Not a member? Become one today


Code of Conduct

Researchers Responsibilities by Research Approach

U. Online & Mobile Market Research



Online or internet research refers to research in which a MR subject or researcher is involved in any of the following:

  • Completing research documentation online regardless of access route
  • Downloading research documentation from a server and returning it by email
  • Receiving research documentation incorporated into an email and returning by email
  • Participating in an online qualitative interview or discussion
  • Taking part in a measurement system which tracks web usage
  • Participating in an online message boar
  • Collecting information from social media
  • Any other collection of data in the online environment for the purpose of market research

Mobile market research (sometimes referred to as eResearch) involves the collection of information by mobile device (mobile phones, tablets and other similar mobile computing devices) for market research purposes. 

These guidelines apply to market research carried out on mobile phones or devices and to browser based or downloaded applications, passive and active data collection.


An online ‘access panel’ is defined as a sample of potential MR subjects willing to receive invitations to participate (if selected) in future online interviews. Further guidance for research suppliers setting up and managing online panels are available from ESOMAR at These cover panel recruitment, project management, monitoring, maintenance and data protection issues.


A MR subject’s email address or other personal identifiers (e.g. screen or user name or device identifier) is personal data where it refers to an individual and therefore needs to be protected in the same way as other identifiers.  A person's digital image is personally identifiable data. Geo-location data may be considered personal data too.


In the UK market research emails are not defined as commercial communications within the 2011 Amended Privacy and Electronic Communications Regulations. Consequently clients can forward customer email addresses to agencies (for recruitment purposes), unless the client has included market research in their standard data protection opt out policy.

Informed Consent

17.5 Informed consent and a means to provide it are required.  Written consent is preferable but use of an on-screen check box is generally acceptable for data protection purposes.
17.6 MR subject consent is required for the installation and use of software such as an app and MR subjects MUST be made aware of its purpose, the type of data it collects and its impact on functioning or performance such as degradation of battery life.  For further details see ESOMAR's Guideline for Conducting Mobile Market Research.

Privacy and Data Protection


Researchers MUST post a privacy policy statement, sometimes referred to as a privacy notice.  The statement should be easy to find, easy to use and understand, including by children when appropriate.

A guide to privacy policies, their standard elements and an example privacy policy is provided within ESOMAR's Guideline for Online Research Aug 2011.


Links to data protection; privacy policy or cookie consent statements MUST be given at the start of the market research. This will ensure that should MR subjects fail to complete the exercise for any reason their rights are protected.


If a repeat or follow-up survey is intended, a statement concerning Data Protection MUST be displayed on the MR subjects’ screen by the end of the first interview (although this is not compulsory in Spain), while obtaining their consent for the necessary storage of their address data. MR subjects should also be given the opportunity to print out this statement. The MR subjects MUST be able to refuse further participation in the survey via a suitable option and to refuse further contact by email in connection with the survey.


When emails are sent in batches, MR subjects’ email addresses MUST be kept confidential, so for instance blind copying should be used.

MR Subject Costs


MR subjects should be alerted to any costs they may incur e.g. online charges and recompensed for these.

Researcher or Agency Contact Details


MR subjects should be told of the researcher’s identity and given contact details. They should also be given the opportunity to find out more about the research agency carrying out the study, by giving them the name of the organisation together with an address, a corresponding hyperlink is recommended. When working overtly in social media sites, researchers should also provide contact details.

Protecting Personal and Company Data


Researchers MUST use adequate technologies to protect personal and sensitive data when collected, transmitted or stored on websites or servers.


Clients should be made aware of the potential risks of using confidential information in online or mobile surveys (e.g. within product profiles). Agencies should be required to implement strict security procedures. Confidential information even if protected by non-disclosure agreements is easily/printed/stored/forwarded and practically impossible to remove from circulation.



Cookies store specific information about online browsing. EU legislation states that a cookie can be stored on a user's computer, or accessed from that computer, only if the user "has given his or her consent, having been provided with clear and comprehensive information". So the use of cookies MUST be disclosed, as well as a clear description of the data collected and the uses to which it will be put - this MUST be easily accessible - and explicit consent may be required (depending upon national legislation).  ESOMAR provides a Practical Guide on Cookies 

Interview Duration


MR subjects should be told the length of time the questionnaire is likely to take to complete under normal circumstances (e.g. assuming connection is maintained and standard connection speed).

Disclosing List Sources From Website Registration Databases


Where lists (including client-supplied lists) are used for sample selection, the source of the list MUST be disclosed. Where these are derived from website registration databases, researchers MUST check that registration was voluntary and that the data are current.

Use of Unsolicited Emails for Recruitment


Researchers should avoid intruding unnecessarily on the privacy of MR subjects. ESOMAR advises that unsolicited e-mail approaches to potential MR subjects should not be made even in countries where this is permitted by law unless individuals have a reasonable expectation that they may be contacted for research.  

