Data Privacy and Ethics
What does JATOS store?
Data privacy is a critical issue in online studies. You should be careful when collecting, storing and handling data, regardless of which platform you use to run your studies.
We developed JATOS with data privacy in mind, preventing any breaches of the standard ethical principles in research. However, ultimately you are responsible for the data you collect and what you do with it.
(copyright 2006 John klossner, www.jklossner.com)
Here are a few advantages and limitations of JATOS with regards to data privacy. Please read them carefully before you run any study, and please contact us if you find that these are not sufficient, or have suggestions for improvement.
JATOS' main advantage is that you can store your participants' data in your own server, and not in a commercial server like Amazon or Qualtrics. This means that you have full control over the data stored in your database, and no commercial company has access to it. JATOS does not share any data (except of course during a study run with the participant's browsers). Each JATOS installation is completely independent of any other JATOS installation.
By default, JATOS stores the following data:
- time (of the server running JATOS) at which the study -and each of its components- was started and finished
- the worker type (MTurk, General single, Personal multiple, etc)
- in cases of MTurk workers, the confirmation code AND the MTurk worker ID. In these cases, if an MTurk worker participated in two of your studies, running in the same JATOS instance, you will be able to associate the data across these two studies. This is an important issue: MTurk workers might not be aware that you are the same researcher, and will not know that you have the chance to associate data from different studies. The best way to avoid this is to export all your study's data and delete it from the JATOS database once you are done with it. In this way, JATOS won't know that a worker already participated in another study and will create a new worker ID for them.
JATOS will not store information like IP address or browser type (or any other HTTP header field).
Things you should consider in your studies
You should consider to add some button in your study pages to abort the study. Some ethics demand that any participant should have the right to withdraw at any time, without explanation. In this case all data of the participant gathered during the study should be deleted. Conveniently jatos.js offers the functions jatos.abortStudy and jatos.addAbortButton that do exactly that.
Use encryption with your server instance. Only with encryption no one else in the internet can read the private data from your study's participants.
Bear in mind: Every file within your study assets folders is public to the Internet. Anybody can in principle read any file in this folder, regardless of how secure your server is. Thus, you should never store any private data, such as participants' details in the study assets folders.
Do not store private information in the Batch Session or Group Session. Both sessions are shared between all members of a batch or group respectively. If you store private data any other member of this batch or group could potentially access it. Since the Study Session is only shared within the same study run it is not a problem to store private information there.
Cookies used by JATOS
Sometimes it is neccessary to specify which cookies are stored in a participants browser. JATOS knows three types of cookies and only two of them are stored in a participants browser.
1. Up to ten JATOS ID cookies with cookie name JATOSIDS ( can be a number from 0 to 9)
These cookies store values about each study run. JATOS allows up to 10 study runs in parallel per browser - therefore there are up to 10 JATOS ID cookies.
All IDs are used only by JATOS internally and do not allow the identification of the worker.
The cookie virtually never expires (actually far in the future, around the year 2086).
This cookie contains these parameters:
- studyId: identifier of the study
- batchId: identifier of the batch
- componentId: identifier of the component
- componentPos: position of the component within the study
- workerId: identifier of the worker used internally to identify the worker anonymously
- workerType: there are 5 worker types with different use cases in JATOS
- componentResultId: identifier of the component result (a component result is used to store data of the component run)
- studyResultId: identifier of the study result (a study result is used to store data of this study run)
- groupResultId: identifier of the group this worker belongs to (null if it isn't a group study)
- creationTime: timestamp (epoch time) of this cookie's creation
- studyAssets: name of the directory where the study's assets are stored on the JATOS server
- jatosRun: State of a study run with a JatosWorker. If this run doesn't belong to a JatosWorker this field is null. It's mainly used to distinguish between a full study run and just a component run.
2. Cookie JATOS_GENERALSINGLE_UUIDS
This cookie is used by JATOS to store which study runs with a General Single worker already happened in this browser. It only stores a list of IDs that universally identifies a study (UUID).
3. Play Framework session cookie named PLAY_SESSION
This cookie is used only by JATOS' GUI and provides session and user info. It is not set during a study run and therefore does not store any worker related information.
The cookie's expires header field is set to Session, which mean that after the browser is closed the cookie will be deleted.
This cookie contains the parameters:
- username: username of the logged-in user (often an email)
- sessionID: Play's session ID
- loginTime: user's login time in the GUI as a timestamp
- lastActivityTime: user's last activity time in the GUI as a timestamp
Additionally Play stores a hash of the whole cookie's data to check integrity of the cookie's data.