Research Data Collection, Use, Disclosure, and Synthetic Data Generation
Effective Date: October 5th, 2022 | Last Updated: March 27th, 2026
About Us
Recon Analytics Data Inc (“Recon Analytics,” “we,” “us”) is a telecom, technology, and consumer research firm based in the United States. We conduct statistical analysis, benchmarking, and market research for clients in the telecommunications, broadband, technology, airline, financial services industries, and other business sectors.
This notice describes how we obtain, use, disclose, and protect research data about individuals who participate in survey panels, network performance testing programs, and other research activities. It also describes how we generate and use synthetic respondent data. This notice applies to data about participants located in the United States, Canada, the United Kingdom, Germany, France, and Spain.
1. Data Sources and Information We Receive
We receive research data from three categories of sources, each with a different consent basis and data profile.
1a. Survey Panel Respondents
We obtain survey response data from third-party panel providers (such as Dynata and CINT). These providers recruit individuals into research panels. Panelists receive compensation for completing surveys and provide explicit consent at the time of enrollment for their de-identified responses to be shared with and resold by research clients, including Recon Analytics and our clients.
Survey response data includes:
- Geographic information: postal code or ZIP code, county or regional equivalent, state or province, designated market area, and urban/suburban/rural classification. We do not receive street addresses.
- Survey responses: satisfaction ratings, service provider selections, purchase behavior and intent, usage patterns, and attitudes across telecommunications, broadband, technology, airline, and financial services.
- Demographic and socioeconomic characteristics: age range, gender, household income range, education level, household composition, and employment status.
- Race and ethnicity data: self-reported racial and ethnic background. Under EU/UK GDPR, this is special category data (Article 9). Under California law (CCPA/CPRA), this is sensitive personal information.
- Firmographic information (business respondents only): company size, industry vertical, annual revenue range, and decision-making role.
- Survey language: the language in which the respondent completed the survey.
We do not receive names, email addresses, phone numbers, government identification numbers, financial account numbers, or persistent device identifiers from panel providers.
1b. Public Network Performance Data
We use publicly available network performance measurement data from open-source Internet measurement platforms. These platforms publish all test data to the public under open data licenses that permit unrestricted use, including commercial use. Anyone may access and use this data for any purpose without prior permission.
Network performance data includes: test results (download speed, upload speed, latency), the IP address assigned to the user’s device by their Internet service provider, geographic location derived from the IP address, network provider, connection type, and timestamp. The IP address is the only element of this data that may be considered personal data. This data does not include names, account information, demographic characteristics, or socioeconomic data.
Users who run these speed tests do so voluntarily. The platforms that collect and publish this data process it under open data principles and, where GDPR applies, under the legitimate interest legal basis (Article 6(1)(f)). Test results are published publicly and retained indefinitely by the originating platform.
1c. Recon Analytics Speed Test Respondents
Some of our survey panel respondents also complete network performance tests administered as part of the Recon Analytics survey instrument. These respondents are compensated through the same panel compensation structure and provide the same explicit consent for data resale as described in Section 1a. For these respondents, network performance data is linked to their survey responses, including demographic and socioeconomic information.
2. Purpose of Use
We use research data for the following purposes:
- Statistical analysis, research, benchmarking, and reporting across our covered industries.
- Identifying trends, competitive dynamics, and consumer and business behavior patterns across geographic areas, demographic segments, and industry verticals.
- Disclosing de-identified response-level data to clients for their analytical and research purposes (see Section 5).
- Training and calibrating statistical models used to generate synthetic respondent data (see Section 12).
- Data quality assurance, including fraud detection and removal of fraudulent survey responses.
We do not use this information to identify, contact, profile, or track individual participants. We do not engage in automated individual decision-making or profiling that produces legal or similarly significant effects on individuals.
