Privacy and Data Protection Principles


Purpose of use 
We access, analyse or otherwise use data for the purposes consistent with the United Nations mandate and in furtherance of the Sustainable Development Goals
Right to use 
We access, analyze or otherwise use data that has been obtained by lawful and fair means, including, where appropriate, with the knowledge or consent of the individual whose data is used
Purpose compatibility
We ensure to the extent possible, that all of the data we use for project purposes is adequate, relevant, and not excessive in relation to the legitimate and fair purposes for which the data was obtained 
Individual privacy 
We do not access, analyse or otherwise use the content of private communications without the knowledge or proper consent of the individual
We do not knowingly or purposefully access, analyse, or otherwise use personal data, which was shared by an individual with a reasonable expectation of privacy without the knowledge or consent of the individual 
We do not attempt to knowingly and purposefully re-identify de-identified data, and we make all reasonable efforts to prevent any unlawful and unjustified re-identification
Data security 
We ensure reasonable and appropriate technical and organisational safeguards are in place to prevent unauthorised disclosure or breach of data
Risk and harm assessment and risk mitigation 
We perform a risk assessment and implement appropriate mitigation processes before any new or substantially changed project is undertaken
We take into consideration the impact that data use can have not only on individuals but also on groups of individuals 
We ensure that the risks and harms are not excessive in relation to the positive impact of the project
Data sensitivity
We employ stricter standards of care while conducting research among vulnerable populations and persons at risk, children and young people, and any other sensitive data
Data minimisation 
We ensure the data use is limited to the minimum necessary 
Data retention
We ensure that the data used for a project is being stored only for the necessary duration and that any retention of it is justified 
Data quality and accountability 
We design, carry out, report and document our activities with adequate accuracy and openness 
Our collaborators 
We require that our collaborators are acting in compliance with relevant law, data privacy and data protection standards and the United Nations' global mandate. 


These principles acknowledge standards set out in the revised version of the Guidelines for the Regulation of Computerized Personal Data Files adopted by General Assembly resolution 45/95 on 15 December 1989, and contained in a document E/CN.4/1990/72. The principles are not based on any specific national or regional laws, but draw inspiration from a number of global legal instruments concerning privacy and data protection.

Our principles are intended to help ensure that individuals whose data is used are not adversely affected by our research. Because of the constantly-evolving nature of data protection and privacy law, Global Pulse expects these principles to evolve based on experience, industry developments and the comments of interested parties. We would like to thank all those who provided their valuable commentary during the development of the above principles, and during our ongoing process of reviewing a more detailed set of guidelines.

We welcome and appreciate your feedback and input in helping us improve the principles. For more information on our work related to data protection and privacy, please contact