Citizen science is an inevitable trend in the context of a society that demands higher levels of participation in a growing number of fields. This trend is facilitated by the increase in the digitisation of social interactions and, in general, a greater presence of information and communication technologies (ICTs). However, the dynamization of digitised information flows is not without risks. On the one hand, due to the digitisation and interconnection of the devices themselves, increases the fragility of the information; on the other hand, due to the increase in the number of subjects involved, which means that part of the control and responsibility must be transferred to a large number of people.
In this document we analyze various experiences in citizen science and make a prospection of what we must take into account if we want to work with data and technology developing participatory scientific projects with open data. In order to achieve good practices in terms of data protection in the field of citizen science, both organizational (including privacy policies) and technical measures can be taken. By proposing warnings and recommendations, and adopting rules of use, the volunteer is delegated responsibility for making wise use of the tools and, where appropriate, personal information about him/her. The use of technical resources to improve privacy complements the strengthening of privacy by avoiding the possibility that both managers and users of the tools have the possibility of making risk decisions.
It is a mistake to believe that transparency and participation are at odds with privacy and data protection. They are simply two issues that need to be harmonised in such a way that they are compatible.
The potential diversity of projects both in terms of objectives and needs and means, implies great differences in terms of personal data protection. This is why each area is unique and therefore impossible to establish a magic formula to guarantee good practices in data protection.
The deletion of data is another issue where it is necessary to intervene to improve the protection of personal data. This is one of the most controversial aspects, since in research, the renunciation of data retention may be somewhat paradoxical. However, it is essential to establish a justified expiry date.