ESOMAR provides a ‘Summary of regulations covering unsolicited contacts (business to consumer)’ May 2013, 

When receiving email lists agencies should verify that individuals listed have a reasonable expectation they will be contacted for market research purposes.

In Mexico, unsolicited email must not be sent unless a previous relationship exists, and the recipient is aware and agrees to that use in the sender's privacy disclaimer. 

In the Netherlands article 11.7 of the Telecommunications Act (Telecommunicatie wet) requires prior consent from individuals to be contacted via their email addresses for commercial (charitable or idealistic) purposes.  When an e-mail address is used for sending invitations for research, or for sending a survey, this is considered not to be commercial (charitable or idealistic) purposes, but purely for research, information gathering, and therefore prior consent is not required. If, however, under the pretense of market research the intention is to sell something, this exception does not apply.

In the USA the Federal CAN SPAM Act and CASRO's mandatory Code of Standards requires prior consent from individuals to be contacted via their email address.  CASRO's Code requires research organisations to verify that individual's contacted for research by email or text message have a reasonable expectation that they will receive email or text message contact for research (and provide further detail upon what constitutes 'reasonable expectation'). 

Identification of the Client


Studies should provide either the client’s identity or an opportunity to ask for it if there is no interviewer to make the request of spontaneously,  at an appropriate point within the study - the client’s identity should be given if sampling from a customer database (i.e. the client supplied a list of potential MR subjects).

Active Self-Selection of MR subjects in Germany


In Germany, the ADM Standards for Quality Assurance for Online Surveys state that participants within online surveys MUST be actively selected (i.e. they MUST opt-in) as opposed to passive self-selection. ADM Standards for Quality Assurance for Online Surveys 2007


Measures should be in place to validate the identity of MR subjects (to avoid surrogate MR subjects) and to check the quality of responses (e.g. to identify cursory or random response patterns).


Use of Apps


The AMSRS (Australia), the MRS (UK) and CASRO (USA) also provide the following guidelines, drawn from the Draft Mobile Research Guidelines August 2013:

Researchers MUST NOT:

  • Install software that modifies the mobile settings beyond what is necessary to conduct research;
  • Install software that knowingly causes conflicts with the operating system or cause other installed software to behave erratically or in unexpected ways;
  • Install software that is hidden within other software that may be downloaded or that is difficult to uninstall;
  • Install software that delivers advertising content, with the exception of software for the purpose of legitimate advertising research;
  • Install upgrades to software without notifying users and giving the participant the opportunity to opt out;
  • Install software that inordinately drains battery life;
  • Install software that causes any costs to the participant that aren't reimbursed by the research organisation;
  • Install or utilise geolocation tracking software that would compromise the participant or their personal data;
  • Create a risk of exposing personal data during data transmission or storage;
  • Change the nature of any identification and tracking technologies without notifying the user;
  • Fail to notify the user of privacy practice changes relating to upgrades to the software; or
  • Collect identifiable data that may be used by the app provider for non-research purposes; or
  • Extract information from the mobile device or phone unless this information is part of the purpose of the study (and informed consent is obtained).


Using Identification and Tracking Technologies/Software


MR subjects MUST always be told at the first opportunity when software is being used to collect information about them, they MUST also be told:

  • Why it/they are to be used
  • If the data subject’s information is to be shared
  • That they can turn them off or remove them.

Explicit consent for downloading software to be used for market research purpose should be sought and a means provided to address questions.

ESOMAR provides example disclosure statements within its Guidelines for Online Research 2011 which details a series of 15 'Unacceptable Practices' that researchers must forbid or prevent.

In Germany websites that use analytics tools MUST give users the chance to opt out.

For the USA CASRO provides detailed guidelines with regard to the use of active agent technology within its Code of Standards and Ethics.

Online Access Panels


Panel members MUST be made aware that they are members of a panel and should be reminded of this at regular intervals. Access panels are a sample database of potential MR subjects who declare that they are willing to receive invitations to participate in future online interviews. At recruitment potential panel members MUST be told that their personal may be stored for further market research.


ESOMAR provides a series of guidelines on internet access panels, covering panel recruitment, management, monitoring, maintenance and privacy/data protection, and a battery of 26 Questions to help research buyers. More details can be found within these guidelines and the question battery can be found at ESOMAR Guideline for Online Research Aug 2011.

ESOMAR are also developing joint guidelines with the GRBN for Online Sample Quality which provide guidance on the operational requirements for providing online samples for market, research.

« Previous Next »

Advertise with EphMRA

Web site (home page) banner, eNews adverts and Conference sponsorship/advertising packages are available - all tailored to suit your needs.

Find Out More