Richard Thaler and Cass Sunstein published a book titled ‘Nudge’ in 2008 [1], which introduced the world outside academia to behavioural economics. They presented readers with the concept of nudging, i.e. small manipulations to the context within which a decision is made. This context is referred to as the ‘choice architecture’. Thaler and Sunstein provided examples of a variety of such manipulations that were successful in mediating behavioural change in practice. Nudging has been applied in a variety of contexts (e.g. health [2], smoking [3] and obesity [4]). Digital nudging [5] is of particular interest in this paper, in the context of information security and privacy (Info-S&P). At least three governments (UK, USA and NSW in Australia) embraced the concept, establishing units to explore how these techniques could be used in order to ‘nudge’ citizens towards wiser behaviours [6, 7, 8]. Despite widespread acclaim [9, 10, 11], enthusiasm for nudges has not been unanimous [12, 13, 14, 15, 16]. Sceptics, both in and out of academia, soon questioned the ethics of nudging, especially when used by governments [12]. Many have expressed concerns, specifically with respect to the impact of nudges on nudgees’ welfare, autonomy and dignity [17]. Information security and privacy researchers have started to trial nudges to see whether they could be effective in persuading people to behave more securely, or to act to preserve their privacy [18, 19, 20, 21, 22, 23, 24]. As the nudge becomes the topic of more experiments, and is deployed across public life, its ethical ramifications should be contemplated. Researchers wishing to experiment with the behavioural change efficacy of specific nudges need guidance about how to conduct such experiments in an ethical manner. As Info-S&P researchers ourselves, we focus on the ethics of nudging in Info-S&P . Before we can formulate nudge-specific ethical guidelines, we need first to outline authoritative ethical principles. We then delineate the nudge concept and present arguments for, and against, the deployment of nudges. Afterwards, we derive a set of guidelines to inform ethical nudging in Info-S&P. We conclude by showing how these guidelines can be applied.