Data Responsibility in Humanitarian Action to Improve Children’s Lives
A Comparative Assessment of the IASC and RD4C Principles
Posted on 13th of September 2021 by Andrew Young, Andrew Zahuranec, Marilla Li, Andres Arau, Stefaan Verhulst
The Importance of Principles
Data responsibility is growing ever more complex. There is no standard operating procedure or one-size-fits-all approach that can guarantee responsible and effective data handling. Institutions and researchers have released an array of data responsibility tools and platforms, but the utility of these tools depends on the context in which they are deployed.
Given the contextual nature of data responsibility, many institutions look to principles as a “north star” toward which to organize their efforts. Responsible data principles can provide practitioners with guidance and support without being overly prescriptive. Principles provide a framework of good practices while giving practitioners the space to adapt and refine their activities based on the unique situation in which they operate.
The IASC Principles
On February 3, 2021, the Inter-Agency Standing Committee — the preeminent humanitarian forum in the United Nations system — released its Guidance on Data Responsibility in Humanitarian Action. The Guidance includes the Principles for Data Responsibility in Humanitarian Action as well as recommended practices that can help humanitarian actors meet them. Below, we include the Principles with condensed descriptions from the original IASC guidance.
IASC Principles for Data Responsibility in Humanitarian Action
Accountability: “...[H]umanitarian organizations have an obligation to account and accept responsibility for their data management activities.”
Confidentiality: “Humanitarian organizations should implement appropriate organizational safeguards and procedures to keep sensitive data confidential at all times.”
Coordination and Collaboration: “Coordinated and collaborative data management entails the meaningful inclusion of humanitarian partners, national and local authorities, people affected by crisis, and other stakeholders in data management activities…”
Data Security: “Humanitarian organizations should implement appropriate organizational and technical safeguards, procedures and systems to prevent, mitigate, report and respond to security breaches.”
Defined Purpose, Necessity and Proportionality: “Humanitarian data management and its related activities should have a clearly defined purpose…[T]he management of data in humanitarian response should be relevant, limited and proportionate – in terms of required investment as well as identified risk – to the specified purpose(s).”
Fairness and Legitimacy: “Humanitarian organizations should manage data in a fair and legitimate manner, in accordance with their mandates, the context of the response, governing instruments, and global norms and standards, including the Humanitarian Principles. Legitimate grounds for data management include, for example: the best interests of people affected by crisis, consistent with the organization’s mandate; public interest in furtherance of the organization’s mandate; the vital interests of communities and individuals not able to make a determination about data management themselves…”
Human Rights-Based Approach: “Data management should be designed and implemented in ways that respect, protect and promote the fulfilment of human rights, including the fundamental freedoms and principles of equality and non-discrimination as defined in human rights frameworks, as well as the more specific right to privacy and other data-related rights, and data-specific rights promulgated in applicable data protection legislation and other applicable regulation.”
People-Centered and Inclusive: “Affected populations should be afforded an opportunity to be included, represented, and empowered to exercise agency throughout data management whenever the operational context permits.”
Personal Data Protection: “Humanitarian organizations have an obligation to adhere to (i) applicable national and regional data protection laws, or (ii) if they enjoy privileges and immunities such that national and regional laws do not apply to them, to their own data protection policies.”
Quality: “Data quality should be maintained such that users and key stakeholders are able to trust operational data management and its resulting products. Data quality entails that data is relevant, accurate, timely, complete, up-to-date and interpretable…”
Retention and Destruction: “Sensitive data should only be retained for as long as it is necessary to the specified purpose for which it is being managed or as required by applicable law or donor audit regulations. When its retention is required, safe and secure storage should be ensured to safeguard sensitive data from being misused or irresponsibly exposed.”
Transparency: “Data management in humanitarian response should be carried out in ways that offer meaningful transparency toward stakeholders, notably affected populations.”
The RD4C Principles
In 2019, The GovLab and UNICEF established the Responsible Data for Children Initiative (RD4C). RD4C seeks to highlight and support best practice in the handling of data for and about children work; develop practical tools to assist practitioners in evaluating and addressing risks and challenge; and encourage a broader discussion on actionable principles, insights, and approaches for responsible data management to improve children’s lives
The GovLab and UNICEF developed the RD4C Principles to support organizations in stewarding data collected, stored and prepared, shared, analyzed, and used to save children’s lives, defend their rights, and help them fulfill their potential from early childhood through adolescence.
Rather than duplicate or contradict, the IASC Data Responsibility Principles and RD4C Principles fulfill different functions. Whereas the IASC Data Responsibility Principles address responsible handling of data about all demographies in humanitarian settings, RD4C focuses specifically on how organizations can address children's data. Indeed, the RD4C Principles provide practitioners with a roadmap for implementing and embodying the IASC Data Responsibility Principles in their work with children’s data.
