Hello,
I have a public project and want that everybody that wants to participate in my survey can do this without permission. Is there any way to keep it public but to restrict the access to the survey data only for the admin/creator? Now anybody can download the whole data package.
Cheers,
Louis
Regrettably, the functionality you’re inquiring about is presently unavailable in Epicollect5.
We apologize for any inconvenience this may cause.
More info on projects’ privacy control at →
Is there a way that you can include this function in an update? To restrict the access to the data collected?
We do not have plans for it at the moment.
There is a dedicated thread here →
You might look at alternatives like Google Forms or Kobo Toolbox or ODK
Just to reiterate so many voices in many threads here: the option to hide answers of other users in a public project is such a common use-case. epicollect5 looks like such a fitting project otherwise. It is a pity that this is such a show-stopper.
Thank you for your feedback.
We would like to take this opportunity to share our considerations, as crossposted from the original discussion →
Our primary focus here is on GDPR compliance. On Epicollect5, public projects do not require user authentication when using mobile apps. This design is intentional, and typically public projects are structured in a way that avoids including sensitive user details, ensuring that this information is not exposed to the general public, which reflects your concerns.
However, introducing a feature that allows users to submit personal data which remains hidden from the public does present certain challenges. The most significant concern arises if a user decides to delete their Epicollect5 account. In accordance with GDPR, we are required to delete all personal data associated with that account. If users are not required to authenticate, it becomes impossible to trace which entries belong to a specific individual, making it difficult (or impossible) to ensure that sensitive data linked to the user is deleted.
One potential solution we’ve considered is enforcing authentication for public projects as well. This would allow us to maintain a clearer record of which users are associated with specific entries, ensuring that we can delete sensitive data if a user exercises their right to have it removed. However, we recognize that this approach could affect projects that rely on anonymous data collection, and we are wary of making changes that could limit the flexibility Epicollect5 currently offers.
It is worth noting that authentication is already required to submit entries to a public project via the web. This is primarily in place as a safeguard against spam bots, malicious scripts, and web crawlers, ensuring that submissions are genuine and minimizing abuse of the system.
Another consideration is the risk of human error. Even if sensitive responses are hidden from the public, there remains the possibility that a project member could accidentally or intentionally expose these details. In such cases, determining accountability becomes complicated. Who would be held responsible if such a mistake occurred? We believe this is another important aspect to consider as part of the decision-making process.
We hope this provides clarity on the potential challenges and considerations surrounding the request for hidden question responses in public projects. We are open to further discussions on how we can balance user needs while maintaining compliance with legal requirements.
Thanks - but this only repeats what already had been written in the other threads on this topic.
What I was talking about also does not directly address GDPR.
Essentially: a project which
Private projects don’t fit this currently as they require user invitation, which isn’t practical in many situations, and public (all?) projects don’t fit this, as all data will be shared with everyone in the project.
Your considerations concerning GDPR would also be adressed, as projects like above would require user accounts: data would always be connected to an account.
Could you kindly provide an example of how this is implemented on other data collection platforms? This would help us better understand how it might be adapted for Epicollect5, if feasible.