selected readings

Data has the potential to innovate and improve service delivery for children around the world, yet without earning the public trust in how we handle data that promise may be short lived or unfulfilled.

Global Kids Online. Using Research Findings for Policy Making. 2016.

Internet-related policy is a topic of fierce global debate, with questions such as, should it be national or international, who should oversee it, what should it relate to, how should it be developed and who should be the main stakeholders? When it comes to children and the internet, things are particularly complex as policies related to child rights tend to be scattered across different domains (health, education, welfare and justice), and are not always linked to broad public policy objectives related to the digital economy, digital society or to internet governance. This Guide examines the relationship between research and policy in this area, and supports researchers to frame their objectives and findings in ways that (directly or indirectly) support policy development processes that affect children.

Focus on Children’s Data & Responsibility (Cross-Sector)

Development
World Vision International. Data Protection, Privacy and Security for Humanitarian & Development Programs. 2017.

This discussion paper identifies the opportunities and risks of the use of data for humanitarian and development programs, provides several policy frameworks on data protection, presents ethical considerations, and studies the experience of World Vision International in protecting data related to their humanitarian activities. The paper cites the European Union General Data Protection Regulation as an example of a framework that specifies policies for the protection of children’s rights to privacy by requiring that “children must be able to understand the privacy notices, and that online services offered for children may only process data with a guardian’s consent unless they are preventative or counselling services.” To conclude, the authors acknowledge that the complexities of the contexts where humanitarian and development agencies operate “make it difficult to implement a fail-safe approach to data protection, privacy and security in its digital work. At the same time, it is incumbent on this sector to strive toward the highest level of integrity, ethics and technical ability to ensure the strongest possible data protection of vulnerable populations, and particularly children.”

Non-Governmental Organizations and Academia

Humanitarian Development Privacy & Security Ethics
UNOCHA and PIM. A Framework for Data Sharing in Practice: Part One. May 2017.

This document is the first of a two-part document and is divided into two sections. The first is a series of shared principles and a common “trust statement,” shared concepts and core competencies in this area. The second section defines a framework for data, information and analysis sharing for operationalizing the shared principles. The first step is a consideration of how to define the protection outcome (value proposition) of sharing data, based on a list of shared questions on motivations, risks and benefits, for partners and stakeholders. The shared questions focus on the original purpose for which the data was collected, the purpose for sharing and the purpose for which it’s used. This section also includes a set of guiding questions about how to make principles more actionable and practice-based.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security Ethics
PIM Working Group. Working Meeting Outcome Document. Second Protection Information Management. 2015.

The objective of protection information management (PIM) in humanitarian response is to provide quality data and information on individuals and groups of persons affected by natural or man-made disasters in a safe, reliable, and meaningful way. The goal of the first PIM Working Meeting was to begin the process of identifying the “discipline” and principles of the PIM and sharing these ideas with the humanitarian community The results of the meeting included a PIM definition and systems matrix, agreement on principles and competencies, outlining next steps (and creating this outcome document). Definition: “Protection Information Management refers to principled, systematized, and collaborative processes to collect, process, analyze, store, share and use data and information to enable evidence-informed action for quality protections outcomes.” The systems matrix enables identification of the best tools, systems and approaches, strengthens a common understanding of protection information concepts to ensure accuracy, and adds to the overall quality of PIM work. PIM also utilizes categories for different systems: protection monitoring and assessment, case management, population data, protection response monitoring and evaluation, communicating with affected populations, security / access / safety, and sectoral systems / other.

Non-Governmental Organizations and Academia

Development Privacy & Security
Global Kids Online. Researching the Benefits and Opportunities for Children Online. 2016.

This Method Guide situates current research on online benefits and opportunities in relation to key trends in global research on digital practice, and identifies the key issues that shape children’s capacity to maximize the positive impacts of their online engagement. The Guide aims to orient researchers in developing internationally comparable and culturally appropriate frameworks for understanding the scope and impact of the opportunities for children online.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security ICT & Social Media
UNICEF. The State of the World’s Children 2017: Children in a Digital World. 2017.

In this report, UNICEF presents several key messages on the state of children in the digital world: “Digital technology has already changed the world – and as more and more children go online around the world, it is increasingly changing childhood. Connectivity can be a game changer for some of the world’s most marginalized children, helping them fulfil their potential and break intergenerational cycles of poverty. But digital access is becoming the new dividing line, as millions of the children who could most benefit from digital technology are missing out. Digital technology can also make children more susceptible to harm both online and off. Already vulnerable children may be at greater risk of harm, including loss of privacy. The potential impact of ICTs on children’s health and happiness is a matter of growing public concern – and an area that is ripe for further research and data. The private sector – especially in the technology and telecommunication industries – has a special responsibility and a unique ability to shape the impact of digital technology on children.”

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Human Rights (inc. Child Protection)
UNHCR. Model agreement on the sharing of personal data with Governments in the context of hand-over of the refugee status determination process.

UNHCR creates a template of agreement between national government and international organizations that guides data sharing activities, aiming to protect the privacy and confidentiality of individual data while promoting service delivery at the same time.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security
Center for Global Development. “Privacy and Biometric ID Systems: An Approach Using Fair Information Practices for Developing Countries.” 2013.

The paper suggests ways to use the elements of Fair Information Practices in a biometric identification system to achieve a balanced outcome that protects privacy to an adequate degree. Using Privacy Impact Assessments to consider privacy consequences before making decisions can also assist in achieving a result that minimizes data processing activities that affect the privacy of individuals.

Non-Governmental Organizations and Academia

Development
UNICEF. Policy guide on children and digital connectivity. 2018.

The introduction to this policy guide includes the central statement: “children who are connected can benefit from numerous opportunities, but may also be exposed to a myriad of risks. Those who are not connected risk exclusion and disadvantage as most of the modern world remains out of their reach.” The guide is organized around six actions (and subsequent principles, resources, etc.) included in the State of the World’s Children 2017 Report, and is intended to be read along with that report. These actions are: All children have affordable access to high-quality online resources; Skills and literacies for all children, with a focus on the underserved; Protection from harm online; Safeguarding children’s privacy and identity online; Ethical business standards and practices; and Inclusive, evolving and evidence-informed government policies.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security ICT & Social Media
UNICEF. Module 1 - Child Rights in the ICT Sector.

In this powerpoint presentation, a section is dedicated to outlining key guidelines, frameworks and stakeholders protecting the rights children. More specifically, it includes: A chronological roadmap tracking legislation about protecting children’s rights leading up to and influencing the development of the COP guidelines; Business principles as they relate to children’s rights; Child rights’ stakeholders and their networked organizations’ work; UNICEF’s role in protecting children’s rights in this ecosystem with various multi-stakeholders.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Human Rights (inc. Child Protection)
UN Office for Outer Space Affairs. International Charter for Space & Major Disasters. 2000.

The Charter on Cooperation to Achieve the Coordinated Use of Space Facilities in the Event of Natural or Technological Disasters is both a methodology and international collaboration bringing together global actors to leverage satellite imagery data responsibly in the public interest. The Charter utilizes satellite data that shows natural and man-made disasters with the intention to help inform mitigation and management strategies to these catastrophes. The Charter allows resources and expertise to be coordinated for rapid response, and aids civil protection authorities at the local level, as well as the international humanitarian community.

Data Responsibility Approaches and Models

Humanitarian Development
UNOCHA. Building data responsibility into humanitarian action. 2016.

The humanitarian data ecosystem is responsible for protecting vulnerable populations from possible harms caused by certain data usage practices, such as disclosure of sensitive personal data and demographic data. The authors argue that the concept of “data responsibility” is more than “data privacy” and “data protection” – it entails a set of principles, processes, and tools to create social good through responsible data management. This report also cites a few case studies to show application of the below steps that are central to responsible data usage: Considering context and purpose for generated and shared data; Evaluating data storage and inventory; and Locating risks and harms with possible data usages before that practice is initiated, in addition to reducing the likelihood of such risks.
Baseline standards for responsible data in action are: Identifying the need; Assessing core competencies; Managing risk to vulnerable populations; Adhering to legal and ethical standards; Responsibility as a process, not a policy; and “Bright line” rules and “red button” responses.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security
Global Kids Online. Understanding Children’s Well-Being and Rights in the Digital Age. 2016.

