ICC (the International Chamber of Commerce) is the world’s largest business organization with a network of over 6.5 million members in more than 130 countries.

ESOMAR is the global voice of the data, research and insights community, speaking on behalf of over 4900 individual professionals and 500 companies who provide or commission data analytics and research in more than 130 countries, all of whom agree to uphold the ICC/ESOMAR International Code.

Preface

Throughout its history market, opinion and social research has delivered information and insights about people’s behaviour, needs and attitudes to inform decision making by providers of goods and services, governments, individuals and society at large. In doing so researchers relied primarily on data collected through direct interaction with and observation of participating individuals, while placing a strong focus on safeguarding their privacy. This focus has been at the core of our profession’s successful history of self-regulation.

The world is changing and it is imperative that we change with it.

Over about the last 20 years we have seen a digital revolution – dramatic increases in the ability to collect, store and process information, the global Internet, social media, mobile technology – that is radically changing the way people live and work.

As a result, research is being transformed with increasing reliance on data already available in digital form. The role of the researcher is evolving from interviewer to data curator, focusing more on organising and integrating data, much of which already exists. The research and insight function is extending beyond data collection and analysis to managing and synthesising data from a diverse range of sources, from focus groups and sample surveys to social media and large databases.

This revision of the ICC/ESOMAR Code takes account of the impact of these new technologies on the research profession. The inclusion of data analytics in the title recognises that the proliferation of data has resulted in an entirely new approach to research within our profession wherein researchers assemble and analyse large databases to uncover patterns in the data and deliver powerful new insights to clients. Data analytics can be used for other purposes, but when used for research, this Code applies.

One thing that has not changed is our reliance on the cooperation of the public and their confidence that research is carried out honestly and objectively without infringing their privacy or creating disadvantages for those whose data is used in research.

With increasing public concerns about the importance of individuals being able to control how their personal data is used and for what purpose comes a pressing need for clear ethical and professional guidance on how to handle that data responsibly. It is more important than ever before to maintain public confidence in research and to continue to demonstrate our recognition of the ethical, professional and social responsibilities that come with using people’s personal data.

ICC and ESOMAR are delighted to present this latest revision of the Code, one that we believe will continue to promote high standards of ethical behaviour and reinforce public confidence in research. We recommend use of this Code worldwide.

John Danilovich, Secretary General of ICC

Finn Raben, Director General of ESOMAR

Introduction

ESOMAR published the first Code of Marketing and Social Research Practice in 1948. In subsequent years, a number of national bodies published their own codes.

In 1976, ESOMAR and ICC – who had a related international code stemming from their Global Marketing and Advertising Code of Conduct – agreed that it would be preferable to have a single international code. A joint ICC/ESOMAR Code was published the following year. This 1977 code was revised and updated in 1986, 1994 and, most recently, in 2007. More than 60 associations in over 50 countries have adopted or endorsed it.

Purpose and scope

This Code is designed to be a comprehensive framework for self-regulation for those engaged in market, opinion and social research and data analytics. It sets essential standards of ethical and professional conduct designed to maintain public confidence in research, while also requiring strict adherence to any relevant regional, national and local laws or regulations, and industry/professional codes of conduct that may set a higher standard. It ensures that researchers and analysts working with both traditional and new sources of data continue to meet their ethical, professional and legal responsibilities to the individuals whose data they use in research and to the clients and organisations they serve. It also is intended to safeguard the right of researchers to seek, receive and impart information as stated in Article 19 of the United Nations International Covenant on Civil and Political Rights.

This Code applies to all research worldwide. Acceptance and observance of the Code is mandatory for ESOMAR members and the members of other research associations that have adopted it.

Interpretation

This Code is to be applied in the spirit in which it was written as well as to the letter. It should be read in conjunction with other relevant ICC and ESOMAR codes, guidelines, principles, and framework interpretations intended to apply the Code in the context of specific research methods and applications. These and other similar documents are available at www.iccwbo.org and www.esomar.org.

