Applying for Ethics Review

Certain funding agencies require that projects undergo ethics review. Those projects must be submitted for review before the activities raising ethical issues begin. Additionally, CIREP strongly recommends applying for ethics review in the following situations:

  • when the project involves vulnerable participants, sensitive issues, and/or special categories of personal data (see below); 
  • when the project involves significant risks for participants, researchers, the environment, or society; 
  • when the results are to be published in journals that require evidence that the project has been reviewed by an ethics committee.

CIREP reviews research projects involving human beings or personal data with the exception of biomedical or clinical studies. For biomedical or clinical research projects, contact CEIm. For research projects involving animals, contact CEEA-PRBB. Furthermore, CIREP does not review projects that have already been completed or are underway. 

CIREP does not review research projects retroactively. Therefore, you must apply for review before the activities raising ethical issues (typically, recruiting participants, collecting new data, or processing secondary data) begin. For a project to be discussed at a given meeting, it should be submitted at least 5 weeks in advance. Check out the meeting calendar.

Only UPF faculty members and postdoctoral researchers can submit an application for review.

PhD students are not required to apply for ethical approval. However, they can apply if they know that they will need ethical clearance to publish their research project or to ensure that their methods follow appropriate ethical guidelines in their research area.

If they choose to submit an application to CIREP, students should work closely with their advisors to prepare the required documentation, and it is the advisor who should sign the application. Please note that PhD thesis may not need to be reviewed if they are part of a larger project that obtained ethical clearance previously.

CIREP does not review research projects retroactively. Thus, researchers need to apply for ethical review before they start recruiting participants, collecting new data, or processing secondary data. 

CIREP does not review research projects retroactively. Thus, researchers need to apply for ethical review before they start recruiting participants, collecting new data, or processing secondary data. 

In case of collaborative projects not led by UPF, CIREP can waive the review requirement if the lead partner has already obtained approval from their institution’s ethics committee and the UPF researchers commit to following the established protocol. To obtain a review waiver letter, email [email protected].

We will be happy to help you complete your application or answer any questions you may have. Before reaching out to CIREP staff, please complete the online training and familiarize yourself with the application forms. In addition, we have a protocol library containing protocol forms of projects recently approved by CIREP at your disposal. You can reach us via email ([email protected]) or by phone (93 542 21 86) to request assistance or access to the protocol library.

 

 

The Review Process

Ideally, the review process should take around six or seven weeks from the moment the application is registered to its approval. However, the duration is affected by a variety of factors. The average length of the review process is twelve weeks. 

The review process from receipt to approval is described here

The integrated review includes requirements and/or recommendations that you need to address before your application can be approved. You should modify your application materials as requested by the Committee. We ask that you use a different font color or the track changes function to indicate the changes that you introduce. Additionally, you should include responses to the requirements in the integrated review document. The requirements are justified and stated clearly. However, if you have any doubts, you can contact us at [email protected] for clarification. 

Revised applications are typically reviewed within one week upon receipt. If all the points raised by the Committee have been addressed satisfactorily, the project is approved. In some cases, the revised application needs to be discussed by the whole Committee in a meeting and/or other rounds of revisions may be necessary.

You will receive notifications when your application is received and registered and when an integrated review is ready for you. To inquire about the status of your application during the review process, you can email us at [email protected]

At the end of the review process you will receive a certificate of ethics clearance issued by CIREP. If your project involves personal data processing, you will also receive a certificate of compliance with applicable data protection regulations signed by UPF’s Data Protection officer. 

 

 

Obtaining Informed Consent

Obtaining consent from participants is a basic principle of research ethics. As a general rule, you should always seek and document consent from those people who will contribute to your studies. Consent can only be waived in very exceptional cases. 

The use of social media data poses certain ethical challenges. While it may appear to be publicly available, social media data is created by and belongs to real people who could be harmed by being unknowingly included in a study. In addition, the fact that some people choose to make their social media accounts public does not give researchers a free hand in using their data. Users’ reasonable expectations of privacy should be considered. In addition, one should consult the platform’s terms and conditions to verify that the research plans do not violate them.

As a general rule, you should always seek consent from those people who will contribute to your studies. If there are important obstacles that prevent you from obtaining consent, please contact us at [email protected] before you prepare your application.

When the participants recruited for the research project are unable to consent (be it due to their age or other characteristics or circumstances), consent from their parents or legal guardians must be obtained. Note that researchers are responsible for providing ways to ensure that they also obtain the assent of participants who lack the capacity to provide legal consent, even when somebody else is providing the legal consent. 

Minors over 14 can legally provide consent to having their personal data processed, but it is recommended that both their consent and their parents or legal guardians’ are obtained.

 

 

Personal Data Processing

“Personal data” is defined as any information that relates to an identified or identifiable living individual. To determine whether a person is identifiable one must consider the foreseeable technological evolution and the possible combination with other data by the investigator or third parties. That includes both identifying data (first and last names, home address, etc.) and any other type of data that, on its own or combined with other types of data, can be used to identify persons (images; voice recordings; physiological, economic, cultural, demographic, social data, etc.).

When processing personal data, researchers must comply with the European General Data Protection Regulation (GDPR) and with the applicable national legislation. Among other aspects, GDPR requires that researchers collect and process only the amount and types of data necessary to carry out their research project (data minimization principle); that participants are informed about the way their data will be processed and about their rights; or that appropriate security measures are established to avoid data leaks or unauthorized access to the data. 

Personal data revealing a natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data, or data concerning health, a person’s sex life, or sexual orientation are considered special categories of data. 

More legal constraints apply when processing special categories of personal data. Thus, special categories of personal data should not be processed unless indispensable and stricter security measures must be implemented. 

 

Even if you do not save participants’ names or contact information, if the data you collect, alone or in combination with other data sources, may still allow you or others to identify the participants, then you are processing personal data. 

Please note that, even if a dataset is considered to not contain personal data at a point in time, that may change later due to the increasing amount of information accessible through the Internet and the expanding capabilities of new algorithms such as AI. 

Anonymization is a process that completely removes the possibility of identifying participants. After anonymization, it is impossible to determine to whom the data refers.

Pseudonymization, by contrast, is a reversible process. Typically, a numeric or alphanumeric code is assigned to each participant, and a correspondence table the codes to the identifying data is stored separately. The pseudonymized dataset must not contain identifying data, but the identities of the participants can be easily recovered by combining the experimental dataset with the correspondence table, which must be stored under higher security measures in order to reduce the risks associated with processing the pseudonymized dataset. 

To learn more:

 

A DPIA is necessary when your project involves data processing that meets at least two of the criteria described here.

 

 

Funding Agencies' Ethics Requirements

Some funding agencies require that you complete an ethics issues table and discuss the relevant issues in an ethics self-assessment. If you need help preparing this component or your proposal, send us an email to [email protected] and share your proposal with us. We can help you determine which issues apply in your project and assess how best to deal with them. 

We will be happy to help you address the points raised in the ethics report. Send us the report and your proposal at [email protected]

 

 

Other

If you need to introduce changes to a protocol approved by CIREP, please notify the Committee at [email protected] by resubmitting the approved documents with the changes you would like to introduce clearly marked. You should notify your intention to introduce changes before you actually implement them.

If you would like to learn more about research ethics or personal data protection, you can enroll in our self-paced online training by clicking here.

If you would like to organize a workshop or talk for your students, research group, or department, contact us at [email protected]

Contact us via email ([email protected]) or by phone (93 542 21 86). You can also stop by the Research Service office (23.002) on Tuesdays, Wednesdays, or Fridays. If you want to make sure that we will be available, please email us to make an appointment, but walk-ins are also possible.