Global Kids Online is an international research project that aims to contribute to gathering rigorous crossnational evidence on children’s online risks, opportunities and rights by creating a global network of researchers and experts and by developing a toolkit as a flexible new resource for researchers around the world. The project was funded by UNICEF and WePROTECT Global Alliance and jointly coordinated by researchers at the London School of Economics and Political Science (LSE), the UNICEF Office of ResearchInnocenti, and the EU Kids Online network. This guide introduces the Global Kids Online research framework. It identifies the global research challenge of researching children’s internet and mobile use as more children go online around the world. It provides a review of available statistics and research literature. The guide considers a mapping of evidence onto a childs-rights agenda and asks how internet use is reconfiguring children’s rights.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Ethics
UNICEF. Children’s Online Privacy and Freedom of Expression. 2018.

This toolkit builds on the Guidelines for Industry on Child Online Protection (UNICEF, 2015) to further explore the corporate responsibility to respect children’s rights in a digital world and suggests that there is a shared responsibility to protect, respect, and realize the rights of the child. UNICEF states that public obligations and private responsibilities should be governed by a set of general principles that put children’s online privacy and expression rights in context: Children have the right to privacy and the protection of their personal data. Children have the right to freedom of expression and access to information from a diversity of sources. Children have the right not to be subjected to attacks on their reputation. Children’s privacy and freedom of expression should be protected and respected in accordance with their evolving capacities. Children have the right to access remedies for violations and abuses of their rights to privacy and free expression, and attacks on their reputation. The toolkit provides a checklist for use by any company that has an impact on children’s privacy and expression rights in a digital world. The Checklist groups potential impacts on children’s privacy and freedom of expression into four categories: Obtaining children’s personal data Using and retaining children’s personal data Ensuring children’s access to information Educating and informing children online

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security ICT & Social Media
DIAL, Gates Foundation, SIDA, UNICEF, UNDP, USAID, WHO and World Bank. Principles for Digital Development.

The Principles for Digital Development were developed by a consortium of international organizations seeking to unify and build common practices around the use of data and technology in international development. The Principles for the Digital Development include the following concepts: Design with the user Understand the existing ecosystem Design for scale Build for sustainability Be data driven Use open standards, open data, open source, and open innovation Reuse and improve Address privacy and security Be collaborative.

Data Responsibility Approaches and Models

Development Privacy & Security ICT & Social Media
UNDG. Data Privacy, Ethics, and Protection. 2017.

This document sets out general guidance on data privacy, data protection and data ethics for the United Nations Development Group (UNDG) concerning the use of big data, collected in real time by private sector entities as part of their business offerings, and shared with UNDG members for the purposes of strengthening operational implementation of their programmes to support the achievement of the 2030 Agenda.

Data Responsibility Approaches and Models

Development Privacy & Security Ethics
Technical Working Group on Data Collection on Violence against Children. "Ethical principles, dilemmas and risks in collecting data on violence against children: A review of available literature." 2012.

This paper provides a review of the emerging ethical issues concerning data science relating to children. Its review is based upon an Internet and professional network search, which found 83 documents meeting the project criteria. The authors reviewed several major ethical frameworks that guide actions applicable to social research involving children. These include: A Duty-Based Framework: This framework takes a deontological approach with the underlying view that “right actions are those that treat people as ends, never as means to an end.” Duty-based principles are evident in terms of voluntary consent, freedom to retract consent, and avoidance of unnecessary harm. A Best Outcomes Framework: This approach is consequentialist, arguing that the rightness of an action depends on whether it does the greatest overall good for the greatest number of people. However, this approach can be less beneficial to the individual child. Rights Framework: This approach aims to promote and protect children’s rights as articulated in the United Nations Convention on the Rights of the Child, specifically the right for others to consider the best interests of the child, the right to non-discrimination, and the right to be heard. Virtue-Based Approach: This approach focuses on “being rather than doing, on the qualities of moral agency rather than on choices or actions per se.” While it can allow researchers to consider ethical dilemmas, it can be limited by a lack of universal agreement on virtues. It also identifies common ethical issues that researchers should consider, including: Privacy and Confidentiality: Researchers should take steps to protect the personal information of those children with which they engage; Child Protection: Researchers ought to have a contingency plan for providing support or referral for children who are at risk of harm; Dissemination of Findings: Researchers should guarantee their work is communicated to those who can effectively promote positive action and take care to ensure their findings do not place children at risk; Training of Researchers: Researchers should ensure they have the skills to appropriately collect information, particularly if collection involves interviews and the possibility of re-traumatization; Welfare of Researchers: Researchers should guarantee they themselves are protected from harm; Local Context: The researchers should understand the environment in which they operate; Community Consultation: To demonstrate transparency, consent should be sought from the larger community whose children are being engaged.

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Human Rights (inc. Child Protection) Ethics
IOM. “IOM Data Protection Manual.” 2009.

IOM’s data protection statement is: “IOM shall take all reasonable and necessary precautions to preserve the confidentiality of personal data and the anonymity of data subjects. All personal data shall be collected, used, transferred and stored securely in accordance with the IOM data protection principles.” IOM has 12 data protection principles that the manual details in subsequent chapters, including: lawful and fair collection, specified and legitimate purpose, data quality, consent, transfer to third parties, confidentiality, access and transparency, data security, retention of personal data, application of the principles, ownership of personal data, oversight, compliance and internal remedies, (and exceptions). The next section of the manual reviews the data protection guidelines, including how to use the guidelines, what kind of terminology is used, and asks critical questions related to personal data protection. The manual ends with sets of templates and checklists to be used as a guide and ensure application of the IOM data protection principles and guidelines.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security
Center for Global Development. 2017. “Identification Revolution: Can Digital ID Be Harnessed for Development?”

Recent advances in the scope and sophistication of identification systems could have far-reaching consequences for development. ID systems can advance the Sustainable Development Goals by helping to realize individual rights, build state capacity, improve accountability, and expand opportunity. ID systems can also exclude vulnerable groups, support institutionalized discrimination, and facilitate the exploitation of personal data. Principles that speak to inclusion, robust and responsive design, and accountable governance of ID systems, and good-practice examples from countries at the forefront of ID management should be considered by all stakeholders as ID programs move forward. Infants and very young children represent a frontier for identity management systems. Biometric enrollment is extending to children as young as 5 and potentially even younger, increasing the importance of integrating, or at least closely coordinating, civil registration and identification. Risks of ID programs include exclusion, misuse, and wasteful investments.

Non-Governmental Organizations and Academia

Humanitarian Development
Center for Global Development. “Identification for Development: The Biometrics Revolution.” 2013.

Individuals’ lack of official identity documents represents a widespread problem in the developing world and is a major hurdle for citizens to receive various kinds of services, such as education, employment, healthcare, and voting rights. This paper studies 160 cases where biometric identification has been used for economic, political, and social purposes in developing countries. Some cases suggest large returns to its use, with potential gains in inclusion, efficiency, and governance. In others, costly technology has been ineffective or, combined with the formalization of identity, has increased the risk of exclusion. It concludes that identification should be considered as a component of development policy, rather than being seen as just a cost on a program-by-program basis. Within such a strategic framework, countries and donors can work to close the identification gap, and in the process improve both inclusion and the efficiency of many programs.

Non-Governmental Organizations and Academia

Development
UNOCHA and PIM. Framework for Data Sharing in Practice. May 2018.

This document includes a trust statement to serve as an agreement to which two parties agree as an indication of their commitment to the Framework when sharing data. The document summarizes the minimum shared principles that underlie and characterize the responsible handling, sharing, and use of data and information: People-centered and inclusive Do no harm Defined purpose Informed consent and confidentiality Data responsibility, protection, and security Competency and capacity Impartiality Coordination and collaboration It also includes guidelines for creating shared and commonly understood processes for data management in a data sharing environment such as establishing core competencies and completing a joint benefit and risk assessment.

Data Responsibility Approaches and Models
Oxfam. Responsible Data at Oxfam: translating policy into practice. 2017.

This report from The Engine Room evaluates the data responsibility practice at Oxfam. The report aims to help Oxfam understand two questions: 1) how is the concept of responsible data perceived within Oxfam?; 2) how is Oxfam’s Responsible Data Policy being implemented in practice, and what are the barriers to its further implementation? The authors interviewed key staff and reviewed responsible data-related materials created by Oxfam. The research indicated that staff find the policy relevant and important. Further, it identifies several areas for improvement that could increase uptake of the policy and further develop related resources to allow programme staff to apply responsible data principles more closely in practice. Recommendations include new training mechanisms for senior management, prioritization of user-centred design, and creating an operational checklist to guide responsible implementation.

