation of the manuscript. They approved the submission of the final version of the manuscript.

Conflicts of Interest

DP, CK, CK, CG, MH, OWM, PL, and AF are members of the Influenzanet Consortium. MH is cofounder of coneno, a software development company which is working together with the Influenzanet consortium since December 2018 as a technology partner to develop a new open source Influenzanet platform to be launched in the future. The development of the new platform is, at its current state mostly driven by volunteer work and partly funded by ISI foundation (part of Influenzanet Consortium).

  1. Mostert M, Bredenoord AL, Biesaart MC, van Delden JJ. Big Data in medical research and EU data protection law: challenges to the consent or anonymise approach. Eur J Hum Genet 2016 Jul;24(7):956-960 [FREE Full text] [CrossRef] [Medline]
  2. Thiel MJ, Parkin J, Dratwa J, Halila R, Palazzani L, Górski A. Publications Office of the European Union. Luxembourg; 2016 Mar 18. The ethical implications of new health technologies and citizen participation   URL: https:/​/publications.​europa.eu/​en/​publication-detail/​-/​publication/​e86c21fa-ef2f-11e5-8529-01aa75ed71a1 [accessed 2017-10-01] [WebCite Cache]
  3. International Telecommunication Union. 2018 Dec 07. ITU releases 2018 global and regional ICT estimates   URL: https://www.itu.int/en/mediacentre/Pages/2018-PR40.aspx [accessed 2019-04-18] [WebCite Cache]
  4. Aitken M, Clancy B, Nass D. IQVIA. 2017 Nov 07. The Growing Value of Digital Health   URL: https://www.iqvia.com/institute/reports/the-growing-value-of-digital-health [accessed 2019-04-18] [WebCite Cache]
  5. Klingler C, Silva DS, Schuermann C, Reis AA, Saxena A, Strech D. Ethical issues in public health surveillance: a systematic qualitative review. BMC Public Health 2017 Apr 4;17:295 [FREE Full text] [CrossRef] [Medline]
  6. Chan EH, Brewer TF, Madoff LC, Pollack MP, Sonricker AL, Keller M, et al. Global capacity for emerging infectious disease detection. Proc Natl Acad Sci U S A 2010 Dec 14;107(50):21701-21706 [FREE Full text] [CrossRef] [Medline]
  7. Salathé M, Freifeld CC, Mekaru SR, Tomasulo AF, Brownstein JS. Influenza A (H7N9) and the importance of digital epidemiology. N Engl J Med 2013 Aug 1;369(5):401-404. [CrossRef] [Medline]
  8. Brownstein JS, Freifeld CC, Madoff LC. Digital disease detection--harnessing the web for public health surveillance. N Engl J Med 2009 May 21;360(21):2153-5, 2157 [FREE Full text] [CrossRef] [Medline]
  9. Centers for Disease Control and Prevention. 2010 Jul 29. Distinguishing public health research and public health nonresearch   URL: https:/​/www.​cdc.gov/​od/​science/​integrity/​docs/​cdc-policy-distinguishing-public-health-research-nonresearch.​pdf [accessed 2019-04-18] [WebCite Cache]
  10. Smolinski MS, Crawley AW, Olsen JM, Jayaraman T, Libel M. Participatory disease surveillance: engaging communities directly in reporting, monitoring, and responding to health threats. JMIR Public Health Surveill 2017 Oct 11;3(4):e62 [FREE Full text] [CrossRef] [Medline]
  11. Salathé M, Bengtsson L, Bodnar TJ, Brewer DD, Brownstein JS, Buckee C, et al. Digital epidemiology. PLoS Comput Biol 2012 Jul 26;8(7):e1002616 [FREE Full text] [CrossRef] [Medline]
  12. Bansal S, Chowell G, Simonsen L, Vespignani A, Viboud C. Big data for infectious disease surveillance and modeling. J Infect Dis 2016 Dec 1;214(suppl_4):S375-S379 [FREE Full text] [CrossRef] [Medline]
  13. Lazer D, Kennedy R, King G, Vespignani A. The parable of Google Flu: traps in big data analysis. Science 2014 Mar 14;343(6176):1203-1205. [CrossRef] [Medline]