Below, we outline the RD4C Principles (or the 7 Ps) and reflect on how the implementation of each RD4C Principle can help practitioners adhere to the IASC Data Responsibility Principles in their engagements with children and their data.
Related IASC Principle(s)
Purpose-Driven: Identifying and specifying why the data is needed and how the intended or potential benefits relate to improving children’s lives.
Defined Purpose, Necessity and Proportionality
Both the RD4C and IASC Principles emphasize that responsible data practices begin by being purpose-driven. A clearly defined purpose can help practitioners avoid misuses of data and organize their efforts around achieving a well-established goal or objective.
Practitioners will also be better positioned to align their downstream data practices with responsible data principles — such as Proportionality — if they are working toward a well-established purpose that can benefit children’s lives.
Participatory: Engaging and informing individuals and groups affected by the use of data for and about children.
Coordination and Collaboration
A Participatory approach involves collaboration and transparency, both of which are represented in the IASC Principles.
First, practitioners should seek input from and collaboration with relevant stakeholders in the design and implementation of a data initiative. These stakeholders can include children, their caregivers, and the communities in which they live as well as partners, donors and other key actors.
Second, a Participatory approach necessitates a level of transparency and effective communication to ensure that the intended beneficiaries of a data initiative and other relevant parties are kept abreast of new developments.
Professionally Accountable: Operationalizing responsible data practices and principles by establishing institutional processes, roles, and responsibilities.
Fairness and Legitimacy
Data responsibility rests upon individual and organizational accountability. Professional Accountability entails establishing and adhering to policies and procedures that place personnel in the best position to handle data fairly and legitimately, guard against inappropriate or harmful activities, and ensure that children’s data under their charge remains secure.
People-Centric: Ensuring the needs and expectations of children, their caregivers, and their communities are prioritized by actors handling data for and about them.
People-Centered and Inclusive
Data can play an important role in driving effective decision-making, improving service delivery, and increasing efficiency, among other benefits. Given these facts, practitioners handling data for and about children should ensure that the needs, interests, and expectations of people—including children and their caregivers in particular—are prioritized. When making decisions regarding data handling activities, practitioners should center practices that demonstrably serve children’s interests — in an inclusive manner that takes into account vulnerable or marginalized communities — over more process-oriented benefits that could be created through data, such as efficiency gains.
Prevention of Harms Across the Data Life Cycle: Establishing end-to-end data responsibility by assessing risks during the collecting, storing, preparing, sharing, analyzing, and using stages of the data life cycle.
Personal Data Protection
Risks of both misuse and missed use of data for and about children can emerge at different stages of the data life cycle. Issues related to data security, such as breaches, unauthorized access, and other intentional or incidental misuses of data can occur at each stage of the data life cycle and require targeted strategies for mitigation. At each stage, practitioners also face challenges in preventing harms that could arise from both personal data about children as well as group, aggregated, or statistical data about children.
Practitioners should also recognize data quality as a key element impacting end-to-end data responsibility. An adequate level of data quality can help practitioners to prevent harms and capitalize on opportunities to improve children’s lives with data. Poor data quality can create significant, compounding risks and negatively impact decision-making across the data lifecycle.
Proportional: Aligning the breadth of data collection and duration of data retention with the intended purpose.
Retention and Destruction
The collection and retention of children’s data should be relevant, limited, and adequate to what is necessary for achieving intended purposes. As indicated by the IASC Principle of Defined Purpose, Necessity and Proportionality, the issue of proportionality is closely related to and defined by the core purpose of data activities involving children.
While important for all data subjects, proportional data handling and appropriate decision-making regarding the retention and destruction of data is paramount for children. Disproportionate initial data collection or longer-term retention can exacerbate children’s actual or potential vulnerabilities and pose risks to their future prospects.
Protective of Children’s Rights: Recognizing the distinct rights and requirements for helping children develop to their full potential.
Human Rights-Based Approach
The Universal Declaration of Human Rights states that children are “entitled to special care and assistance,” and the Convention on the Rights of the Child outlines additional rights and entitlements that are unique to childhood. Data practices involving children must take into account these additional rights, as well the unique risks that irresponsible data practices can pose to children.
The RD4C Principles and the IASC Principles on Data Responsibility in Humanitarian Action provide development and humanitarian practitioners with a set of complementary, mutually reinforcing frameworks to guide safe and effective data handling. Watch this space for additional reflections and guidance on applying these and other responsible data principles and practices that can minimize instances of both misuse and missed use of data for and about children.
[Photo Credit: UNICEF/UN0277463/Bindra]