Non-Governmental Organizations and Academia

Development Privacy & Security
Security Dialogue. “Experimentation in Humanitarian Locations: UNHCR and Biometric Registration of Afghan Refugees.” 2015.

Jacobsen studies the biometric registration of Afghan refugees and finds that this methodology comes with various risks for the refugee population.

Non-Governmental Organizations and Academia

Humanitarian ICT & Social Media
World Bank Group. “Identification in the Context of Forced Displacement.” 2016.

In this paper, Bronwen describes the consequences of not having an identity in a situation of forced displacement. It prevents displaced populations from receiving various services and creates higher risks of exploitation. It also lowers the effectiveness of humanitarian actions, as the delivery of services can suffer when displaced populations do not have trusted identities. The lack of identity can be both the consequence and the cause of forced displacement. People who have no identity can be considered illegal and risk being deported. At the same time, conflicts that lead to displacement can also result in loss of ID during travel. This paper identifies the different stakeholders and their interest in the case of identity and forced displacement and finds that the biggest challenge for providing identity to refugees is the politics of identification and nationality. The World Bank concludes that in order to address this challenge, there needs to be a more solid coordination among governments, international organizations, and the private sector to come up with an alternative of providing identification and services to the displaced persons. In addition, it is also essential to ensure that national identification becomes a universal practice for states.

Donor Organizations

Humanitarian
Centre for Innovation, Leiden University, and GovLab. Mapping and Comparing Responsible Data Approaches. 2016.

Berens and Verhulst examine existing institutional data responsibility approaches in order to extract best practices in governing data for humanitarian needs. The paper compares 17 data responsibility approaches from international organizations of various sizes and missions. The authors find that there is a critical need for leadership to set data responsibility principles and to lead inter-agency coordination, and shares the following takeaways: In drafting a data responsibility policy, it is important to create clear, specific rules, while at the same time providing room for improvisation in the face of dynamic social needs. Further, it emphasizes the need to assign clear roles and responsibilities to certain entities. Innovation is also regarded as a key element in creating a relevant data responsibility framework. In addition, a good data responsibility policy should have a clear and straightforward language. And finally, as this field is recent and developing, it is important to gather evidence on what works.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
WEF. Principles on Public-Private Cooperation in Humanitarian Payments. 2017.

The use of cash-based assistance in humanitarian emergencies has increased as a result of its efficiency and effectiveness in delivering beneficiary-centered assistance. Drawing on this result, six principles are created as a set of guidelines for public-private partnership in delivering and bettering humanitarian assistance: Build strategic partnerships pre-crisis to prepare for response; Design the transfer mechanism; Collect data that is relevant, proportional and standardized/shareable; Protect, empower and serve the customer; Encourage coordinated approaches; and Build institutional capacity for partnerships.

Non-Governmental Organizations and Academia

Humanitarian ICT & Social Media Ethics
UNICEF. Data for Children Strategic Framework. 2017.

UNICEF “believe(s) that smart demand, supply and use of data drives better results for children.” The UN agency strives to understand both what it means to realize the full potential of data for children, as well as its own role in that process. This strategic framework is a starting point for much more work to follow. This framework, which is intended to focus on making a more cohesive picture of UNICEF’s disparate data investments, is widely applicable and was collaboratively developed through phases involving research and interviews, consultations, and management review. The framework outlines five basic principles of UNICEF’s data work: 1) data demand, supply and use are equally important, 2) data investments must support government data systems not supplant them, 3) effective data systems must function both within and across sectors, 4) different data are appropriate for different uses and contexts, and 5) data for children is a team sport and working with partners is essential to create value.

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Development Human Rights (inc. Child Protection)
Just Peace Labs. Ethical Guidelines for Peace Tech. 2017.

This report details a set of guidelines for peace-tech practitioners who are engaged in conflict or post-conflict markets. The offered guidelines are intended to be practical, and offers questions and topics to consider, and resources for a more focused look at certain issues. The text primarily focuses on ethical and security considerations related to the use of ICT in recently post-conflict countries in order to demonstrate the magnitude of these challenges, given the highly sensitive nature of such locations.
The guide is organized into two main parts: the first one outlines ethical, privacy and security challenges and the second one reviews the ways to put ethical obligations in practice.

Non-Governmental Organizations and Academia

Humanitarian Development Ethics
UN Global Pulse, UNHCR Innovation Service. Social Media and Forced Displacement: Big Data Analytics & Machine Learning. 2017.

This white paper summarizes the initial findings and lessons learned from a project conducted by UNHCR’s Innovation Service and UN Global Pulse to inform on the viability and value of social media analytics to complement understandings of the Europe Refugee Emergency. The paper outlines the process, questions and methodology used to develop the project and presents preliminary observations on how aspects of the Europe Refugee Emergency are related on Twitter. The paper describes ten quantitative social media mini-studies that were developed as part of the project. Social media monitoring can provide significant value to decision makers in dynamic contexts where humanitarian access is poor, the information landscape fragmented, and social media is widely used. The researchers found that there are limitations to analysis based on social media monitoring including underrepresentation, query inaccuracies, classification inaccuracies, and difficulties classifying users based on language and geolocation. More generally, the researchers discovered that working with social media requires a dynamic mindset since the project had to adapt and iterate rapidly and required more resources and labor than initially identified. Moving forward, UNHCR sees an opportunity to integrate new data sources into its work to bring more data-driven evidence into decision-making processes and advocacy efforts.

Data Responsibility Approaches and Models

ICT & Social Media
UNICEF. Good Practice Principles on Information Handling and Management in Child Protection Information Management Systems. 2016.

In addition to creating manual and technology-based Child Protection Information Management Systems (CPIMS), UNICEF has also recognized that adequate guidance for using these tools is also needed. This guidance is provided in nine “Good Practice Principles,” which are meant to be interpreted with the “best interests of the child” in mind. This guidance does the following: Reflects current priority issues; Applies only to a CPIMS related to specific child protection project and only during the lifetime of that CPIMS; Is applicable to UNICEF and the governments it works with; Is directed toward child protection actors and IT actors; Targets “good practice”; and Requires development of standards and tools in order to be fully operationalized. The principles are organized according to each aspect of CPIMS design: planning / collection / storage and transmission / sharing phases; see page 5 for the full list of principles, and page 4 for the principle relationship diagram.

Focus on Children’s Data & Responsibility (Cross-Sector)

Development Privacy & Security
UNICEF. Digital Contact Tracing and Surveillance during COVID-19: General and Child-Specific Ethical Issues

This UNICEF working paper “explores the implications for privacy as the linking of datasets increases the likelihood that children will be identifiable and consequently, the opportunities for (sensitive) data profiling. It also frequently involves making data available to a broader set of users or data managers.”

The paper, developed and released in the context of the COVID-19 pandemic, provides a set of key messages and recommendations organized according to the RD4C Principles of Purpose-Driven, Proportional, Professionally Accountable, People-Centric, Participatory, Protective of Children’s Rights, and Prevention of Harms Across the Data Lifecycle.

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Development Privacy & Security Human Rights (inc. Child Protection) ICT & Social Media Ethics
UNICEF. Information Disclosure Policy. 2011.

This webpage establishes UNICEF’s commitment to public transparency and accountability. The organization promises to make its information accessible except for raw data, information that could endanger safety or security of individuals or UN member states, and other data where an expectation or requirement for confidentiality exists.

Data Responsibility Approaches and Models

Development Privacy & Security Ethics
OECD. The OECD Privacy Guidelines. 2013.

The OECD has played an important role in promoting adherence to privacy as a basic personal right, as well as a condition needed for the free flow of personal data across borders. In 2013, the OECD revised its privacy guidelines for the first time since 1980 to account for the transformational change of scale that sophisticated technologies brought to economies, societies, and people’s daily lives. Among other guidelines, the document features eight “Basic Principles of National Application:” Collection Limitation Principle Data Quality Principle Purpose Specification Principle Use Limitation Principle Security Safeguards Principle Openness Principle Individual Participation Principle Accountability Principle

Non-Governmental Organizations and Academia

Privacy & Security Human Rights (inc. Child Protection)
Oxfam. Responsible Program Data Policy. 2015.