3. Consent and Legal Basis for Processing
Consent at the Point of Collection
All survey panel respondents provide explicit consent at the time of panel enrollment for their de-identified responses to be collected, analyzed, and resold to research clients. Respondents are compensated for their participation. This consent, obtained and managed by our panel providers, covers both our internal analysis and our disclosure of response-level data to clients. We contractually require our panel providers to obtain consent that complies with the laws of each jurisdiction where respondents are located.
Third-party speed test users participate voluntarily with knowledge that their test data may be used by others. Recon speed test respondents are covered by the same panel consent described above.
European Economic Area (Germany, France, Spain)
For our internal statistical research and analysis, our processing is based on legitimate interests (GDPR Article 6(1)(f)). For the disclosure of response-level data to clients, we rely on the explicit consent obtained by our panel providers at enrollment, which covers downstream sharing with research clients (GDPR Article 6(1)(a)). For special category data (race and ethnicity), we rely on explicit consent (Article 9(2)(a)) as obtained by the panel provider. We have conducted a Data Protection Impact Assessment (DPIA) covering both our internal processing and client disclosure activities.
United Kingdom
Our processing relies on the same legal bases under the UK GDPR and the Data Protection Act 2018. Panel provider consent covers downstream disclosure to clients.
Canada
Our processing is conducted in accordance with PIPEDA and applicable provincial privacy legislation, including Quebec’s Law 25. Panel providers obtain meaningful consent from Canadian respondents covering both collection and downstream sharing with research clients.
United States
Under the CCPA/CPRA, our disclosure of response-level survey data to clients for monetary consideration constitutes a “sale” of personal information. We disclose this fact in this notice and provide opt-out mechanisms (see Section 10). Panel respondents consent to this arrangement when they enroll in the panel and accept compensation.
4. Data Processing and Safeguards
We apply the following safeguards to reduce the risk of re-identification, both in our internal analysis and in data disclosed to clients:
- No direct identifiers: Response-level data does not contain names, email addresses, phone numbers, IP addresses, device identifiers, or any other direct identifier.
- Contractual re-identification prohibition: All client agreements prohibit any attempt to re-identify individual respondents or link response-level data to identified individuals.
- Use restrictions: Clients may use response-level data only for internal analytical and research purposes. Resale or further distribution requires our written consent.
- Minimum sample size thresholds: We do not publish analytical results based on fewer than 10 respondents in any segment.
- Geographic generalization options: Where appropriate, geographic detail may be limited to reduce re-identification risk for small areas.
- Fraud detection: We operate a three-layer quality system to identify and remove fraudulent survey responses before analysis or disclosure.
- Structural separation of identity: We do not hold any key, crosswalk, or mechanism that could link a survey response to an identified individual. The link between a respondent’s identity and their survey responses exists only within the panel provider’s systems. We cannot connect any response record in our possession to a real person, and neither can our clients.
- Sensitive data restrictions: Race and ethnicity data shared with clients is subject to additional contractual use restrictions.
5. Data Sharing and Disclosure
Response-Level Survey Data
We disclose de-identified response-level survey data to clients for their analytical and research purposes. This data contains the categories described in Section 1a (geographic indicators, survey responses, demographic characteristics, and where applicable, race and ethnicity) but does not contain direct identifiers. This disclosure is covered by the consent respondents provide when enrolling in the survey panel.
Aggregated Research Outputs
We share aggregated insights, reports, statistical analyses, and trend reports with clients. These outputs cannot identify any individual.
Network Performance Data
We use and may disclose network performance measurements to clients. Publicly available speed test data is sourced from open data platforms and may be used by anyone for any purpose under the applicable open data license. Recon speed test data collected through our survey instrument is linked to survey responses and is subject to the same safeguards as response-level survey data.
Synthetic Respondent Data
We may share synthetic respondent datasets with clients, clearly labeled as synthetic. Because synthetic data is computationally generated and does not constitute personal information, it is not subject to personal data sharing restrictions. See Section 12.
Service Providers
We engage service providers for data storage and processing. These providers are contractually bound to process data only on our instructions and to maintain appropriate security.