  14. European Commission. 2014 Nov 27. EPIWORK: Ebola forecasting uses model developed by EU project   URL: https:/​/ec.​europa.eu/​programmes/​horizon2020/​en/​news/​epiwork-ebola-forecasting-uses-model-developed-eu-project [accessed 2018-06-01] [WebCite Cache]
  15. Hirsch M, Woolley-Meza O, Paolotti D, Flahault A, Lukowicz P. grippeNET App: Enhancing Participatory Influenza Monitoring Through Mobile Phone Sensors. : ACM; 2018 Oct 8 Presented at: The ACM International Joint Conference and International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers; October 08-12, 2018; Singapore p. 833-841. [CrossRef]
  16. Geneviève LD, Wangmo T, Dietrich D, Woolley-Meza O, Flahault A, Elger BS. Research ethics in the European Influenzanet Consortium: scoping review. JMIR Public Health Surveill 2018 Oct 10;4(4):e67. [Medline]
  17. Koppeschaar CE, Colizza V, Guerrisi C, Turbelin C, Duggan J, Edmunds WJ, et al. Influenzanet: citizens among 10 countries collaborating to monitor influenza in Europe. JMIR Public Health Surveill 2017 Sep 19;3(3):e66 [FREE Full text] [CrossRef] [Medline]
  18. Paolotti D, Carnahan A, Colizza V, Eames K, Edmunds J, Gomes G, et al. Web-based participatory surveillance of infectious diseases: the Influenzanet participatory surveillance experience. Clin Microbiol Infect 2014 Jan;20(1):17-21 [FREE Full text] [CrossRef] [Medline]
  19. Simonsen L, Gog JR, Olson D, Viboud C. Infectious disease surveillance in the big data era: towards faster and locally relevant systems. J Infect Dis 2016;214(suppl_4):S380-S385. [Medline]
  20. van Noort SP, Codeço CT, Koppeschaar CE, van Ranst M, Paolotti D, Gomes MG. Ten-year performance of Influenzanet: ILI time series, risks, vaccine effects, and care-seeking behaviour. Epidemics 2015 Dec;13:28-36 [FREE Full text] [CrossRef] [Medline]
  21. Friesema IH, Koppeschaar CE, Donker GA, Dijkstra F, van Noort SP, Smallenburg R, et al. Internet-based monitoring of influenza-like illness in the general population: experience of five influenza seasons in The Netherlands. Vaccine 2009 Oct 23;27(45):6353-6357. [CrossRef] [Medline]
  22. Debin M, Colizza V, Blanchon T, Hanslik T, Turbelin C, Falchi A. Effectiveness of 2012-2013 influenza vaccine against influenza-like illness in general population: estimation in a French web-based cohort. Hum Vaccin Immunother 2014 Mar 1;10(3):536-543 [FREE Full text] [Medline]
  23. Boiron K, Sarazin M, Debin M, Raude J, Rossignol L, Guerrisi C, et al. Opinion about seasonal influenza vaccination among the general population 3 years after the A(H1N1)pdm2009 influenza pandemic. Vaccine 2015 Nov 27;33(48):6849-6854. [Medline]
  24. Debin M, Turbelin C, Blanchon T, Bonmarin I, Falchi A, Hanslik T, et al. Evaluating the feasibility and participants' representativeness of an online nationwide surveillance system for influenza in France. PLoS One 2013 Sep 11;8(9):e73675 [FREE Full text] [CrossRef] [Medline]
  25. Vayena E, Mastroianni A, Kahn J. Ethical issues in health research with novel online sources. Am J Public Health 2012 Dec;102(12):2225-2230. [CrossRef] [Medline]
  26. Myers J, Frieden T, Bherwani K, Henning K. Ethics in public health research: privacy and public health at risk: public health confidentiality in the digital age. Am J Public Health 2008 May;98(5):793-801. [CrossRef] [Medline]
  27. World Health Organization. WHO Guidelines on Ethical Issues in Public Health Surveillance. Geneva: World Health Organization; 2017.