In this document, Oxfam argues that “using data responsibly is not just an issue of technical security and encryption but also of safeguarding the rights of people to be counted and heard; ensure their dignity, respect and privacy; enable them to make informed decisions; and not be put at risk, when providing data.” This document sets out the policy for the treatment of program data by Oxfam throughout the data lifecycle from planning to collection through to disposal. This data may pose varying degrees of risk to different stakeholders, including but not limited to the people who provide data, those that collect it, and Oxfam; therefore, this policy includes definitions and requirements for managing high-, medium-, and low-risk data.

Non-Governmental Organizations and Academia

Development Privacy & Security Ethics
Interaction. Protection Working Group: Data Collection in Humanitarian Response - A Guide for Incorporating Protection. 2003.

InterAction is the largest alliance of U.S.-based international development and humanitarian nongovernmental organizations. With 160 members operating in every developing country, InterAction works to overcome poverty, exclusion, and suffering by advancing social justice and basic dignity for all. This guide was produced by members of InterAction’s Protection Working Group, whose aim is to enhance the capacity of humanitarian actors in the protection of refugees, internally displaced persons and civilians affected by conflict.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
UNOCHA. Humanitarian Data Exchange Terms of Service

The purpose of the Humanitarian Data Exchange (HDX) platform is to enable the sharing of data across the humanitarian community. Humanitarian data is defined as: data about the context in which a humanitarian crisis is occurring (e.g., baseline/development data, damage assessments, geospatial data); data about the people affected by the crisis and their needs; and data about the response by organisations and people seeking to help those who need assistance.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security
UNFPA. Information Disclosure Policy.

This webpage establishes the United Nations Population Fund’s commitment to making its information available to the public whenever possible. It also outlines exceptions to this principle, such as information covered by legal privilege, internal office documents, and information that could cause harm to individuals.

Data Responsibility Approaches and Models

Development Privacy & Security Ethics
Conflict and Health. Ethical considerations for children’s participation in data collection activities during humanitarian emergencies: A Delphi review. 2017.
The authors of this paper recognize the need for child data collection in emergency settings and acknowledges that such activities may expose children to risks. The objective of the study is to identify expert consensus on whether or not children should participate in data collection activities in humanitarian emergency situations. The study utilizes a three-round Delphi technique and the results are:
- “respondents strongly supported children’s right to participate in data collection in humanitarian settings, while also recognizing that protecting children from harm may ‘override’ the participation principle in some contexts.
- “Respondents identified capacity and contextual considerations as important factors influencing participation decisions, though they sometimes disagreed about how these factors should determine participation.
- Respondents also considered the role of individual child factors and the presence of caregivers in selecting child participants, and proposed best practice approaches for securing children’s safe and meaningful participation” – such as the use of contextual risk analyses to determine whether children should participate in a given initiative.
Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Ethics
ILO. Is biometric technology in social protection programmes illegal or arbitrary? An analysis of privacy and data protection.

Social protection programmes process large amounts of data – including sensitive biometric information – and this data can be shared with different public and private actors domestically and abroad. Such data exchanges can create benefits, such as increasing efficiencies, but they can also create risks. This text aims to guide social protection practitioners as they answer questions about programme design and implementation that are often overlooked – even though data protection and privacy laws are fairly widespread in most countries today.
The report references the OECD Data Protection Principles and argues that the most relevant ones for social protection systems are: 1) collection limitation, 2) fair and lawful processing, 3) purpose specification and use limitation, 4) security safeguarding, 5) individual participation, and 6) accountability.

Data Responsibility Approaches and Models

Development
UNICEF. Children and the Data Cycle: Rights and Ethics in a Big Data World. 2017.

In this report, the authors outline their rationale for a greater focus on child rights and ethics in data science and suggest steps to move forward, focusing on the various actors within the data chain including data generators, collectors, analysts and end-users. It identifies typical players in the Child Data Cycle including Data Providers, Data Collectors, Data Analysts, and Data Users. It identifies possible approaches to addressing ethical issues relating to the child data cycle such as: Education Consultation Regulatory frameworks Privacy by Design Accountability Transparency

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Privacy & Security
ICRC. Handbook on Data Protection in Humanitarian Action. Geneva. 2012.

This Handbook provides further discussion on the resolution on Privacy and International Humanitarian Action, launched by the International Conference of Data Protection and Privacy Commissioners’ in 2015. It seeks to assist humanitarian organizations in following the personal data protection standards in humanitarian setting, by providing a set of recommended minimum standards for the processing of personal data. In protecting individual privacy, the handbook suggests three principles of data processing which are aggregation, pseudonymization, and anonymization of data subjects. The handbook specifies that children “are a particularly vulnerable category of Data Subjects, and the best interests of the child are paramount in all decisions affecting them. While the views and opinions of children should be respected at all times, particular care should be taken to establish whether the child fully understands the risks and benefits involved in a Processing operation and to exercise his/her right to object and to provide valid Consent where applicable. Assessment of the vulnerability of children will depend on the child’s age and maturity.”

Non-Governmental Organizations and Academia

Humanitarian Development Ethics
Privacy International. The Keys to Data Protection: A Guide for Policy Engagement on Data Protection. 2018.

The document states that protecting privacy in the digital age is essential to effective and good democratic governance. However, there is still a lack of legal and institutional frameworks, processes, and infrastructure to support the protection of data privacy and rights despite the increasing volume and use of personal data together with the emergence of technologies enabling new ways of processing and using it. The document explains data protection, outlines general provisions, definitions, and scope, data protection principles, rights of data subjects, grounds for processing of personal data, and obligations of data controller and processors. The guide references examples from around the world. There is a strong focus on examples from the European Union data protection framework, as one of the most recent and comprehensive frameworks, as well as regional and international guidelines and treaties. This guide is for CSOs around the world and can be adapted to suit different national frameworks and local contexts. Data protection principles are: Fair, lawful, and transparent Minimization Accuracy Storage limitation Integrity and confidentiality Accountability principle Rights of data subjects are: Right to information Right to access Rights to rectify, block, and erasure Right to object Right to data portability Rights to profiling and automated decision making Right to an effective remedy Right to compensation and liability Grounds for processing of personal data are: Consent Public interest Legitimate interest Processing of personal data for scientific, historical, or statistical purposes

Non-Governmental Organizations and Academia

Privacy & Security
World Vision International. World Vision International Child Protection Standards. 2012.

The World Vision International Child Protection Standards delineate policies, definitions, protocols, and principles surrounding child protection which aim to prevent and respond to “exploitation, neglect, abuse, and other forms of violence affecting children.” These standards do not have express provisions on child data protection, but it provides a basis for it under its “Communications, Social Media, and Technology” section, which stipulates that all forms of communication must treat and portray children with dignity and staff must provide informed consent to children whose image, voice, or story are gathered by World Vision staff. To prevent harm in communications, World Vision employs standards, such as: All materials published digitally will not include identifiable information such as names, sponsorship ID numbers, personal location/address. Personal child information that is stored or sent electronically is password protected.

Focus on Children’s Data & Responsibility (Cross-Sector)

Development Human Rights (inc. Child Protection)
ICRC. Rules on Personal Data Protection. Geneva. 2017.

These rules are intended to ensure that the ICRC can carry out its mandate under international humanitarian law (IHL) and the Statutes of the International Red Cross and Red Crescent Movement (Statutes of the Movement) while abiding by internationally recognized standards for protecting Personal Data. It consists of twenty-seven basic principles of data responsibility, including, legitimate and fair processing, transparent processing, retention, destruction and archiving of data that are no longer needed, assertion of data protection rights by individual, and limitations of data transfers.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
LIRNEasia. Draft Guidelines for Third-Party Use of Big Data Generated by Mobile Network Operators. 2014.

Telecommunications - LIRNEasia, a think tank working to promote the use of knowledge, information, and technology in the Asia Pacific region, drafted a set of guidelines intended for third parties seeking to use data generated by Mobile Network Operators (MNOs). The set of guidelines seek to minimize the risks of data utilization by third parties by creating standard procedures of data sharing for social good. The potential risks delineated in the document include unauthorized surveillance, identification of individuals and groups, use of data beyond initial purpose without agreement, among others. Consequently, LIRNEasia outlines the mechanism that can mitigate the identified risks. For example, to address de-anonymization, LIRNEasia proposes that a working group be formed to monitor the knowledge and techniques used in anonymization and de-anonymization.

