A more detailed discussion of the n

A more detailed discussion of the necessary elements of a privacy policy can be found in Section 2.3 of
The ESOMAR Guideline for Online Research. Appendix 2 of that document also contains an example
policy.
Where the privacy policy is to be delivered via a mobile device researchers must also recognise that space
limitations on the screen of many mobile devices make it difficult to display a full privacy policy and provide
a solution that minimises cost while maximising convenience in accessing the relevant information.
Strategies may vary but one solution is a layered hypertext document with a concise top level statement on
how privacy will be protected and data used, a second level general introduction that describes the purpose
and general principles and a third detailed section covering all aspects of how the researcher treats
personal data.
Participants must also be informed of the law(s) under which the data are being collected. In the EU,
ESOMAR requires the researcher collecting the data (the data controller) to comply with the law of the
country where they are established and, if collecting data in several countries, also to comply with the laws
of those countries in which research is taking place. Where it is possible to know the participants’ country of
residence, researchers should follow the legal requirements of that country noting that requirements in the
EU are not exactly the same, for example, both Germany and Italy have stricter requirements than other
member states. EU law in this area is still being clarified and ESOMAR will monitor developments.
With all of these issues ESOMAR’s advice to researchers is to consider the participant’s point of view and
that, in participating in research, people will assume that the legal requirements of their own country will be