  28. Salerno J, Knoppers BM, Lee LM, Hlaing WM, Goodman KW. Ethics, big data and computing in epidemiology and public health. Ann Epidemiol 2017 May;27(5):297-301. [CrossRef] [Medline]
  29. Vayena E, Salathé M, Madoff LC, Brownstein JS. Ethical challenges of big data in public health. PLoS Comput Biol 2015 Feb 9;11(2):e1003904 [FREE Full text] [CrossRef] [Medline]
  30. Woolley JP. How data are transforming the landscape of biomedical ethics: the need for ELSI metadata on consent. In: Mittelstadt B, Floridi L, editors. The Ethics of Biomedical Big Data. Cham: Springer; 2016:171-197.
  31. Quinn SC. Ethics in public health research: protecting human subjects: the role of community advisory boards. Am J Public Health 2004 Jun;94(6):918-922. [Medline]
  32. Elger BS, Caplan AL. Consent and anonymization in research involving biobanks: differing terms and norms present serious barriers to an international framework. EMBO Rep 2006 Jul;7(7):661-666 [FREE Full text] [CrossRef] [Medline]
  33. Ploug T, Holm S. Meta consent–a flexible solution to the problem of secondary use of health data. Bioethics 2016;30(9):721-732 [FREE Full text] [CrossRef] [Medline]
  34. Otto JL, Holodniy M, DeFraites RF. Public health practice is not research. Am J Public Health 2014 Apr;104(4):596-602. [CrossRef] [Medline]
  35. Smolinski MS, Crawley AW, Baltrusaitis K, Chunara R, Olsen JM, Wójcik O, et al. Flu near you: crowdsourced symptom reporting spanning 2 influenza seasons. Am J Public Health 2015 Oct;105(10):2124-2130. [CrossRef] [Medline]
  36. Olsen J. Meta consent - a workable procedure in the area of Big Data? Br Med J 2015 Jun 1;350:h2146 [FREE Full text] [CrossRef]
  37. Elger B, Mauron A. A presumed-consent model for regulating informed consent of genetic research involving DNA banking. In: Knoppers BM, editor. Populations and Genetics: Legal Socio-Ethical Perspectives. Leiden: Martinus Nijhoff; 2003:269-295.
  38. Gefenas E, Dranseika V, Cekanauskaite A, Serepkaite J. Research on human biological materials: what consent is needed, and when. In: Lenk C, Sándor J, Gordijn B, editors. Biobanks and Tissue Research: The Public, the Patient and the Regulation. Dordrecht: Springer; 2011:95-110.
  39. Ioannidis JP. Informed consent, big data, and the oxymoron of research that is not research. Am J Bioeth 2013;13(4):40-42. [CrossRef] [Medline]
  40. Colledge F, Elger BS. Impossible, impractical, and non-identifiable? New criteria regarding consent for human tissue research in the Declaration of Helsinki. Biopreserv Biobank 2013 Jun;11(3):149-152. [CrossRef] [Medline]
  41. Colledge F, Persson K, Elger B, Shaw D. Sample and data sharing barriers in biobanking: consent, committees, and compromises. Ann Diagn Pathol 2014 Apr;18(2):78-81. [CrossRef] [Medline]
  42. Helgesson G. In defense of broad consent. Camb Q Healthc Ethics 2012 Jan;21(1):40-50. [CrossRef] [Medline]
  43. Hansson MG, Dillner J, Bartram CR, Carlson JA, Helgesson G. Should donors be allowed to give broad consent to future biobank research? Lancet Oncol 2006 Mar;7(3):266-269. [CrossRef] [Medline]
  44. Elger B. Withdrawal of consent and destruction of samples. In: Elger B, Biller-Andorno A, Mauron A, Capron AM, editors. Ethical Isues in Governing Biobanks: Global Perspectives. London: Ashgate; 2008:131-166.