Non-Governmental Organizations and Academia

Privacy & Security
The Engine Room. Shooting our drive into space and other ways to practise responsible development data. 2014.

This text focuses on the concept of responsible data as it relates to the field of international development. While the report contextualizes several methods and practices developed in academia, human rights and advocacy, etc., it is specifically targeted at people engaged in international development work. The authors review the opportunities and risks introduced through the use of data for development, challenges many common data misconceptions, and outlines how to handle data in a responsibly in a development context. The text also considers legal implications of this work, notions of consent, privacy, and human-centric data practice, how to verify the integrity of data, as well as understanding how and when to share data responsibly. The authors also provide several explanatory case studies and ends with a section on further resources for responsible data practice in international development. The Engine Room (2016) The Hand-Book of the Modern Development Specialist: this interactive website is an updated version of this text: http://responsibledata.io/resources/handbook/

Non-Governmental Organizations and Academia

Development
Oxfam. Responsible Data Management (RDM) Training Pack. 2017.

This training pack is intended for humanitarian organizations. It was developed to help introduce the principles of responsible data management, the planning processes that can be used, and to examine how to handle unexpected issues that arise in different contexts.

Non-Governmental Organizations and Academia

Development Privacy & Security Ethics
UNICEF, UNHCR, and ICRC. Information and Communication Technology for Child Protection Case Management in Emergencies: A Framework for Design, Implementation, and Evaluation. Prepared by the mHELP/HealthEnabled Research Team for UNICEF, UNHCR, and ICRC.

Institutions like ICRC, UNICEF, and UNHCR are moving away from paper-based systems and starting to use digital solutions for child protection case management in emergencies (CPCME). In order to assess the impact of ICT on CPCME, this document details a three-phase research project: 1) desk research, 2) field research, and 3) analysis and synthesis. The main findings of this project (conducted in both Kenya and Sudan) include: Limited evidence in literature on reducing vulnerability and improving child protection in relation to this subject;
Investments in ICT for CPCME have targeted data management solutions and improving administrative processes; The systems of focus looked mostly at family tracing and reunification, and especially registration; Data sharing enhances coordination and collaboration across agencies; Data was used for action, only on an ad-hoc basis; and Serious barriers remain (lack of interoperability, confidentiality concerns, staff turn-over, etc.) but the possible successes appear promising (more collaboration across agencies, use ICT to engage children, re-imagine work flows that need updating, etc.)

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Privacy & Security ICT & Social Media
GSMA. Guidelines on the protection of privacy in the use of mobile phone data for responding to the Ebola outbreak. 2014.

GSMA is an association of mobile operators worldwide, comprising nearly 800 operators and over 300 companies in the mobile ecosystem, such as handset and device makers, internet companies, and many others. This document, released in the midst of the 2014 Ebola crisis in East Africa, outlines the privacy standards that mobile operators should apply when subscriber’s mobile phone data was used as part of the responses to the outbreak. The standards are: The mobile phone numbers of subscribers making and receiving calls or text messages will be anonymised by mobile operators. Anonymised CDR data will not be transferred outside of the operator’s system/premises. All analysis will take place on mobile operator’s systems, in their premises and under operator supervision. No analysis will be undertaken that singles out identifiable individuals. Only the output of the analysis (i.e. the resulting non-sensitive data on population mobility estimates, aggregate statistics, indicators, etc.) will be made available to relevant and approved aid agencies, government or research agencies that can use these inputs in their modelling and planning efforts.

Private Sector Organizations

Humanitarian Privacy & Security ICT & Social Media
UNHCR. Privacy Impact Assessment of UNHCR Cash Based Interventions. 2015.

Cash transfers can address a critical need for people in emergency situations and have increasingly been used by humanitarian organizations because of their time efficiency and cost effectiveness. However, in this document UNHCR acknowledges that the way in which the organizations determine eligibility for cash assistance involves data “aggregation, profiling, and social sorting techniques”, which raises privacy issues. UNHCR conducts a Privacy Impact Assessment (PIA) to identify the privacy risks posed by their program and to enhance safeguards that can mitigate those risks. One of the key findings found in this assessment is related to legitimizing purpose of data collection, where the challenge lies in ensuring that individuals’ data will not be used for purpose other than initially specified.

Data Responsibility Approaches and Models

Humanitarian Development Privacy & Security
DLA Piper. Data Protection Laws of the World. 2017.

Data protection legislation is becoming more and more common around the world, and it is important that organizations safeguard personal data and assess their risks and legal responsibilities. The handbook insists that a comprehensive compliance program can act as a tool to help mitigate these risks. This handbook provides an overview of the privacy and data protection policies, laws, and regulations in 77 countries, as well as a primer for businesses regarding the related complex measures of compliance.

Comparative Review of Domestic Data Responsibility Frameworks

Privacy & Security
Center for Global Development. “Birth Registration, Legal Identity, and the Post-2015 Agenda." 2014.

This paper attempts to clarify the extent to which universal legal identity through birth identification can serve as a development goal. The authors argue the discussion often conflates legal identify and birth identity, two distinct topics, and offers language that could be used to measure each. The authors continue by arguing that, by 2030, all countries should attempt to halve the rate at which births for children under 5 are unregistered as well as reduce the average age of birth registration. As a second metric, they call for all individuals by 2030 to have a well-defined legal identity by the time they reach adulthood.

Non-Governmental Organizations and Academia

Development
ICRC. Professional Standards for Protection Work. Geneva. 2013.

These standards from the Red Cross constitute what are considered by the community of practitioners as minimum requirements for all humanitarian and human rights actors planning or carrying out protection activities in armed conflict and other situations of violence. These standards define the minimum baseline that all humanitarian and human rights actors doing protection work should maintain. One chapter of the document is focused specifically on “Managing Data and Information for Protection Outcomes.” The guidelines outlined in that section are organized within the following areas: General Standards for the Management of Data and Information: Competencies and capacities Inclusive people-centred approach Clearly defined, specific purpose Cooperation and exchange Avoiding bias and discrimination Specific Standards for the Management of Personal Data and Sensitive Protection Data and Information: Compliance with relevant legal frameworks Legitimate and fair processing Data minimization Data quality Data retention Data security Confidentiality Sharing, transferring and publishing Accountability Assessing the Risks

Non-Governmental Organizations and Academia

Humanitarian Development
World Vision International. Open Information Policy. 2010.

In its Open Information Policy, World Vision emphasize its commitment to being a transparent and accountable organization by sharing their annual reports and other documents pertaining to various accountability and compliance reporting. At the same time, it also recognizes the importance of protecting sensitive data that includes information that is private, confidential, relating to safety and security, legal advice, and internal communications, processes, and administrative details.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
Responsible Data. Responsible Development Data Book. 2014.

This book explores what responsible data means in the context of international development programming by building on resources and strategies developed in academia, human rights, and advocacy. The focus is on international development practitioners. The book is divided into thematic, independently readable sections. The six main sections cover the spectrum of considerations, practical methods, and responsible data challenges in different phases of a project. The phases of a project as defined here are: Designing a project Managing data Getting data Understanding data Sharing data Closing a project The book dives into relevant case studies and provides resources relevant to each section.

Non-Governmental Organizations and Academia

Development Privacy & Security Ethics
UNOCHA. Humanitarian Principles. 1991, 2004.

All OCHA activities are guided by four humanitarian principles: humanity, neutrality, impartiality and independence. “Humanity: Human suffering must be addressed wherever it is found. The purpose of humanitarian action is to protect life and health and ensure respect for human beings. Neutrality: Humanitarian actors must not take sides in hostilities or engage in controversies of a political, racial, religious or ideological nature. Impartiality: Humanitarian action must be carried out on the basis of need alone, giving priority to the most urgent cases of distress and making no distinctions on the basis of nationality, race, gender, religious belief, class or political opinions. Independence: Humanitarian action must be autonomous from the political, economic, military or other objectives that any actor may hold with regard to areas where humanitarian action is being implemented.” These principles are intended to provide the foundations for humanitarian action. They are central to establishing and maintaining access to affected people, whether in a natural disaster or a complex emergency, such as armed conflict. Promoting and ensuring compliance with the principles are essential elements of effective humanitarian coordination. The humanitarian principles are derived from the core principles, which have long guided the work of the International Committee of the Red Cross and the national Red Cross/Red Crescent Societies.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security Ethics
Terres des hommes and CartONG. Data Protection Starter Kit. 2017.

