When to switch off the recorder

Data management

To ensure the safety of our respondents, we requested permission from the Leiden Law School Ethics and Data Committee before conducting fieldwork. In collaboration with the Law School's data stewards, we developed a comprehensive Data Management Plan (DMP), outlining the protocols for data collection, processing, storage, and archiving. We also created an information sheet and consent form to communicate the research objectives and the respondents' rights clearly with our respondents. Furthermore, we conducted a Data Protection Impact Assessment (DPIA) with a Privacy Officer from the law school to identify and mitigate potential privacy risks. The Leiden Law School Ethics Committee approved our plan at the beginning of our project.

Minimizing data

These formalities and procedures are in place to ensure the protection of personal data. This personal data can be stored as audio recordings, transcripts, observation notes, etc. Ensuring someone's privacy begins with determining what information is needed, rather than recording everything. Our research focuses on major life events such as birth and death. Recording a respondent’s administrative status and religion are relevant for this research but are also considered ‘sensitive data’. Administrative status is relevant because migrants without formal residence might be more likely to choose not to register life events. Religion was important because Moroccan family law is based on religion (Islamic and Jewish law). This also meant that if a respondent shared, for example, political statements that are outside of the scope of this research project, I would stop recording or put down my pen.

Furthermore, I never recorded a respondent's real name in notebooks or digital transcripts or summaries. I also destroyed handwritten notes as quickly as possible and set aside at least four hours after an interview to digitize the data and store it in a VeraCrypt container. When processing personal data, I sometimes wrote down certain details more vaguely than was shared in the interview. For example, I might not mention someone's specific age, but rather an age range (e.g., 25-30), or I might mention the region instead of the specific city where the respondent lives.

Risk analysis

Interestingly, some participants found my privacy precautions excessive. Over two years, I built trust with several respondents, some of whom offered to share photocopies of official documents such as passports or birth certificates. Although a child's birth certificate was crucial to the research, I chose to capture it only once rather than carelessly duplicating everything every time it was offered. Once home, I removed the personal information from the photo of the birth certificate and stored it in a VeraCrypt container. Ultimately, researchers must conduct well-considered risk analyses. Even if respondents voluntarily share more information, the question remains whether it is truly necessary and whether it would put someone at risk if the data were leaked.