Categories of Personal Information Disclosed to Clients (CCPA/CPRA)
In the preceding 12 months, we have disclosed the following categories of personal information to clients:
| Category (CCPA) | Examples | Recipients |
|---|---|---|
| Identifiers | Age range, gender, ZIP/postal code, household income range | Research clients |
| Commercial information | Service provider selections, purchase behavior, plan type | Research clients |
| Internet/electronic activity | Broadband usage, speed test results, device types | Research clients |
| Geolocation data | ZIP/postal code, DMA, state/province, urbanicity | Research clients |
| Inferences | Satisfaction scores, NPS, switching intent | Research clients |
| Sensitive PI: racial/ethnic origin | Self-reported race and ethnicity | Research clients (restricted use) |
6. International Data Transfers
Survey data from EEA and UK respondents is transferred to the United States for processing and disclosure to clients. These transfers are protected by European Commission-approved Standard Contractual Clauses (SCCs) and, for UK data, the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs. Where response-level data is disclosed to clients outside the EEA or UK, the same transfer mechanisms apply.
Canada has EU adequacy status for commercial data. Canadian data transferred to the US is protected by contractual safeguards consistent with PIPEDA.
Synthetic respondent data is not personal data and is not subject to data transfer restrictions.
7. Data Retention
We retain detailed survey response data for as long as necessary to fulfill the longitudinal research purposes described in this notice. Our research requires analysis spanning multiple economic cycles, technology transitions, and generational demographic shifts. The United States has not experienced a full structural recession since 2008-2009, and complete business cycle analysis requires data that predates, spans, and follows such events. Shorter retention periods would prevent the cross-cycle analysis that government regulators and policy makers rely upon to evaluate market conditions, assess competitive dynamics, and make informed policy decisions.
Our research has been cited in official government regulatory proceedings and competition assessments in multiple jurisdictions. The policy questions addressed by this research — including broadband affordability, wireless market competition, spectrum allocation, and merger review — operate on multi-decade timescales that require correspondingly deep longitudinal data.
We apply the following safeguards throughout the retention period: structural separation of identity (we hold no key linking responses to individuals), contractual re-identification prohibitions, minimum sample size thresholds, periodic proportionality reviews, and all safeguards described in Section 4. These protections do not degrade over time; the passage of time makes re-identification less likely as IP addresses rotate, individuals relocate, and demographic characteristics change.
Data that is no longer necessary for response-level analysis is retained in aggregated or anonymized form for longer-term trend research.
Statistical models trained on aggregated survey patterns may be retained independently of the underlying data, as they do not contain individual-level information and cannot be used to reconstruct individual responses.
Network performance data and publicly available government statistical data are retained as reference datasets without fixed deletion schedules, as they do not contain individual-level personal information.
8. Your Rights
European Economic Area and United Kingdom
Under the GDPR/UK GDPR, you have the right to:
- Access your personal data and obtain a copy
- Request rectification of inaccurate data
- Request erasure (right to be forgotten)
- Restrict or object to processing, including disclosure to clients
- Withdraw consent for future processing and disclosure
- Request data portability
- Lodge a complaint with your national data protection authority
If you withdraw consent, we will cease disclosing your response-level data to clients prospectively. Data already disclosed cannot be recalled, but clients are contractually prohibited from re-identifying you.
EU Representative: [Name/Entity], [address and email] (GDPR Article 27).
Canada
Under PIPEDA and provincial laws, you may access your personal information, request corrections, and withdraw consent for future sharing with clients.
United States
Under the CCPA/CPRA, you have the right to:
| Jurisdiction | Response Deadline | Governing Law |
|---|---|---|
| EU / EEA | 30 days | GDPR |
| United Kingdom | 30 days | UK GDPR / DPA 2018 |
| Canada | 30 business days | PIPEDA / Provincial laws |
| California / US States | 45 days | CCPA/CPRA / State laws |
-
-
- Email [email protected] with subject “Do Not Sell or Share My Personal Information”
- Submit a request through [web form link, if applicable]
- Contact your survey panel provider to request that your responses not be shared with downstream clients
-
12. Synthetic Respondent Data
What Synthetic Respondent Data Is
We generate synthetic respondent data using statistical models and artificial intelligence. Synthetic respondents are computationally generated records that simulate how a person with a given set of characteristics might respond to survey questions. They are not real people. No synthetic record corresponds to or is derived from any single identifiable individual.
