In April 2015, the UN Secretary-General announced that “the number of people in need of humanitarian assistance around the world has doubled in just ten years.” UNOCHA, in its State of Humanitarian Aid report, noted that “[a]t the beginning of 2015 we were aiming to reach 57.5 million people in 22 countries needing assistance.”
To support humanitarian response, the effective collection and handling of data is critical, and can be highly sensitive. Privacy groups have been highlighting the need for clearer guidance on how information can be processed safely without hindering the important objective of humanitarian response, and humanitarian agencies have stressed the need for the development of ethical standards for the use of data. For example, UNHCR recently released its Data Protection Policy. The International Committee of the Red Cross (ICRC) has created a Data Protection Office, released Professional Standards for Protection Work, and is looking into developing data protection practices and guidelines. And overall, the international community has been paying close attention to the protection of the Right to Privacy in today’s digital age, with the establishment of the mandate of a new UN Special Rapporteur to the Right To Privacy in 2015.
Seeking frameworks for the accessing and handling of Big Data
Some national and international organisations, including Global Pulse, have been looking at the development of clearer guidance on how Big Data in particular could be leveraged in a privacy protective way and still ensure that privacy mechanisms do not forbid or slow down the process of innovation, integration of big data into sustainable development planning and monitoring, or delay emergency response.
The Ebola outbreak in West Africa in 2014 was a real-world case in which big data potentially could have been useful in the response efforts, but accessing de-identified call detail records proved extremely difficult. The lack of a unified definition of privacy, boundaries of personal data/personally identifiable information, determination of anonymization techniques appropriate for the use of Call Detail Records, and Big Data in general, do not promise an easy solution for the next time a similar emergency strikes.
With these challenges in mind, the Global Pulse Data Privacy Advisory Group gathered in The Netherlands last week to discuss questions of data governance and the responsible use of big data for development and humanitarian causes. During a public event held at the Mauritius Museum, and a one-day closed working session held in the Peace Palace, Privacy Advisory Group members discussed the potential creation of guidelines and a risk management framework for the application of Big Data adaptable for use by development and humanitarian agencies.
Data Protection and Privacy Commissioners adopt a new resolution on Privacy & International Humanitarian Action
The 37th International Conference of Data Protection and Privacy Commissioners also took place last week in The Netherlands. The Conference is an independently organized assembly of national data protection and privacy commissioners. Currently, 101 authorities from 63 countries and 1 international organisation (the European Union) have been accredited as member and 16 authorities from 7 countries and 5 international organisations have an observer status.
In 2011, the International Conference of Data Protection and Privacy Commissioners adopted a resolution on Personal Data and Natural Disasters [PDF], proposed by the Commissioner of New Zealand. The 2011 Resolution called on data protection authorities to “review whether their domestic data protection and privacy laws are suitably framed and flexible to best serve the vital interests of individuals in the event of a major natural disaster and, if warranted, to recommend reform.” The resolution concentrated on the question of “major disasters [rather] than smaller, more localised, events.” However questions such as using Big Data for disaster preparedness mechanisms, disaster recovery, and development are still open and requires further exploration.
This year, considering the increased number of humanitarian crises the conference adopted a new Resolution on Privacy and International Humanitarian Action [PDF].
The 2015 resolution is a joint initiative between Iberoamerican and Francophone Data Protection Authorities. It is conscious in covering national and transnational territories and “is framed by national and international law, in particular, humanitarian law, international refugee law and international human rights law."
This important call for change in data privacy and data protection practices emphasizes that data processing is an integral part of the performance of the mission of humanitarian actors. More critically, the resolution underlines the importance of respecting the right to privacy, and also calls for a regulatory framework that takes into consideration the specifics of the humanitarian work and eases humanitarian missions.
Among the major outcomes of the resolution is the creation of an expert group that will work on establishing standards for data protection applicable to humanitarian missions.
While there is much more that needs to be done, the passing of this new resolution by the Data Protection Authorities provides hope for the beginning of a new dialogue between regulators, the humanitarian community and private stakeholders on how data could be used responsibly to the benefit of the vulnerable, while respecting and protecting individual rights.
Image: Mr Joseph Cannataci, UN Special Rapporteur on the Right to Privacy at the 37th International Privacy Conference