This starter kit offers first-level support on data protection for field staff who work with data from Tdh-supported groups and communities. The starter kit comes in the form of two components (with a third tool for encryption of mobile data collection to be added): Introduction pack: provides an overview document about data protection, as well as a self-assessment tool to increase awareness about protections, risks, and how to mitigate any harmful issues related to data. Tutorials pack: recommends several lessons / trainings about responsibly handling data, which include (but aren’t limited to): how to choose, store and organize passwords, how to encrypt files that contain sensitive data, how to protect mobile devices, etc.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security
Netherlands Red Cross. 510 Data Responsibility Policy

The 510 Data Responsibility Policy was drafted by the Data Responsibility Project Team at 510 in the Netherlands and seeks to “incorporate principles for the responsible use of data in our daily work in a concise and workable manner.” The policy provides seven key principles for humanitarian actors seeking to leverage and handle potentially sensitive information in a responsible manner: Purpose specification Respect for the rights of the data subject Do no harm Necessity and proportionality Legitimate, lawful and fair use Data security Data quality

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
UNICEF. A Global Agenda for Children’s Rights in the Digital Age. 2014.

Policy frameworks and guidelines are currently being developed at the national and internationally level, largely in the Global North, and this report asks whether or not sufficient research exists to support evidence-based policy about children’s online privacy. Four areas have been found to be lacking: Little knowledge about how to support children’s online opportunities Children’s vulnerabilities aren’t widely understood, which prevents protective strategies from being implemented Global North solutions aren’t necessarily applicable in the Global South Lack of comparable baseline data, policy and programme evaluations exist in order to create and share best practices The authors argue that UNICEF needs to develop an agenda for Children’s Rights in the Digital Age, referencing the UNCRC guiding principles for a framework that includes provision, protection and participation rights for children both on and offline. This agenda can potentially include internal policy and programme guidance and a comprehensive research strategy.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Human Rights (inc. Child Protection) ICT & Social Media
UKAN. The Anonymisation Decision-Making Framework. 2016.

This book provides a practical guide for understanding and implementing anonymisation techniques to help advance business and organizational goals. The three central features of the text are anonymization, risk and sensitivity. The book’s Anonymisation Decision-Making Framework (ADF) consists of ten components: 1) describe your data situation, 2) understand your legal responsibilities, 3) know your data, 4) understand the use case, 5) meet your ethical obligations, 6) identify the processes you will need to assess disclosure risk, 7) identify the disclosure control processes that are relevant to your data situation, 8) identify stakeholders and plan how you will communicate, 9) plan what happens next once you shared or released the data, 10) plan what you will do if things go wrong.
These ten needs make up three key anonymization activities: Data situation audit; Risk analysis and control; and Management control.

Non-Governmental Organizations and Academia

Privacy & Security ICT & Social Media Ethics
UNHCR. Policy on the Protection of Personal Data of Persons of Concern to UNHCR. 2015.

This policy outlines the rules and principles regarding processing of personal data of persons of concern to UNHCR with the purpose of ensuring that the practice is consistent with UNGA’s regulation of computerized personal data files that was established to protect individuals’ data and privacy. UNHCR requires its personnel to apply the following principles when processing personal data: (i) Legitimate and fair processing (ii) Purpose specification (iii) Necessity and proportionality (iv) Accuracy (v) Respect for the rights of the data subject (vi) Confidentiality (vii) Security (viii) Accountability and supervision.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security
ICRC and Red Crescent Movement Family Links Network. Code of Conduct on Data Protection. 2015.

The Code of Conduct (CoC) was accepted by a working group made of several members of various national Red Cross representatives. The CoC is understood as critical because 1) there are many actors of the International Red Cross and Red Crescent Movement working within the Restoring Family Links Network (RFL), which seeks to reunite disconnected families, and there is a need to effectively and safely transfer data between those actors; and 2) there is a changing regulatory environment in Europe and across the globe with different data protection laws and standards. The CoC offers the minimum principles, commitments and procedures in order to comply with some of the strictest data protection regulations for data controllers who work on RFL activities.
A CoC application group will support the implementation at a global level of the CoC through acceleration of learning and development.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
USAID. ADS Chapter 508: Privacy Program. 2014.

This ADS chapter provides the organization, functions, policies, and procedures of the USAID Privacy Program. Safeguarding personally identifiable information (PII) in the possession of USAID and preventing its misuse are essential to ensure that USAID retains the trust of the American public. The Privacy Program supports USAID missions and business functions by assisting the Agency in balancing its need to maintain information about individuals, with the rights of individuals to be protected against unwarranted invasions of their privacy resulting from the collection, maintenance, use, and dissemination of their personal information. USAID must protect PII against anticipated threats or hazards that could result in substantial harm, embarrassment, inconvenience, or unfairness either to an individual or to USAID. To accomplish that requirement, USAID must incorporate privacy analyses into each stage of the information life cycle.

Donor Organizations

Humanitarian Development Privacy & Security
UNICEF. Child Protection Working Group (CPWG). Minimum standards for child protection in humanitarian action. 2012.

These minimum standards provide a starting point from which humanitarian workers can seek more information on child protection in humanitarian action. On the matter of privacy, the document states that “when dealing with sensitive issues, guarantee confidentiality and informed consent for children, and ensure that interventions are carefully planned to respect privacy.” Further, the piece outlines a number of responses necessary to address child protection through information management, which includes training data collectors on how to engage with children and maintain their confidentiality, providing informed consent, protecting personal information of a child, and securing storage of child data both manually and digitally, among others.

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Human Rights (inc. Child Protection)
ICDPPC. Resolution on Privacy and International Humanitarian Action. 2015.

This resolution commits the International Conference to inspect privacy and data protection requirements for humanitarian action, and to: Help develop guidance for international humanitarian actors that considers their specific actions and needs; Create a Working Group on Privacy and Humanitarian Action for data protection networks to contribute to; and The resolution also includes an explanatory note explaining the data needs in humanitarian settings and UN actions to clarify roles, responsibilities, and standards.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security
Bloomberg Law. Privacy Laws Around the World 2016.

This selection of reports provides a comparative analysis of privacy laws spanning 61 countries across the world. Elements of the analysis include: Comparative charts outlining the key compliance areas, including registration requirements, cross-border data transfer limitations, data breach notification requirements and data protection officer requirements; Country-by-country overview of unique characteristics of framework privacy laws; and Study of privacy legislation in international development.

Comparative Review of Domestic Data Responsibility Frameworks

Privacy & Security
The GovLab. Fair Information Practice Principles 101 (and their relevance to Humanitarian Data) (Not published)

The Fair Information Practice Principles (FIPPs) are meant to show how organizations can responsibly handle personally identifiable digital data. The FIPPS are organized according to eight core questions about the following topics: 1) openness and transparency, 2) purpose specification and minimization, 3) collection limitation, 4) use limitation, 5) individual participation and control, 6) data integrity and quality, 7) security safeguards and controls, and 8) accountability and oversight. Then, a set of policies and procedures, as well as use of technology for privacy protection are offered for each principle.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security Ethics
UNICEF. Ethical Considerations when Using Geospatial Technologies for Evidence Generation. 2018.

This paper provides an overview of some of the benefits of using geospatial technologies and resulting data for development and humanitarian based organizations, reflect on potential risks inherent in the use of these technologies, the data collected, and the analysis applied, and explores ethical considerations that need to be reflected on in the implementation of programs involving geospatial technologies to ensure ethical evidence generation. The paper also includes a Checklist for Ethical Use of Geospatial Technologies for Evidence Generation which provides questions that need to be considered to ensure the benefits of these technologies are realized while also ensuring that children and communities are protected: Identifying the benefits of using geospatial technologies for evidence generation; Ensuring privacy and security; Understanding the data risks and limitations; Assessing other potential harms; Engaging communities; Assessing risks and mitigation strategies for geospatial data capture from unmanned aerial vehicles

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Development Privacy & Security
Harvard Humanitarian Initiative. The Signal Code. 2016.

The purpose of The Signal Code is to identify, define, articulate, and translate existing international human rights standards into the context of humanitarian information activities (HIAs) and the use of information, data, and ICTs in humanitarian contexts. Further, it seeks to enable the creation of obligations and minimum ethical and technical standards for HIAs, grounded in an accepted foundation of human rights standards and international law. It delineates five human rights that are tied to information and HIAs, which are: the right to information; the right to protection; the right to privacy and security; the right to data agency; and the right to rectification and redress.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security Ethics
Privacy International. Aiding Surveillance. 2013.

