Why privacy and data protection are key to inclusive development

Each year USD 100 billion in aid is received by governments around the world to support poverty alleviation programmes benefiting millions of people, and there are more than 134 million people across the world in need of humanitarian assistance.

It is likely that the data of each of these people will be collected and processed at some point.

There is no question that advancements in technology, communications and data-intensive systems have significantly changed the way aid and humanitarian assistance are provided, but we must be critical of these initiatives.

On the anniversary of the EU’s GDPR, we need to ask some pertinent questions: Whose data are we collecting and for whose development? What is the relevance and necessity of the data being collected? Who are the actors involved and what are their interests? And who is responsible and accountable?

In today’s ever-growing digital world, more people who receive development and humanitarian assistance are being exposed to unexpected threats. The sector is realising the urgent need to tackle some of these questions, but we need to do more if we want to deliver sustainable and inclusive development with dignity.

Protecting individuals and their data

Some organisations are taking active measures because of the new legal obligations they are subject to with states adopting or reforming data protection laws including in the European Union (such as GDPR), Brazil, Kenya, Uganda and India.

Some organisations are taking extra precautions because they realise the risks that come with generating and processing data including securing large datasets, exposing individuals already at risk to ill-intentioned actors, and concerns of mission creep. Failing to address these risks means that our core mandate of our protecting and assisting people in a vulnerable position is being directly undermined. Protecting individuals’ personal data is an integral part of protecting their life, integrity and dignity.

Beyond legal and human right obligations, the sector must strengthen its understanding of the broader development and humanitarian ecosystem to map out how data-intensive systems and the use of technology is affecting individuals and communities.

What do we know about this data ecosystem?

• Development and humanitarian organisations generate and process vast amounts of data. This includes the array of programmes starting from registration and enrolment of beneficiaries and affected populations, information sharing initiatives over messaging apps, SMS or social media, the delivery of assistance projects such as cash transfer programmes, and the general use of big data for public good.
• Governments have vast unrestrained and unaccountable powers which threaten freedom. The data processing capabilities of governments are continuously improving and expanding, with almost every interaction with government resulting in the processing of data. What does that mean for organisations which are subject to laws and practices of the states they are based in and/or operating in?
• Companies routinely exploit people’s data for their own advantage. This raises questions about how partnerships and the provision of solutions provided by the private sector are managed in the sector. What measures need to be taken to address business models which conflict with the ethos of the development sector? Examples include surveillance companies or those who thrive on the exploitation of data. We must understand the risks associated with such partnerships.

While threats like these are largely unreported or unrecorded, there is already evidence of these risk and harms, including the surveillance of aid agencies, vulnerabilities of systems exposing data to abuse, systems of discrimination and the use of surveillance to target migrants.

We must be informed to move forward

We must understand the implications of these actions which may run counter to our altruistic efforts.

The sector must make informed decisions as to whether to adopt data and tech solutions in the first place. This requires an understanding of how organisations generate vast amounts of data as well as a grasp of the ecosystem in which they are doing so. Both of these steps are crucial for the sector to improve their ability to identify and mitigate risks.

Failure to address the risks and prevent harms will mean that the use of data and technology may hinder and harm what we’re striving to achieve as outlined in the Sustainable Development Goals (SDGs) and national action plans for development and poverty alleviation.

Find out more about Privacy International’s work on privacy, data protection and surveillance in the development and humanitarian sector.