Skip to main content

MyCoE

Recruitment marketplaces

Recruitment marketplaces such as Mechanical Turk and Prolific are becoming increasingly relevant to user research and testing, particularly in the fields of computer science and human centered design and engineering. These platforms help connect researchers to qualified participants who can complete tasks or surveys, and provide easy mechanisms for rewarding this work via financial incentives.

Mechanical Turk

Carefully read the terms of service for Mechanical Turk prior to initiating procurement. Follow UW Procurement Services’ Amazon Mechanical Turk Policy, which provides guidance and restrictions on the use of this platform.

Prolific

Recruitment marketplaces such as Prolific help connect researchers to qualified participants who can complete tasks or surveys, and provide easy mechanisms for rewarding this work via financial incentives. Researchers seeking to use this cloud-based crowdsourcing platform should be aware that, to date, Prolific has not agreed to UW’s standard vendor terms nor signed a data privacy agreement with the UW.  As a result, the UW Privacy Office and UW Procurement have major concerns about Prolific’s terms of service and use of data.  While use of the platform is permitted in within the College of Engineering in departments whose chair has provided approval, each researcher must weigh the concerns, understand the risks, and agree to specific terms that help mitigate risks before using it

Limitations on Privacy

The UW Privacy Office has identified several concerns related to the use of data for both participants and researchers. Prolific determines the purpose and use of the personal data and their terms of use is subject to change. Participants may have to share more personal data including certain demographic information than they otherwise might if they engaged directly with the UW. Researchers may be required by Prolific to provide additional verification information for fraud prevention purposes. That information may be processed by another third party with its own privacy practices. Researchers may receive promotional content, unless opted out. Participating in user research conducted by Prolific may entail video recording and the collection and creation of data that can be used by Prolific according to their own purposes. UW research data should not be shared in this context. The platform does not guarantee the protection of student’s education records in alignment with FERPA.  As a result, the creation of Prolific accounts is not allowed for students, including students in courses, student researchers, TAs/RAs, and any other positions that are student-only positions., unless a shared NetID is used and generic user information is added (e.g., “Researcher A”) in place of student data, an approach to mitigating this risk that has been approved by Prolific and their attorneys. Researchers may not require or allow student research assistants and other student employees to use the system in ways that require creating a personally identifiable account, entering their personal information, or being recorded. For the same reason, students should not use their personal credit card information to pay for Prolific services.

Concerns About Terms of Use

Prolific’s Legal Terms raise the following concerns and implications:

  1. “By continuing to use the web site, you agree to the revised terms.” Web site terms and conditions can change at any time without your knowledge or consent, often with negative impact or consequences. The vendor can change what they are liable for and what they are responsible for at any time.
  2. “When you post a Study, and a Participant agrees to take part in that Study, an agreement is formed between you and that Participant, which you authorise us to conclude with the participant on your behalf as your commercial agent…” The vendor is authorized to negotiate and issue contracts on the UW’s behalf. This is not permitted per WA State guidelines, nor do we know if the contracts they enter into are ethical or legally permissible per the state laws that govern the UW.
  3. “We may set a minimum reward level from time to time, which we will implement directly in the Study listing features of Prolific…” and “You agree that we may debit your Researcher Account for the amount of our service fees when the amount equal to the Study Costs is received by us or our nominated payment service provider from you in accordance with Clause 3, and we will retain … the amount of our service fees at that time.”  The researcher has no control over the minimum required rate or the fees.
  4. “You must ensure that in any Study listing your identity is clear and the Participant is provided with or directed to a privacy notice meeting the requirements of any laws applicable to you, explaining to them the personal data you will receive and the uses to which you will put it.” The researcher must include a privacy notice in all studies stating what data you collect and how you will use it.
  5. “Our total aggregate liability to you in connection with your use of Prolific, however arising, will not exceed: i) a sum equal to 125% of the Service Fee retained by us in relation to the specific Study in relation to which our liability arises…” In the event of a data breach, 125% of service fees would not be remotely adequate to cover liabilities, especially for areas such as the EU and California that have larger data privacy fines. The researcher’s department would be liable for the costs of any third-party lawsuits with the UW that exceed that sum.
  6. “If we are unable to resolve the dispute by discussion, then the courts of England and Wales will have exclusive jurisdiction over any claim, except that, if you are not resident in England or Wales then we may bring proceedings against you in any court in your country of residence.” UW AGs are not licensed to practice outside of Washington, so you would need to hire outside counsel and fly all participants to England, at department’s expense, for the duration of any litigation that should arise related to your use of Prolific.
  7. “If any dispute arises between you and any Participant then we may try to help resolve it but are not obliged to do so.” The vendor is not obliged to resolve any disputes with participants, and use of the service is at your own risk.
  8. “You may not transfer your rights under our agreement with you without our prior written consent.” The UW is prohibited from assigning the agreement, but there is no limitation on their doing so. In other words, there is no limitation on their transferring obligations to another party. 
  9. "You will be a data controller in your own right in relation to that personal data, and it is your responsibility to make sure that your collection and use of that personal data complies with applicable law.” Researchers are independent controllers of the participant data to which they have access. Accordingly, to meet the controller records of processing requirement under the UK GDPR (which applies to such data), researchers must inventory their projects in the UW’s TrustArc Privacy Management Platform, which serves as the record of processing for compliance with laws such as the UK GDPR.