Hosein and Nyst argue that the adoption of new technologies in humanitarian response is posing serious threats to human rights, particularly the right to privacy. The study delineates the promise, potential, and problems of management information systems and electronic transfers, digital identity registrations and biometrics, mobile phones and data, border surveillance and security. The authors urge humanitarian actors to consider incorporating technology due to the risks and further posit that the “benefits of development and humanitarian assistance can be delivered without surveillance.”

Non-Governmental Organizations and Academia

Humanitarian Development Privacy & Security
UN PPG Members. Principles on Personal Data Protection and Privacy. United Nations System: Chief Executives Board of Coordination.

The UN PPG is an inter-agency group convened in September 2016 that is co-chaired by UN Global Pulse and the UN Office of Information and Communications Technology (OICT). The Principles on Personal Data Protection and Privacy is a framework for processing personal data by or on behalf of the UN System Organizations while performing mandated activities and functions. These principles apply to personal data, contained in any form, and processed in any manner; they also aim to do the following: harmonize standards for the protection of personal data across the UN System;
facilitate the accountable processing of personal data; and ensure respect for the human rights and fundamental freedoms of individuals, in particular the right to privacy. The High Level Committee on Management (HLCM) adopted the principles at its 36th Meeting on October 11, 2018.

Data Responsibility Approaches and Models

Humanitarian Development Privacy & Security ICT & Social Media Ethics
ICRC and Privacy International. The Humanitarian Metadata Problem: “Doing No Harm” in the Digital Era. 2018.

This paper aims to provide people who work in the humanitarian sphere with the knowledge they need to understand the risks involved in the use of certain new technologies including smartphones, drones, and other connected objects. The paper also discusses the “do no harm” principle and how it applies in a digital environment. The paper defines metadata, distinguishes between types of metadata, and identifies uses of metadata such as in messaging apps, cash transfer programs, mobile money, banking, smartcards, and social media. The paper also identifies risks, recommendations, and mitigation strategies for each category of metadata The paper highlights two main elements: Humanitarian organizations relying on any third parties in their programs, be they telecommunications or other digital service providers, have little control over the use of the data and metadata produced Data and metadata generated by humanitarian programs are more often than not accessible to non-humanitarian third parties with non-humanitarian objectives The report can be used as a quick reference to figure out some of the immediate risks associated with the use of SMS, messaging apps, mobile money, and social media platforms and to make more informed decisions when determining whether to use them as part of humanitarian programs

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security ICT & Social Media
European Union. General Data Protection Regulation. 2016.

The intention of the Regulation, in effect as of May 25th, 2018, is to harmonize all data privacy laws of all member states across Europe. GDPR is organized into 99 articles situated within eleven chapters, and deals mainly with consent, data protection officers, email marketing, encryption, fines/penalties, personal data, privacy by design, privacy impact assessment, processing, records of processing activities, right of access, right to be forgotten, right to be informed, and third countries. The subject matter and overall objectives of GDPR are threefold:
Lays down the rules relating to the protection of people in processing personal data and rules involving the free movement of personal data; Protects fundamental rights and freedoms of natural persons in particular to their right to personal data protection; and Allows free movement of personal data within the Union shall be neither restricted nor prohibited for reasons relating to the protection of people with regard to processing personal data.
Chapter two outlines a number of organizing principles related to data collection and use: Lawfulness, fairness and transparency Purpose limitation Data minimization Accuracy Storage limitation Integrity and confidentiality Accountability

Data Responsibility Approaches and Models

Privacy & Security
UN Global Pulse. UN Global Pulse Privacy and Data Protection Principles.

UN Global Pulse draws from General Assembly resolution 45/95 and other global practices in data protection, and outlines its principles with the goal of protecting the individuals, whose data are used by for the organization’s research. The data privacy and data protection principles are: Purpose of use Right to use Purpose compatibility Individual privacy Data security Risk and harm assessment and mitigation Data sensitivity Data minimization Data retention Data quality and accountability Our collaborators – “We require that our collaborators are acting in compliance with relevant law, data privacy and data protection standards and the United Nations’ global mandate.”

Data Responsibility Approaches and Models

Humanitarian Development Human Rights (inc. Child Protection) ICT & Social Media
UNICEF. Ethical Considerations When Using Social Media for Evidence Generation. 2018.

Although there are several potential benefits of using social media to engage children in the pursuit of evidence generation, there are also many risks that raise ethical concerns. In section one of two, benefits are separated into children’s use of social media platforms and adults’ use of social media in organizational platforms for evidence generation. Risks for both areas include age-based concerns, privacy, confidentiality and security, risk aversion causing lost opportunities, and risks concerning data quality and use of data. Determining the value of the data and obligations to those providing the data, as well as ensuring the confidentiality of data and protecting participants, are the two central ethical considerations to be met before obtaining evidence generation using social media. In the second and last section, the benefits, risks and ethical considerations about collected third party data by social media services are reviewed. Benefits include situational awareness and real-time monitoring, crowdsourcing, etc., risks include many that are listed above, and ethical notions include value and timeliness of data, national and organizational privacy frameworks, consent and transparency, among others.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security ICT & Social Media Ethics
UNICEF. Discussion Paper Series: Children’s Rights and Business in a Digital World. Privacy, Protection of Personal Information and Reputation Rights. Managed by Patrick Geary and Amaya Gorostiaga of the UNICEF Child Rights & Business Unit.

This report reviews children’s rights to privacy, exploring the threats to it, the role of the information and communications technology sector in mitigating that threat, and potential policies to ensure that mitigation takes place. These measures include: Developing guidelines for business entities to shape corporate behavior; Conducting privacy impact assessments to ensure both the public and private sector consider how operations might impact child privacy; and Reviewing measures to protect children from attempts to interfere with their privacy, such as regulating how companies collect and retain personal information.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Human Rights (inc. Child Protection)
Medecins Sans Frontieres. MSF Data Sharing Policy. 2013.

This policy guides the data-sharing practices of Medecins Sans Frontieres (MSF), which generates and holds data on, for example, health information systems, patient records, surveillance activities, quality control activities, surveys, research, and research participants’ human biological material, among others. The policy governs organizations’ eligibility of access, how to request access to data, how to process and handle the shared data, the conditions of data access, and more.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
Global Kids Online. Ethical Considerations for Research with Children. 2016.

The paper provides (1) an overview of potential ethical issues that need to be considered when undertaking the GKO research program, (2) a step-by-step guide, illustrated by relevant case studies, to questions and approaches to consider before or when ethical dilemmas arise throughout the research process, (3) useful references to support ethical practice in GKO, (4) a protection protocol template to assist reflection on and documentation of actions that can be taken to ensure that children and communities are protected throughout the research process, and finally (5) templates and guidance on how to handle participant disclosure of abuse revealed during the research process.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Ethics
Global Kids Online. Researching Online Child Sexual Exploitation and Abuse: Are there Links between Online and Offline Vulnerabilities? 2016.

This Guide is concerned with the methods used in research into online child exploitation and abuse. It explores methodological issues and how researchers have responded to them. It also considers the central assumption that online sexual abuse and exploitation causes harm. The Guide concludes with identifying good practice and providing some easily accessible resources to facilitate the development of robust research.

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Human Rights (inc. Child Protection)
UNESCO and UNICEF. Framework for Monitoring Children and Adolescents who are Out of School or at Risk of Dropping Out. 2016.

This framework is premised on the believe that data related to school enrollment and attendance can help mitigate the risks of school drop outs. As it stands, there are data and policy gaps across development and humanitarian contexts related to out of school children (OOSC). This UNICEF framework is the first volume in a series about education participation and dropout prevention; it is intended to inform decision-makers and field workers working on educational exclusion and dropout with ideas to improve data and provide response interventions. The framework is a step-by-step guide that aids in the following efforts: Reliably identify OOSC and at-risk children Obtain better data in regards to breadth and quality Understands causes of exclusion Develop and establish evidence-informed policies and interventions

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security
USAID. Considerations for Using Data Responsibly at USAID. 2019.

