1 of 3 | Why data protection is critical in humanitarian action

Tech
&
Innovation

Video story

January 27, 2021
By:
Malcolm Lucard
Editor in Chief of RCRC magazine
Animation:
Nadia Verlyck

The great data gold rush

In the marketing world, data is sometimes called the “new gold” because it’s a precious tool when it comes to aiming products, services or messages directly at people whose on-line behavior and personal data indicates they are a potentially receptive target.

That goes beyond money. It can be used as a tool in law enforcement, to amass political power, or even as a weapon of war. For millions of people around the world, data simply makes life better, linking them quickly with people, services, and pleasures such as art and music.

But data can also save lives. Humanitarian organizations use it to respond more effectively to crises such as natural disaster and conflict and to track and keep people safe from fast-spreading diseases such as Cholera, Ebola and Covid-19.

But what are the limits and pitfalls of using massive amounts of data in a global market in which there are few global standards — and no universal binding regulations — on the collection, use, storage, sale and protection of data? While some countries and regions have data protection laws (such as the European Union’s General Data Protection Regulation or GDPR), there’s no global data–protection mechanism.

IMG-20210125-WA0034 — Data can help local first responders adapt in real time. In Burundi, the role of some Red Cross volunteers is collecting data during emergencies. When floods hit the country in 2020, displacing thousands, volunteers could respond to people’s needs in real time as people moved into camps for the displaced, then eventually went back to their damaged homes.

High stakes

While international laws have been developed to protect people impacted by conflict or natural disaster — and symbols such as the Red Cross are used to protect humanitarian work — there are few protections safeguarding data collected to help people make it through natural disaster, conflict or other crises.

“We know how to put on the roof of a field hospital,” notes Nathaniel Raymond, a lecturer and human rights expert at Yale University’s Jackson Institute for Global Affairs. “But how do you put a Red Cross or a Red Crescent on a server? How do we put a Red Cross or a Red Crescent on a database or a thumb drive?

“So far, we have not figured out how to distinguish and protect data of a humanitarian character and that means the risk of that data becoming commodified, weaponized or exploited is very high.”

Armed groups or governments, for example, could obtain such data to track people it considers enemies. Or human traffickers might use the data to identify vulnerable targets. Meanwhile, the phone networks, banks and social media platforms that aid groups use to provide services, have their own agendas.

“Many of the companies that provide these platforms and services have data-driven and data-intensive business models,” says Alexandrine Pirlot de Corbion, director of strategy at Privacy International, a leading global data privacy organization.

“They depend on the vast processing of data to thrive. Often these companies have little concern for human rights or any consideration for how different users might be affected by the products they provide.”

At the same time, humanitarians are being hit with increasing demands — long-term conflicts, increasingly frequent storms and outbreaks — just as their budgets are being constrained and international donors are pushing aid groups to be more efficient.

“There is this increased pressure from funders to embrace innovation and to make use of technology, putting pressure to be more accountable and transparent with scarce resources,” says Pirlot de Corbion, who also helped author a joint publication produced by Privacy International and the ICRC called The humanitarian Metadata problem: Doing no harm in the digital era.

“The other reality is that conflicts are lasting longer, natural disasters are happening more frequently, so there is a sustained pressure on aid groups to continuously do more with less.”

_Script_01_All_V5(01-12) — While laws and emblems are used to protect humanitarian workers doing dangerous tasks in the physical world, there are few similar protections for sensitive data used in humanitarian work. “We know how to put a Red Cross or a Red Crescent on a field hospital, but how do we put a Red Cross on a server, or a thumb drive,” notes humanitarian data expert Nathaniel Raymond.

One data-driven innovation now widely embraced by humanitarian organizations is the use of e-banking systems to deliver cash directly to people impacted by crisis. The practice has many advantages: aside from reducing the costs and problems associated with importing massive amounts of food or goods to a crisis zone, cash allows people to support local markets and producers while making their own choices about their most dire needs.

In conflict zones, it can also be safer. “The provision of cash limits people’s visibility and exposure because it doesn’t require people to gather in the same spot for a food distribution, where they could be vulnerable,” says Massimo Marelli, head of the Data Protection Office at the ICRC.

There is a risk, though, that data about the electronic cash transfers could still be misused. While banks use encryption systems to protect the content of cash transactions, there is data associated with each transfer that helps the money get where it needs to go. This is called “metadata” and it functions a bit like the address on a package. What’s inside the package is shielded, but the metadata around it, could reveals a lot about who sent it, from where it was sent, who is receiving it, when it was sent, etc.

If the information was obtained by a party to the conflict, it could make people even more vulnerable to abuse or attack, notes Marelli. “At what time are people withdrawing cash? Where do they withdraw cash from? Where do they spend it? What do they spend it on? All this is very valuable information, which could be used to profile an individual and potentially indicate that someone might be more likely to be an enemy to one of the parties in a conflict.”

Similarly, many encrypted messaging systems also rely on metadata to get SMS texts where they need to go. This is a serious concern as many humanitarian organizations use text messaging systems to share and receive important health, safety and other information with vulnerable groups such as migrants, refugees and people displaced by violence or disaster.

Experts quoted in this story say these concerns should not cause humanitarians to run from technology. But they argue that the sector as a whole needs to better understand the risks involved, so they know what innovations to avoid—and what steps to take to protect people and their data when they do embrace new technology. For this reason, the ICRC published a Handbook on data protection in humanitarian action to help staff, as well as members of other organizations, navigate these difficult issues.

Clearly, there is a lot at stake. If people see their data is being misused, humanitarians could lose their most precious asset: the trust of those they hope to help.

“If the people do not trust you, if they don’t trust that the data will only be used for humanitarian purposes, they may stop coming to you,” says Marelli. “And that will mean that they will not have access to essential humanitarian services. They will not have access to health care, sanitation, nutrition…and that effects are huge for everybody.”