How Synthetic Respondents Are Created
-
-
- Statistical models: trained on aggregated response distributions from real survey data. These models learn group-level patterns, not individual records.
- Publicly available data: including government statistical datasets that provide geographic, economic, demographic, and socioeconomic context at the community level. These sources are publicly available and do not contain individual-level personal information as used by us.
- AI language models: used in a limited role to generate contextual conditions that adjust statistical sampling parameters. The AI does not generate survey responses directly.
-
Privacy Classification
Synthetic data does not relate to an identified or identifiable natural person. Under GDPR Recital 26, it falls outside data protection regulation. Under CCPA/CPRA, it is not personal information. Under PIPEDA, it does not constitute personal information. We maintain safeguards to prevent reverse-engineering of synthetic records to real individuals, including training on aggregate distributions, validating divergence from real records at the individual level, and prohibiting matching attempts.
Use and Sharing
Synthetic data is used to boost thin demographic segments, pre-test survey questions, backfill historical responses, run competitive simulations, and reduce costs for exploratory analysis. Published research remains grounded in real data. Synthetic contributions to deliverables are disclosed. We may share synthetic datasets with clients, clearly labeled. Because synthetic data is not personal information, it is not subject to opt-out rights, data transfer restrictions, or data sharing limitations.
Appendix A: Data Source Summary
| Data Source | Consent Basis | Compensated? | Demographic Data? | Shared with Clients? | Opt-Out? |
|---|---|---|---|---|---|
| Survey panels (Dynata/CINT) | Explicit consent at enrollment | Yes | Yes (full) | Yes (response-level) | Yes |
| Public speed test platforms | Open data license (unrestricted use) | No | No (IP address only) | Yes (public data) | N/A (public data) |
| Recon speed tests (in-survey) | Explicit consent at enrollment | Yes | Yes (linked to survey) | Yes (response-level) | Yes |
| Synthetic respondents | N/A (generated data) | N/A | Simulated | Yes (labeled synthetic) | N/A (not personal data) |
Appendix B: Jurisdiction Summary
| Country | Primary Law | Internal Analysis Basis | Client Disclosure Basis | Opt-Out / Withdrawal |
|---|---|---|---|---|
| United States | CCPA/CPRA + state laws | Notice + consent | Sale (CCPA); consent | Do Not Sell; GPC |
| Canada | PIPEDA / Law 25 | Panel consent | Panel consent | Withdraw consent |
| United Kingdom | UK GDPR / DPA 2018 | Legitimate interest | Panel consent | Withdraw consent; object |
| Germany | GDPR + BDSG | Legitimate interest | Panel consent | Withdraw consent; object |
| France | GDPR + Loi Informatique | Legitimate interest | Panel consent | Withdraw consent; object |
| Spain | GDPR + LOPDGDD | Legitimate interest | Panel consent | Withdraw consent; object |
Appendix C: Data Type Privacy Classification
| Data Type | Personal Data? | Shared with Clients? | Opt-Out Available? |
|---|---|---|---|
| Aggregated research outputs | No | Yes | N/A |
| Response-level survey data | Yes | Yes (de-identified) | Yes |
| Race/ethnicity data | Yes (sensitive/special) | Yes (with restrictions) | Yes (limit use) |
| Public speed test data | Public data (open license) | Yes (already public) | N/A (public data) |
| Recon speed test data | Yes (linked to survey) | Yes (de-identified) | Yes |
| Synthetic respondent data | No | Yes (labeled synthetic) | N/A |
| Government/public data | No | No (reference only) | N/A |