Good morning, midday or evening!I am currently developing an anonymous survey for my master's degree final project and would like to ensure compliance with ethical guidelines, particularly concerning anonymity and data protection regulations like GDPR.To prevent participants from taking the survey more than once, I plan to utilize the cookie feature that won't allow this. However, I want to confirm whether this method will still maintain the anonymity of my survey. I will not be collecting any personally identifiable information, and I understand that the cookies would fall under the category of obligatory cookies (I think).Could someone please clarify whether using cookies in this manner is compliant with GDPR and ethical guidelines for maintaining an anonymity? Additionally, would it still be considered an anonymous survey, given that I am not collecting IP addresses or any other identifying information?Thank you for your assistance!

Cookies are stored on the computer of the user. You can not track cookies unless they visit your survey again. Cookies do not store any personal data. The only thing they do is store the status in regards to the survey (e.g. "took part already").

You (or better your Limesurvey installation) can only check the cookie if the person visits your Limesurvey installation again. As long as you are clear about the usage of cookies you should be fine. However, any more or less tech savvy person knows how to delete cookies, so it is not a perfect "protection" from repeat survey takers.

On the other hand, repeat survey takes are usually only a problem when there are special circumstances:

1. There is an incentive (e.g. a gift voucher, a raffle, etc) involved that is attractive enough for them to go through the survey again
2. There is a personal interest in "manipulating" the results (e.g. a politica poll where people would like to have a specific outcome, etc.)

For most surveys it is actually rather difficult to make people to respond AT ALL, let alone to repeat the participation.

The safest is to use a closed survey with tokens, but if you don't know your respondents and can send them a personalized link, this is not an option.

As a market researcher following the ethics code of ESOMAR we have been running "anonymous" surveys for years. This does not mean "technical" annonymity (so there is 100% no way to connect personal data with survey data), but rather what I'd call "ethical" annonymity. While for many surveys we COULD make this connection, we won't, as we adhere to the rules. So we separate personal data (that we mainly collect to be able to recontact people, e.g. for a second wave, quality control or additional questions) from the survey data when we analyse results. So the results are analyzed anonymously. This is OK, has been for years and GDPR doesn't change this. At the end, you can still collect personal data, as long as you clearly communicate it and for what it is used, how it is stored and where and how long. If you have good reasons for collecting data and follow the best practices, nothing speaks against collecting personal data from people.