Ethical review

Ethical review in student projects

Latest update: September 2023

The Netherlands Code of Conduct for Research Integrity and the derived Code of Ethics of Eindhoven University states that for both students and staff: “In their research and design, they adhere to the ethical codes for activities in which human subjects and animals are involved.”.

Ethical review (ERB) form

As of September 1, 2021, all students that work with users or participants should follow this procedure:

  1. Is the data you want to collect explorative or not? See the explorative research document to help guide you. If the data you want to collect is explorative, you do not need to fill out an ERB form. Should the set up of your project change, you might still need an ERB approval. 
  2. Is your research (project, data collection) within the squad wide ERB approval? Ask the squad leader for more information on squad wide ERB approval. If your research is within the squad wide ERB approval, you do not need to fill out an ERB form. Please note that FBP projects cannot fall under the squad wide ERB approval and you will need to fill out an ERB form. 

In any other circumstances, please fill out the ERB form

The responsible staff member (coach/mentor) will sign the form and helps to assess if the proposed project is within minimal risk. In general students should (try to) remain within the ERB minimal risk guidelines.

After the member of staff has signed, students email their form to If the ethics team agrees it is within minimal risk, students will receive a confirmation letter which they upload in Canvas. If the proposed project is not within minimal risk, the ethics team will ensure the local or central ERB evaluates the project. If they approve, students will receive an approval letter, which they must upload to Canvas.

If there are questions on this please contact your coach/mentor first; if your questions are not answered you can contact If you want to submit your form to the Ethics Committee, please email
If there are specific questions about data storage please contact ID data steward Edyta Cios at

Self-check for ethics approval for creative sessions

Students and staff sometimes organize activities or generative/ creative sessions as part of their design research process. In most cases, such activities have been approved collectively already, provided they stay within some general boundaries. To check if your own session is already covered by the available ethics approval, please use the self-check.

Personal data in student projects

What data is personal?

‘Human' or 'Personal' data is information that can be traced back to an individual (directly or indirectly)

According to GDPR (EU) AVG (NL):

  • name, identification number, location data, online identifier.
  • Physical, physiological, genetic, mental, economic, cultural, social identity. This includes, under the GDPR, voice recordings

Please note: there is a difference between logistic data and research data:

  • Logistic data you need to contact the individuals, inform them and gather information
  • Research data is the actual information you need to do your research/ arrive at your conclusions.

Using data is not forbidden but you need to respect privacy with GDPR compliant processes (see below).

How to store/deal with personal data?

You can use the DataFoundry to collect, manage and store data for your research securely. For more information see this webpage:

Alternatively, you can store data collected with various means (the university recommends using Microsoft Forms for surveys and Microsoft Teams for interviews) securely at SurfDrive, connected to your TU/e account:

Please check the “How to deal with audio-recordings” in the download files. If there are specific questions about data storage please contact ID data steward Edyta Cios at

Furthermore, take all these aspects into consideration when you use/collect/store personal date:

  • Store in dedicated project directory
  • Pseudonymize your data set and store the person identifiable data separately
  • Do not share identifiable personal data easily with third parties
  • Collect and store only the necessary information; clip any unnecessary information from the data set as soon as possible
  • Use personal data only for the purpose for which they are intended in the first instance
  • Do not leave personal data unattended, use a good password/lock your computer when you leave your workplace