Throughout this document the word “must” is used to identify mandatory requirements, that is, a principle or practice that researchers are obliged to follow. The word "should" is used when describing implementation and denotes a recommended practice.

Definitions

For the purpose of this Code the following terms have this specific meaning:

Children means individuals for whom permission to participate in research must be obtained from a parent or responsible adult. Definitions of the age of a child vary substantially and are set by national laws and self-regulatory codes. In the absence of a national definition, a child is defined as being 12 and under and a “young person” as aged 13 to 17.

Client means any individual or organisation that requests, commissions or subscribes to all or any part of a research project.

Consent means freely given and informed indication of agreement by a person to the collection and processing of his/her personal data.

Data analytics means the process of examining data sets to uncover hidden patterns, unknown correlations, trends, preferences and other useful information for research purposes.

Data subject means any individual whose personal data is used in research.

Harm means tangible and material harm (such as physical injury or financial loss), intangible or moral harm (such as damage to reputation or goodwill), or excessive intrusion into private life, including unsolicited personally-targeted marketing messages.

Non-research activity means taking direct action toward an individual whose personal data was collected or analysed with the intent to change the attitudes, opinions or actions of that individual.

Passive data collection means the collection of personal data by observing, measuring or recording an individual’s actions or behaviour.

Personal data (sometimes referred to as personally identifiable information or PII) means any information relating to a natural living person that can be used to identify an individual, for example by reference to direct identifiers (such as a name, specific geographic location, telephone number, picture, sound or video recording) or indirectly by reference to an individual’s physical, physiological, mental, economic, cultural or social characteristics.

Primary data means data collected by a researcher from or about an individual for the purpose of research.

Privacy notice (sometimes referred to as privacy policy) means a published summary of an organisation’s privacy practices describing the ways an organisation gathers, uses, discloses and manages a data subject’s personal data.

Research which includes all forms of market, opinion and social research and data analytics, is the systematic gathering and interpretation of information about individuals and organisations. It uses the statistical and analytical methods and techniques of the applied social, behavioural and data sciences to generate insights and support decision-making by providers of goods and services, governments, non-profit organisations and the general public.

Researcher means any individual or organisation carrying out or acting as a consultant on research, including those working in client organisations and any subcontractors used.

Secondary data means data collected for another purpose and subsequently used in research.

Vulnerable people means individuals who may have limited capacity to make voluntary and informed decisions, including those with cognitive impairments or communication disabilities.

Fundamental principles

This Code is based upon three fundamental principles that have characterised market, opinion and social research throughout its history. They provide an interpretative background for the application of the substantive articles of the Code:

  1. When collecting personal data from data subjects for the purpose of research, researchers must be transparent about the information they plan to collect, the purpose for which it will be collected, with whom it might be shared and in what form.
  2. Researchers must ensure that personal data used in research is thoroughly protected from unauthorised access and not disclosed without the consent of the data subject.
  3. Researchers must always behave ethically and not do anything that might harm a data subject or damage the reputation of market, opinion and social research.
Articles
Responsibilities to data subjects
  • Article 1 Duty of care
    • Researchers must ensure that data subjects are not harmed as a direct result of their personal data being used for research.
    • Researchers must exercise special care when the nature of the research is sensitive or the circumstances under which the data was collected might cause a data subject to become upset or disturbed.
    • Researchers must remain mindful that research relies on public confidence in the integrity of research and the confidential treatment of the information provided for its success, and therefore must remain diligent in maintaining the distinction between research and non-research activities. *
    • If researchers engage in non-research activities, for example promotional or commercial activities directed at individual data subjects, they must clearly distinguish and separate those activities from research.
  • Article 2 Children, young people and other vulnerable individuals
    • Researchers must obtain the consent of the parent or responsible adult when collecting personal data from children or anyone for whom a legal guardian has been appointed.
    • Researchers must take special care when considering whether to involve children and young people in research. The questions asked must take into account their age and level of maturity.
    • When working with other vulnerable individuals, researchers must ensure that such individuals are capable of making informed decisions and are not unduly pressured to cooperate with a research request.
  • Article 3 Data minimization

    Researchers must limit the collection and/or processing of personal data to those items that are relevant to the research.