Limitation on Legal Protections

Many of the standard provisions or requirements standard in typical UW agreements are missing.  For example, there is:

  • No provision for any type of data security (bugs, defects, data breach) over and above personal data protection.
  • No provision for accessibility of users or participants. No requirement to carry any type of insurance whatsoever.
  • No prohibition from using the UW’s name and information in marketing, which is disallowed. No prohibition on hidden, extra, or contingent fees.
  • No clause preventing price gouging or price warranty per WA State Statute.
  • No provision for charging us only the legal amount on past due funds. No provisions for the vendor to comply with laws, rules, or ethics that we are required to comply with and pass on to our suppliers that we are responsible for by law. As such, major ethics violation – racism, sexism, human rights, etc. – would not be considered a breach of agreement and they would not have to defend the UW’s reputation if it were included in a lawsuit or news releases about their behavior.
  • No requirement to keep the agreement confidential.
  • No requirement to keep records per our record retention guidelines, nor assist or participate in any public record requests we must comply with by law.
  • No force majeure provision.
  • No warranty that the vendor is not disbarred by the government or involved in bankruptcy or other proceedings.
  • No provision to include federal flowdown language, which is required in federally-funded contracts.

College of Engineering Policy on the Use of Prolific

In order to mitigate risks and allow engineering researchers to use Prolific, CoE has implemented the following policy, which requires all users to agree to certain terms prior to use. Every CoE researcher who wishes to use Prolific must complete a user agreement and keep the confirmation message on file. Please note that your lab or department must also have a contract with Prolific in place as well and you should detail your use of this tool in your proposal for IRB review. Prior to using Prolific all CoE researchers must read the policy and complete the Prolific User Agreement form

Researcher Responsibilities

Researchers are responsible to review the terms of service for both Researchers and Participants regularly to ensure the platform has not made changes that will increase privacy concerns. Changes in the terms related to the handling of researchers’ and/or users’ data, especially in the following areas, warrant reporting to the College of Engineering and/or reconsideration of use:

  • how data are used for external marketing or business purposes
  • requirements or requests to provide additional personal data or identification
  • requirements to host research study on Prolific or use internal tools, chats, video features, etc.

Researchers must use Prolific in ways that mitigate the attendant risks, namely:

  • Limiting use of the internal messaging system to logistical matters (i.e., avoiding discussion of research) and refraining from using any tools that may be provided to collect or analyze research results (e.g., in-system surveys, data analysis, visualization, etc.).  All research surveys must be hosted externally to Prolific on a system that has a data processing agreement in place to ensure HIPAA/FERPA-compliance, as appropriate.
  • Declining to use UW research data in user research conducted by Prolific.
  • Not requiring or allowing student research assistants and other student employees to use the system in ways that require creating an account, entering their personal information, or being recorded, since Prolific has not agreed to data handling practices that are compliant with FERPA regulations.The preferred workaround is to use a shared NetID is used and generic user information (e.g., “Researcher A”) in place of student data and to use a departmental Procard for payments.
  • Use of the Shared NetID must be in alignment with the UW”s Appropriate use and Shared NetID policies.
  • Providing study participants with a privacy notice stating what data you collect and how you will use it and the following messages that makes them aware of the risks of using Prolific.

    Please note that Prolific controls the personal information and demographic data that you submitted as part of the registration process and determines its use. The University of Washington cannot guarantee the protection of any information that you have submitted within Prolific’s platform. See Prolific’s privacy notices for details.

    Your incentive payments from Prolific constitute income for which you may have personal tax liabilities.

All CoE researchers must acknowledge the risks and accept the responsibilities outlined above by completing the following form prior to using Prolific. They must keep the confirmation message on file with the project records to confirm they have reviewed and agreed to these terms.

PI Responsibilities

Each principal investigator, faculty member, or researcher initiating projects in Prolific should consider all the terms and requirements listed above. If they still wish to use Prolific for the research project, subject to those terms, they should complete the form below and ensure all researchers working on their projects in Prolific complete it as well.

Each project that uses Prolific to process personal data must be included in the UW’s Data Inventory. Accordingly, the researcher agrees to document each such project in the TrustArc Privacy Management Platform. To request a web-form questionnaire to complete the inventory process, contact the UW Privacy Office.

All researchers must complete the  User Agreement form prior to using Prolific. Please keep the confirmation message on file as verification you have reviewed and agreed to these terms.

For audit purposes the PI’s email confirmation should be saved with the procurement documentation and the PI’s email confirmation and each researcher’s email confirmation should be saved with the research documentation for each project.

User Agreement Form

All researchers must complete the  User Agreement form prior to using Prolific. Please keep the confirmation message on file as verification you have reviewed and agreed to these terms.