Data Protection Standards 2.0
As noted in Patrick Meier’s blog post on “Crowdsourcing, Crisis Mapping and Data Protection Standards”, humanitarian organizations have yet to develop and publicize data protection protocols for social media, crowdsourcing and volunteer geographical information. This is why, in November 2011, the Standby Task Force (SBTF) actively participated in an important workshop to discuss these challenges.
The workshop was organized and sponsored by World Vision (WV) and deliberately scheduled around the 2011 Crisis Mappers Conference in Geneva, Switzerland. This was quite possibly one of the most important meeting that we (as the SBTF) participated in all of 2011. For the first time, we had a dedicated space to share our challenges and questions with data protection experts. Participants included representatives from the International Committee of the Red Cross (ICRC), Care International, Oxfam GB, UN OCHA, UN Foundation, Harvard Humanitarian Initiative (HHI) and obviously WV.
We discussed in depth issues surrounding Do No Harm, Informed Consent, Verification, Risk Mitigation, Ownership, Ethics and Communication, Impartiality, etc. A clear outcome of the workshop was there a clear need exists for developing and sharing guiding principles to inform the work of both volunteer networks (like the SBTF) and humanitarian organizations. Our colleagues at the ICRC have since taken the lead on developing protocols relevant to a data 2.0 world in which volunteer networks and disaster-affected communities are increasingly critical. We expect to review the latest draft in the coming weeks after Oxfam GB has added their comments to the document. The report of the workshop is available here and highly recommended.
Obviously, these data protection challenges are not new. Many of us in the SBTF have been confronted with them since we launched in 2010. We have actively been reaching out for guidance on such issues, included security-related challenges, as per this blog post from early 2011. Humanitarian organizations are also aware of these complex challenges. The International Organization for Migration’s report on Data Protection Standards, a 150+ page report, is devoid of any reference to social media even though disaster-affected communities are increasingly generating digital information relevant for humanitarian response operations.
To this end, this new piece from the Sudan Satellite Sentinel Project (SSP) is quite suprising, not because it says anything new but because it draws on discussions that have been going on for quite some time now in the Crisis Mappers community.
Set of Ethical & Techl Standards for How to Use New Tools Safely & Strategically
This issue has been discussed broadly at ICCM 2011, where more than one self organized session was specifically about this issue. UN personnel, NGOs, practitioners and software companies participated in the sessions discussing in between other topics the deployment of crisis mapping projects under repressive regimes, the use of social media in repressive regimes and the security protocols for verification and privacy.
The SBTF in particular has developed in the last year several documents in order to manage those issue: in the Libya deployment the verification protocols designed by the SBTF were accepted and revised by UNOCHA before being implemented for example. A threat and mitigation strategy was also provided to and accepted by OCHA. In addition to this, and before the Libya crisis, the SBTF has been designing security protocols and blogged about possible measures to be taken when crisis mapping repressive regimes.
The struggle to find common standards and draw on lessons learned is common in the field and this is the reason why the same Crisis Mappers Network created, under the lead of co-founder Jen Ziemke, a Security Working Group inside the network. A lot still needs to be done and proactive actions are being taken by those interested in actively working together to constructively address the issue.
Standardized Training, Tech Benchmarks, and Peer-Reviewed Codes of Ethics
The SBTF has now standardized training for all our teams, training that has been also shared with UN practitioners for their feedback and material which has also been informed by two professional crisis simulations – one with UN SPIDER and one with UN OCHA. A third, upcoming simulation is scheduled this Spring in partnership with HHI. Our training and workflows have proven successful in our deployments, at the point that they are now being used by UNOCHA in Colombia for their emergency response crisis mapping project. Incidentally, all of these workflows are openly available on the SBTF website.
Our Code of Conduct for volunteers has been shared with both the International Red Cross and the UN for their feedback, and is entirely designed based on the Red Cross Code of Conduct. Co-founder Patrick Meier has been discussing both inside the Standby Task Force Core team, with our partners and inside the Crisis Mappers google group about the design of a common SMS code of conduct, while another co-founder, Anahi Ayala Iacucci, is actively working with Internews on the development of a Community of Interest about Communication with Disaster Affected Communities – communication system which we have training material on and which is available to SBTF volunteers on our Ning platform.
Learning and Evaluation
This part of our work has been something we have been trying to address consistently in the course of the past year. The SBTF has publicly released three reports on our most important deployments, which include lessons learned, problems, issue and possible mistakes done during deployment to make sure that all those factors are taken into account for future deployments. All our major deployments have public blog posts that describe in detail the deployment and try to evaluate the outcomes and the results of those deployment. See here for a complete list of that documentation.
Guidelines for guaranteeing the safety of informants, and frameworks to hold practitioners responsible for adherence to ethical and technical standards
The protection of data exchanged and used during our deployment has been and will always be an issue that we realized needs to be carefully dealt with on a case by case level. The World Vision workshop held in Geneva on data protections was a great occasion for us to share our concerns and problems with practitioners and experts in the field, like ICRC, HHI and UN agencies. As SBTF we have been learning a lot especially during the Libya deployment where for example the UN decided to publish the map we were working on but only after cleaning the data from sensitive information contained into it. The need for common guidelines and share protocols is definitely there and all practitioners working on the ground feel this needs as t be one of the most important to be addressed. For this reason Security was one of the 3 main topics highlighted in the Crisis Mappers conference in Geneva in 2011.
We are quite flattered by the remarks in article by Sudan Sentil Project referring to “crisis mappers” as being the new first responders. Unfortunately, we can’t take credit for that. The affected populations are by definition the first responders. Then come the professional humanitarian organizations, whether local, national or international. At the SBTF, we have clear “Activation Protocols” that dictate where and when we engage in official SBTF deployments. These have also been reviewed by several humanitarian organizations including UN OCHA. We don’t mobilize on a crisis mapping project just because we feel like it. We are volunteers with other professional/academic demands on our time. A specific list of criteria first need to be met. So while the Sudan Project article might be referring to the SBTF at times when they talk about “crisis mappers”, it is worthwhile to know that we typically work in partnership with established humanitarian organizations.
We don’t have all the answers, and never will. We are a volunteer network actively looking for support and guidance. We are grateful to the ICRC for taking the lead on drafting possible protocols to guide our work and we openly invite any other experts out there to help us in mainstreaming data protection 2.0 protocols into our workflows and operations. But there’s a lot more that we need guidance on. So if you are a lawyer, and interested in providing pro-bono support, to audit our work flows and provide us with concrete, actionable guidance on digital data protection issues for 21st century humanitarian response, please get in touch–we need about 10 of you!
In the meantime, we’ve collectively started this Working Group on Data Protection as part of the Crisis Mappers Network. While the Security Working Group initially included Privacy, these are major issues that each need individual, focused attention. As a first step, the goal of the Data Protection Working Group will be to identify and list the data protection questions that need to be addressed within the context of social media, crowdsourcing and volunteer geographical information systems. We will then share these with the data protection experts, we are already working on this topic with. But we will also use this Working Group to brainstorm some suggestions vis-a-vis possible protocols.
Contributors to this blog post: Anahi, Patrick & Jeannine