  • Article 4 Primary data collection
    • When collecting personal data directly from a data subject for the purpose of research:
      • Researchers must identify themselves promptly and data subjects must be able to verify the identity and bona fides of the researcher without difficulty.
      • Researchers must clearly state the general purpose of the research as soon as methodologically possible.
      • Researchers must ensure that participation is voluntary and based on information about the general purpose and nature of the research that is adequate and not misleading.
      • Researchers must inform data subjects if there is any activity that will involve re-contact and data subjects must agree to be re-contacted. The only exception to this is re-contact for quality control purposes.
      • Researchers must respect the right of data subjects to refuse requests to participate in research.
    • Researchers must allow data subjects to withdraw from the research at any time and access or rectify personal data held about them.
    • Passive data collection should be based on the consent of the data subject and meet all conditions in Article 4(a).
    • When using passive data collection methods where it is not possible to obtain consent, researchers must have legally permissible grounds to collect the data and they must remove or obscure any identifying characteristics as soon as operationally possible.
  • Article 5 Use of secondary data

    When using secondary data that includes personal data researchers must ensure that:

    • The intended use is compatible with the purpose for which the data was originally collected.
    • The data was not collected in violation of restrictions imposed by law, through deception, or in ways that were not apparent to or reasonably discernible and anticipated by the data subject.
    • The intended use was not specifically excluded in the privacy notice provided at the time of original collection.
    • Any requests from individual data subjects that their data not be used for other purposes are honoured.
    • Use of the data will not result in harm to data subjects and there are measures in place to guard against such harm.
  • Article 6 Data protection and privacy

    When using secondary data that includes personal data researchers must ensure that:

    • If researchers plan to collect personal data for research that may also be used for a non-research purpose, this must be made clear to data subjects prior to data collection and their consent for the non-research use obtained.
    • Researchers must not share a data subject’s personal data with a client unless the data subject has given consent to do so and has agreed to the specific purpose for which it will be used.
    • Researchers must have a privacy notice that is readily accessible by data subjects and is easily understood.
    • Researchers must ensure that personal data cannot be traced nor an individual’s identity inferred via deductive disclosure (for example, through cross-analysis, small samples or combination with other data such as a client’s records or secondary data in the public domain).
    • Researchers must take all reasonable precautions to ensure that personal data is held securely. It must be protected against risks such as loss, unauthorised access, destruction, misuse, manipulation or disclosure.
    • Personal data is to be held no longer than is necessary for the purpose for which it was collected or used.
    • If personal data is to be transferred to subcontractors or other service providers, researchers must ensure that the recipients employ at least an equivalent level of security measures.
    • Researchers must take particular care to maintain the data protection rights of data subjects whose personal data is transferred from one jurisdiction to another. Such transfers must not be made without the consent of the data subject or other legally permissible grounds. In addition, researchers must take all reasonable steps to ensure that adequate security measures are observed and that the data protection principles of this Code are complied with.
    • In the event of a data breach containing personal data researchers have a duty of care for the data subjects involved and must follow all applicable data breach notification laws.

* As it is important that non-researchers also clearly distinguish research from commercial activities, attention is drawn to Article 9 of the consolidated ICC Code of Advertising and Marketing Communications Practice: “Marketing communications should not misrepresent their true commercial purpose. Hence a communication promoting the sale of a product should not be disguised as for example market research, consumer surveys, user-generated content, private blogs or independent reviews.”

