The UK has a NHS-spawned website that assists researcher to seek ethical approval for medical research: https://www.myresearchproject.org.uk/ELearning/index.html
I went through it, but I do not think opencarefits any of the boxes. The whole thing is (rightly) meant for people who do medical research: sample patients, give them treatment, monitor their condition with and without the treatment etc.
I wrote to the Health Research Authority seeking guidance, with @markomanka in cc.
I also found out that the EU produced ethics guidelines for antrhopological and ethnographical research (here is the paper). I read it and found our approach very consistent with it. @Amelia , can you have a look too? And while you are at it, can you ask around who is the research ethics regulator in the UK for anthro/ethno? I strongly suspect there isn’t one, or rather Universities have ethical boards that play that role. Edgeryders does not have that, but we might be able to make the case that we are OK as long as we go through opencare ethics advisors.
The author of said EU guidelines (Ron Iphofen) is British. He quotes policy guidelines for qualitative research in the UK as being available at http://www.qualidata.essex.ac.uk and http://www.dipex.org.uk. Since he wrote it, both sites have changed: qualidata redirects onto www.ukdataservice.ac.uk (also contains quantitative data). Qualitative ethics guidelines are here. The text appears to assume that the university running the research will have its own ethical board. This is not the case for Edgeryders. Dipex redirects to http://www.healthtalk.org/, which does not seem to have any policy guidance but it does have interesting health stories in text form. Good to know.
Heads up @Costantino: you are going near a danger zone with InPe (vulnerable people etc.). By making it clear that it is only a prototype, and that it is not used for human testing, you should be OK. But don’t take my word for it!
UPDATE: Data protection is much more straightforward. We registered with the Information Commission’s Officer (data protection regulator in the UK); it is unclear whether it is compulsory for a multiauthor blog, but we did it anyway. I took our data protection policies through the ICO’s self-assessment toolkit and it checks green, with seven policies in place, some not applicable, none not implemented nor partially implemented. The report is uploaded on opencare’s GitHub: https://github.com/opencarecc/data-protection-self-assessment