  45. Sheehan M. Can broad consent be informed consent? Public Health Ethics 2011 Nov;4(3):226-235. [CrossRef] [Medline]
  46. Elger B. Consent and use of samples. In: Elger B, Biller-Andorno N, Mauron A, Capron AM, editors. Ethical Issues in Governing Biobanks: Global Perspectives. London: Ashgate; 2008:57-88.
  47. Elger B. Consent to research involving human biological samples obtained during medical care. In: Elger B, Biller-Andorno N, Mauron A, Capron AM, editors. Ethical Issues in Governing Biobanks: Global Perspectives. London: Ashgate; 2008:89-120.
  48. Steinsbekk KS, Myskja BK, Solberg B. Broad consent versus dynamic consent in biobank research: is passive participation an ethical problem? Eur J Hum Genet 2013 Sep;21(9):897-902 [FREE Full text] [CrossRef] [Medline]
  49. Steinsbekk KS, Solberg B. Biobanks - when is re-consent necessary? Public Health Ethics 2011 Nov 2;4(3):236-250. [CrossRef]
  50. Coiera E, Clarke R. e-Consent: the design and implementation of consumer consent mechanisms in an electronic environment. J Am Med Inform Assoc 2004;11(2):129-140. [Medline]
  51. FluTracking. About Flutracking   URL: https://www.flutracking.net/Join [accessed 2019-01-24] [WebCite Cache]
  52. Grady C, Cummings SR, Rowbotham MC, McConnell MV, Ashley EA, Kang G. Informed consent. N Engl J Med 2017;376(9):856-867. [CrossRef] [Medline]
  53. Simon CM, Klein DW, Schartz HA. Traditional and electronic informed consent for biobanking: a survey of U.S. biobanks. Biopreserv Biobank 2014 Dec;12(6):423-429. [CrossRef] [Medline]
  54. Metcalf J, Crawford K. Where are human subjects in big data research? The emerging ethics divide. Big Data Soc 2016 Jun 17;3(1):1-14. [CrossRef]
  55. Tene O, Polonetsky J. Big data for all: privacy and user control in the age of analytics. Nw J Tech Intell Prop 2013;11(5):240-273 [FREE Full text]
  56. Voth D. Face recognition technology. IEEE Intell Syst 2003 May;18(3):4-7. [CrossRef] [Medline]
  57. Alterman A. "A piece of yourself'': ethical issues in biometric identification. Ethics Inf Technol 2003;5(3):139-150 [FREE Full text] [CrossRef]
  58. EUR-Lex. 2016 Apr 27. Regulation (EU) 2016/679 of the European Parliament and of the Council   URL: https:/​/eur-lex.​europa.eu/​legal-content/​EN/​TXT/​?uri=uriserv:OJ.​L_.​2016.​119.​01.​0001.​01.​ENG&toc=OJ:L:2016:119:TOC [accessed 2018-06-03] [WebCite Cache]
  59. Ball MP, Bobe JR, Chou MF, Clegg T, Estep PW, Lunshof JE, et al. Harvard Personal Genome Project: lessons from participatory public research. Genome Med 2014 Feb 28;6(2):10 [FREE Full text] [CrossRef] [Medline]
  60. Article 29 Data Protection Working Party. 2011 Apr 4. Advice paper on special categories of data (“sensitive data”)   URL: https:/​/ec.​europa.eu/​justice/​article-29/​documentation/​other-document/​files/​2011/​2011_04_20_letter_artwp_mme_le_bail_directive_9546ec_annex1_en.​pdf [accessed 2019-04-19] [WebCite Cache]
  61. Zwitter A. Big data ethics. Big Data Soc 2014 Nov 20;1(2):1-6. [CrossRef]
  62. Ölvingson C, Hallberg J, Timpka T, Lindqvist K. Ethical issues in public health informatics: implications for system design when sharing geographic information. J Biomed Inform 2002 Jun;35(3):178-185 [FREE Full text] [Medline]
  63. Welke P, Andone I, Blaszkiewicz K, Markowetz A. Differentiating Smartphone Users by App Usage. 2016 Presented at: UBICOMP'16; September 12-16, 2016; Heidelberg, Germany p. 519-523. [CrossRef]
  64. Vicente CR, Freni D, Bettini C, Jensen CS. Location-related privacy in geo-social networks. IEEE Internet Comput 2011 May;15(3):20-27. [CrossRef]