Responsibilities to clients
  • Article 7 Transparency
    • Researchers must design research to the specification and quality agreed with the client and in accordance with Article 9(a).
    • Researchers must ensure that findings and any interpretation of them are clearly and adequately supported by data.
    • Researchers must on request allow clients to arrange for independent checks on the quality of data collection and data preparation.
    • Researchers must provide clients with sufficient technical information about the research to enable them to assess the validity of the results and any conclusions drawn.
    • When reporting on the results of research, researchers must make a clear distinction between the findings, the researchers’ interpretation of those findings and any conclusions drawn or recommendations made.
Responsibilities to the general public
  • Article 8 Publishing findings
    • When publishing research findings, researchers must ensure that the public has access to sufficient basic information to assess the quality of the data used and the validity of the conclusions.
    • Researchers must make available upon request the additional technical information necessary to assess the validity of any published findings, unless contractually prohibited.
    • When the client plans to publish the findings of a research project, researchers should ensure that they are consulted as to the form and content of publication. Both the client and the researcher have a responsibility to ensure that published results are not misleading.
    • Researchers must not allow their name or that of their organisation to be associated with the dissemination of conclusions from a research project unless those conclusions are adequately supported by the data.
Responsibilities to the research profession
  • Article 9 Professional responsibility
    • Researchers must be honest, truthful and objective and ensure that their research is carried out in accordance with appropriate scientific research principles, methods and techniques.
    • Researchers must always behave ethically and must not do anything that might unjustifiably damage the reputation of research or lead to a loss of public confidence in it.
    • Researchers must be straightforward and honest in all of their professional and business dealings.
    • Researchers must not unjustifiably criticise other researchers.
    • Researchers must not make false or otherwise misleading statements about their skills, experience or activities, or about those of their organisation.
    • Researchers must conform to the generally accepted principles of fair competition.
  • Article 10 Legal responsibility

    Researchers must conform to all applicable international and national laws, and local codes of conduct and professional standards or rules.

  • Compliance
    • Researchers must ensure that research is carried out in accordance with this Code, that clients and other parties to the research agree to comply with its requirements, and that the Code is applied, where appropriate, by all organisations, companies and individuals at all stages of the research.
    • Correction of a breach of this Code by a researcher, while desirable, does not excuse the breach.
    • Failure by an ESOMAR member to co-operate with a disciplinary investigation by ESOMAR into a possible breach of this Code, will be considered a breach of this Code. This also applies to members of other self-regulatory bodies implementing this Code.
  • Implementation
    • This Code and the principles enshrined in it should be adopted, and if it is adopted, must be implemented, nationally and internationally by the relevant local, national and international self-regulatory bodies. Researchers and clients also should familiarise themselves with relevant local self-regulatory documents on research and with decisions taken by the appropriate self-regulatory body.
    • Requests for interpretation of the principles contained in this Code must be submitted to the ESOMAR Professional Standards Committee or the ICC Commission on Marketing and Advertising for interpretation.
About the International Chamber of Commerce (ICC)

The International Chamber of Commerce (ICC) is the world’s largest business organization with a network of over 6.5 million members in more than 130 countries. ICC works to promote international trade, responsible business conduct and a global approach to regulation through a unique mix of advocacy and standard setting activities – together with market-leading dispute resolution services. ICC members include many of the world’s largest companies, SMEs, business associations and local chambers of commerce.

About ESOMAR

ESOMAR is the global voice of the data, research and insights community, speaking on behalf of over 4900 individual professionals and 500 companies who provide or commission data analytics and research in more than 130 countries, all of whom agree to uphold the ICC/ESOMAR International Code.

As a global association, together with national and international research associations, we set and promote professional standards and self-regulation for our sector and encourage, advance and advocate the role and value of data analytics, market and opinion research in illuminating real issues and bringing about effective decision-making.

check_empty raise_complaint mre contact_support kb check_large check_small radio_checked radio_empty dots dot translate bars arrow_down case check close dashboard edit login profile query settings logo_header