, , , , , , , , , , , , , ,

From the war crimes trials of World War II came a set of rules of human research

Privacy and dignity of the customer or user is not a big concern to business in the post-Internet world. Before a person can use software or a smartphone application (app) they are typically required to consent to an extensive agreement that only a lawyer could understand. Businesses may skip a signed agreement and collect personal information on the customer or user regardless of whether the person knows or consents to the data collection.

This type of collection of data on personal activity is often bought and sold for profit. It raises the question of why the business world is exempt from research restrictions that are applied to all other research involving humans. The possession of personal data also presents the opportunity for abuse of less ethical companies and by political and criminal organizations.

Post-WWII Guidelines For Human Experimentation

Prior to World War II, Germany established a set of standards required in human research. When Hitler came to power he wiped these standards away and Nazi researchers were allowed to experiment as they saw fit.

After World War II trials were held in Nuremberg (or Nürnberg,) Germany to bring justice for the crimes against humanity by Nazi war criminals. Among the crimes were medical experiments performed on prisoners without their knowledge or consent. Many people were harmed and some died as a result of these experiments.

The judges of the trials, moved to action by the testimony, created a set of rules called the Nuremberg Code, to define appropriate research from harmful research. This Code is not law; however, it can be used to determine a legal standard when a researcher violates any of the ten rules of the code. Human research in most civilized nations is governed by the Nuremberg Code.

However, the Nuremberg Code has always been applied to medical and scientific research, not to business situations. In 1947, the idea that business would be invading the privacy of their customers and collecting data on human interactions wasn’t a reality that anyone could envision. 

The Codes Governing Human Research

In 1972 a 40-year study of African American men in Alabama, known as the Tuskegee Syphilis Experimentwas uncovered. The study was performed by the U.S. Health service and they did not follow the Nuremberg Code. They did not inform the participants that they were part of a syphilis experiment, nor did they tell the patients they were infected with syphilis, and after an effective treatment for syphilis was discovered, they continued to leave the men untreated.

After this incident, a conference was held to establish guidelines for all federal research. That conference created the Belmont Report that established three guidelines:

  1. Respect for persons: protecting the autonomy of all people and treating them with courtesy and respect and allowing for informed consent. Researchers must be truthful and conduct no deception;
  2. Beneficence: The philosophy of “Do no harm” while maximizing benefits for the research project and minimizing risks to the research subjects; and
  3. Justice: ensuring reasonable, non-exploitative, and well-considered procedures are administered fairly — the fair distribution of costs and benefits to potential research participants — and equally.

If a college professor is studying the interaction among college students they cannot collect data on their students without their knowledge, nor can they try different stimulus on their students without their knowledge. All research, even social research, requires oversight by a research committee. Strict guidelines restrict all the aspects of the data collection, and how it is used. This applies to all federal research and all organizations receiving federal subsidies.

Once again, the rules for human research established by the Belmont Report occurred before the Internet was being used by businesses to collect data on consumers.

Business Data Collection 2018 

It is common in business, and especially on the Internet, for companies to collect data about their customers or users. The problem is that some of the data has nothing to do with the company or application being used. The organization collects this data to sell to other companies for any use they see fit.

There is a start-up company near Seattle that created a phone app for people to buy and sell personal items. All a person has to do is take a picture of the item they want to sell, post it on the app, set a price, and wait for other users to contact them. It’s a garage sale on a smartphone.

The company received millions of dollars in venture capital, not because the app was expected to make money. The app is free and there is no fee collected on any user transaction. The investors were interested in the data that the app would collect to be sold to other companies.

This is the gold mine of the business world. Save money in advertising by only reaching the people who might need, want, or qualify for the product or service.

Violations of the Nuremberg Code in Business

Under the Nuremberg Code, every business would be required to clearly inform the customer of the data collected, what the data would be used for, and obtain her or his voluntary consent prior to collecting data. The use of the data would have to aim for positive results for society, not just for the financial benefit of the company. The business would also have to prove that it couldn’t be collected in another method.

Data collected would have to be proportion to the humanitarian benefits. It would have to be done by people that understand and are qualified to do the research.

Clearly, the restrictions of the Nuremberg Code are not being followed by most businesses collecting data on their customers. This collection and selling of personal data is so insidious that most people will never know what data is being collected, nor how it is being used to manipulate them. 

At this point, there is no oversight of the data being collected. It is an issue that lurks in the background of the business-as-usual environment. It is a practice, like the Tuskeegee Syphilis Experiment, will likely be misused, if it hasn’t been already.


The Nuremberg Code

  1. Required is the voluntary, well-informed, understanding consent of the human subject in a full legal capacity.
  2. The experiment should aim at positive results for society that cannot be procured in some other way.
  3. It should be based on previous knowledge (e.g., an expectation derived from animal experiments) that justifies the experiment.
  4. The experiment should be set up in a way that avoids unnecessary physical and mental suffering and injuries.
  5. It should not be conducted when there is any reason to believe that it implies a risk of death or disabling injury.
  6. The risks of the experiment should be in proportion to (that is, not exceed) the expected humanitarian benefits.
  7. Preparations and facilities must be provided that adequately protect the subjects against the experiment’s risks.
  8. The staff who conduct or take part in the experiment must be fully trained and scientifically qualified.
  9. The human subjects must be free to immediately quit the experiment at any point when they feel physically or mentally unable to go on.
  10. Likewise, the medical staff must stop the experiment at any point when they observe that continuation would be dangerous.