Increasingly, companies are conducting research so that they can make informed decisions about what products to build and what features to change.These data-driven insights enable companies to make responsible decisions that will improve peoples’ experiences with their products. Importantly, companies must also be responsible in how they conduct research. Existing ethical guidelines for research do not always robustly address the considerations that industry researchers face. For this reason, companies should develop principles and practices around research that are appropriate to the environments in which they operate,taking into account the values set out in law and ethics. This paper describes the research review process designed and implemented at Facebook, including the training employees receive, and the steps involved in evaluating proposed research. We emphasize that there is no one-size-fits-all model of research review that can be applied across companies, and that processes should be designed to fit the contexts in which the research is taking place. However, we hope that general principles can be extracted from Facebook’s process that will inform other companies as they develop frameworks for research review that serve their needs.

Emerging large-scale data sources hold tremendous potential for new scientific research into human biology, behaviors, and relationships. At the same time, big data research presents privacy and ethical challenges that the current regulatory framework is ill-suited to address. In light of the immense value of large-scale research data, the central question moving forward is not whether such data should be made available for research, but rather how the benefits can be captured in a way that respects fundamental principles of ethics and privacy.

In response, this Essay outlines elements of a new ethical framework for big data research. It argues that oversight should aim to provide universal coverage of human subjects research, regardless of funding source, across all stages of the information lifecycle. New definitions and standards should be developed based on a modern understanding of privacy science and the expectations of research subjects. In addition, researchers and review boards should be encouraged to incorporate systematic risk-benefit assessments and new procedural and technological solutions from the wide range of interventions that are available. Finally, oversight mechanisms and the safeguards implemented should be tailored to the intended uses, benefits, threats, harms, and vulnerabilities associated with a specific research activity.

Development of a new ethical framework with these elements should be the product of a dynamic multistakeholder process that is designed to capture the latest scientific understanding of privacy, analytical methods, available safeguards, community and social norms, and best practices for research ethics as they evolve over time. Such a framework would support big data utilization and help harness the value of big data in a sustainable and trust-building manner.

Today, organizations globally wrestle with how to extract valuable insights from diverse data sets without invading privacy, causing discrimination, harming their brand, or otherwise undermining the sustainability of their big data projects. Leaders in these organizations are thus asking: What management approach should businesses employ sustainably to achieve the tremendous benefits of big data analytics, while minimizing the potential negative externalities?

This Paper argues that leaders can learn from environmental management practices developed to manage the negative externalities of the industrial revolution. First, it shows that, along with its many benefits, big data can create negative externalities that are structurally similar to environmental pollution. This suggests that management strategies to enhance environmental performance could provide a useful model for businesses seeking sustainably to develop their personal data assets. Second, this Paper chronicles environmental management’s historical progression from a back-end, siloed approach to a more proactive and collaborative “environmental management system” method. An approach modeled after environmental management systems—a Big Data Management System approach—offers an effective model for managing data analytics operations to prevent negative externalities.

Finally, this Paper shows that a Big Data Management System approach aligns with: (A) Agile software development and DevOps practices that companies use to develop and maintain big data applications, (B) best practices in Privacy by Design and Privacy Engineering, and (C) emerging trends in organizational management theory. At this critical, formative moment when organizations begin to leverage personal data to revolutionary ends, we can readily learn from environmental management systems to embrace sustainable big data management from the outset.