  65. Mello MM, Francer JK, Wilenzick M, Teden P, Bierer BE, Barnes M. Preparing for responsible sharing of clinical trial data. N Engl J Med 2013 Oct 24;369(17):1651-1658. [Medline]
  66. Narayanan A, Shmatikov V. Robust De-anonymization of Large Sparse Datasets. 2008 Presented at: IEEE Symposium on Security and Privacy; May 18-22, 2008; Oakland, CA, USA p. 111-125. [CrossRef]
  67. van Dijk J, Hacker K. The digital divide as a complex and dynamic phenomenon. Informa Soc 2003;19(4):315-326. [CrossRef]
  68. Friemel TN. The digital divide has grown old: determinants of a digital divide among seniors. New Media Soc 2014 Jun 12;18(2):313-331. [CrossRef]
  69. Kontos E, Blake KD, Chou WS, Prestin A. Predictors of eHealth usage: insights on the digital divide from the Health Information National Trends Survey 2012. J Med Internet Res 2014;16(7):e172 [FREE Full text] [CrossRef] [Medline]
  70. Cantarelli P, Debin M, Turbelin C, Poletto C, Blanchon T, Falchi A, et al. The representativeness of a European multi-center network for influenza-like-illness participatory surveillance. BMC Public Health 2014 Sep 20;14:984 [FREE Full text] [CrossRef] [Medline]
  71. Schaefer GO, Emanuel EJ, Wertheimer A. The obligation to participate in biomedical research. J Am Med Assoc 2009 Jul 1;302(1):67-72. [Medline]
  72. International Telecommunication Union. Geneva, Switzerland: ITU; 2017 Jul. ICT FACTS AND FIGURES 2017   URL: https://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2017.pdf [accessed 2019-04-19] [WebCite Cache]
  73. Perrotta D, Bella A, Rizzo C, Paolotti D. Participatory online surveillance as a supplementary tool to sentinel doctors for influenza-like illness surveillance in Italy. PLoS One 2017 Jan;12(1):e0169801 [FREE Full text] [CrossRef] [Medline]
  74. Guerrisi C, Turbelin C, Blanchon T, Hanslik T, Bonmarin I, Levy-Bruhl D, et al. Participatory syndromic surveillance of influenza in Europe. J Infect Dis 2016 Dec 1;214(suppl_4):S386-S392. [CrossRef] [Medline]
  75. Dawson A, Jennings B. The place of solidarity in public health ethics. Public Health Rev 2012 Jun 12;34(1):65-79. [CrossRef]
  76. Preite F, Salardi S, Gesuita R, Villani S, Trerotoli P, Guardabasso V, et al. The new European regulation on personal data protection: significant aspects for data processing for scientific research purposes. Epidemiol Biostat Public Health 2017;14(2):e12286-1-e1228613. [CrossRef]
  77. Mittelstadt B. Designing the health-related internet of things: ethical principles and guidelines. Information 2017;8(3):77. [CrossRef]


e-consent: electronic consent
EISN: European Influenza Surveillance Network
EU: European Union
GDPR: General Data Protection Regulation
GFT: Google Flu Trends
ILI: influenza-like illness
NIVEL: Netherlands Institute for Health Services Research
PGP: Personal Genome Project
REC: research ethics committee


Edited by G Eysenbach; submitted 20.09.18; peer-reviewed by A Crawley, S Barteit, J Duggan; comments to author 08.01.19; revised version received 08.03.19; accepted 29.03.19; published 23.05.19

Copyright

©Lester Darryl Geneviève, Andrea Martani, Tenzin Wangmo, Daniela Paolotti, Carl Koppeschaar, Charlotte Kjelsø, Caroline Guerrisi, Marco Hirsch, Olivia Woolley-Meza, Paul Lukowicz, Antoine Flahault, Bernice Simone Elger. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 23.05.2019.

This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on http://www.jmir.org/, as well as this copyright and license information must be included.