This document includes a framework for USAID staff and local partners to identify and understand risks associated with development data. The document provides a responsible data overview, responsible data considerations and resources to address considerations, a data ownership and data sovereignty assessment tool, a key events planning table, a benefit risk assessment tool, a tracking and protecting sensitive information tool, an IT security highlights checklist, and a tool for using responsible data practices to meet data quality standards.

Donor Organizations

Humanitarian Development Privacy & Security
UNICEF. What We Know about Ethical Research Involving Children in Humanitarian Settings. 2016.

The authors of this paper posit that there is a need for and value in engaging children for conducting research in humanitarian settings. This paper outlines responses for seven ethical issues often faced in such situations and includes case studies that showcase how ethical issues regarding children in humanitarian context have been identified and addressed. The seven ethical issues outlined are: Institutional capacity to ethically involve children in research Understanding power relations Harms and benefits Informed consent and capacities of participants Privacy and confidentiality (including ICT) Payment, compensation, ancillary services and reciprocity Communication of results Privacy and confidentiality are two of the seven issues included in the piece. The authors suggest that, privacy and confidentiality have always been a consideration for researchers, especially in humanitarian settings. However, when it comes to the privacy and confidentiality of a child, “the imperative is stronger given the volatility, instability, and increased danger of the circumstances.” Therefore, higher standards and increased security measures are required in acquiring, storing, and transferring child data. This is based not only on the natural vulnerabilities experienced by children, but also the compounding issues resulting from “the breakdown of systems and structures necessary for children’s support and development” in humanitarian settings.

Focus on Children’s Data & Responsibility (Cross-Sector)

Humanitarian Ethics
TransMonEE. Data on Children: Ethnicity, Nationality and Migration. 2017.

The purpose of this meeting was to enhance the capacity of national statistical systems to create high quality data on child wellness data. This pursuit was strategically in line with the SDGs agenda and also particularly focused on refugee, migrant and ethnic minority children. Other aims of the meeting included: Update key trends in data Review data systems on ethnicity Share good practices to help guarantee data quality, ethical standards, stronger cooperation, and use of data on ethnicity and migration Decide on future directions for improvement

Focus on Children’s Data & Responsibility (Cross-Sector)

Human Rights (inc. Child Protection) Ethics
Social Research. The Dark Side of Numbers: The Role of Population Data Systems in Human Rights Abuses. 2001.

This study discusses the risks facing citizens posed by identity data collection by the state. Population data allows the government to identity certain, or all, groups in a population as threats and possibly deny them services or specifically target them. It specifically discusses how population data can contribute to human rights abuses of forced migration, interment, genocide, and crimes against humanity. Therefore, the authors argue, multiple safeguards must be put in place to ensure that such human rights abuses are be prevented.

Non-Governmental Organizations and Academia

Privacy & Security Human Rights (inc. Child Protection)
UNOCHA. Data Responsibility Guidelines Working Draft. 2019.

The OCHA Data Responsibility Guidelines offer a set of principles, processes and tools that support the safe, ethical and effective management of data in humanitarian response. The Guidelines are informed by a series of gap analysis studies and research conducted by OCHA including a partnership with the NYU Governance Lab and Leiden University, a survey conducted by the Centre for Humanitarian Data, and field research conducted by the Centre for Humanitarian Data. The Guidelines explain foundations for data responsibility at OCHA including existing guidance and limitations, data responsibility considerations across the data management process, mechanisms for accountability, and services to support implementation of the guidelines.

Data Responsibility Approaches and Models

Humanitarian Development
Global Protection Cluster, European Commission and USAID. “Interagency Guidelines for Case Management & Child Protection”. 2014.

This report provides guidance to case workers and program managers working with children in humanitarian settings. The document provides various principles and guidelines to help individuals “put the child at the centre of the intervention, focusing on child-friendly procedures and language.” The document sets out several key principles relevant for data protection, including: “Do No Harm: Case workers should ensure their collection, storing, or sharing of information support the child (and their family) do not expose them to further harm. Prioritize the Best Interests of the Child: In line with Article 3 of the United Nations Convention on the Rights of the Child (UNCRC), the best interests of the child should be “the basis of all decisions and actions taken” and “for the way in which service providers interact with children and their families.” Often there is no ideal solution, but a series of more or less acceptable choices. Adhere to Ethical Standards: Workers ought to abide by professional codes of conduct, ethical standards and practices, and child protection policies in addition to national laws and policies that might exist. Seek Informed Consent and/or Informed Assent: Consent ought to be sought from children and their caregivers prior to providing services. For informed consent, caseworkers should ensure the children and their families understand fully the services and options available as well as their risks, usage, confidentiality, and limits. These ideas should be communicated in a child-friendly manner. Respect Confidentiality: Sensitive information should be shared with as few people as possible on a “need-to-know” basis to protect the child. Service providers should take steps to protect information collected, kept, shared, or stored about the data subject and ensure it is accessible only with their permission. Ensure Accountability: Each of the actors involved in case management are accountable to the child, the family, and the community. They must abide by professional codes of conduct and provide routine opportunities for feedback.”

Focus on Children’s Data & Responsibility (Cross-Sector)

Human Rights (inc. Child Protection)
“Refugees and the Biometric Future: The Impact of Biometrics on Refugees and Asylum Seekers.” Colum. Hum. Rts. L. Rev. 42 (2010): 891. 2010.

In this note published in the Columbia University Human Rights Law Review, Farraj argues that biometrics help refugees and asylum seekers establish their identity, which is very important for ensuring the protection of their rights and service delivery. However, he argues, the use of biometrics also poses several risks, such as privacy violations, misidentification, and misuse, which call for proper measures to regulate the collection, storage, and utilization of the biometric information by government, international organizations, or other parties.

Non-Governmental Organizations and Academia

Humanitarian ICT & Social Media
GSMA. Refugees and Identity: Considerations for mobile-enabled registration and aid delivery. 2017.

This paper emphasizes the importance of registration in the context of humanitarian emergencies. For beneficiaries, being registered and having a document that proves this registration is key in acquiring services and assistance. Informed by case studies of activities in Kenya and Iraq, the piece provides three central recommendations: 1) establish more flexible know-your-customer (KYC) processes for mobile money because where refugees are not able to meet existing requirements; 2) encourage interoperability and data sharing to avoid fragmented and duplicative registration management; and 3) build partnership and collaboration among governments, humanitarian organizations, and multinational corporations.

Private Sector Organizations

ICT & Social Media
Global Kids Online. Survey Sampling and Administration. 2016.

This Methodological Guide provides a framework for the production of high-quality, reliable statistics to measure access to and use of the internet and digital devices by children.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security
Global Kids Online. Global Research on Children’s Online Experiences: Addressing Diversities and Inequalities. 2016.

This Method Guide examines the connections between knowledge production, power, inequality and exclusion in the production of international research about children and new or emerging media. Drawing on feminist and postcolonial debates about knowledge, it points to the existing inequalities between research and theory from the global North and the global South. The Guide points to evidence that persistent social inequalities and vulnerabilities are transposed to mediated environments, and discusses the challenges of thinking about ‘children online’ when children are never an homogeneous group. Finally, it considers the best ways of ensuring that knowledge produced about the media use of children from discriminated and excluded groups across the world represents them fairly, and is useful to children in those groups.

Focus on Children’s Data & Responsibility (Cross-Sector)

Human Rights (inc. Child Protection) Ethics
Global Food Security Cluster / UNOCHA. Field Guide to Data Sharing. 2015.

This document posits that interagency data sharing and collaboration could make humanitarian activities more effective. At the same time, it also acknowledges the sensitivity of the collected data and further recommends well-defined and responsible data protection practices. The guide provides a framework for the establishment and regulation of working practices between participating and Partner Organizations, facilitates cross-sectoral data sharing, improves stakeholders’ efficiency and accountability, considers the processes and controls needed for information sharing. The principles are established in the guide: Practical coordination; Technical standards; Ethics: protecting privacy and minimizing risk; Legal issues; and Generic security.

Data Responsibility Approaches and Models

Humanitarian Development
Global Kids Online. Conducting Qualitative and Quantitative Research with Children of Different Ages. 2016.

This Guide outlines specific issues to consider when carrying out research with children in order to obtain the most accurate and meaningful information about their lives, attitudes and perspectives. It maps how they evolve with the age of the child and the implications for the design of research instruments. It also reflects on specific issues that may arise when researching children’s lives in the global South and in relation to digital technologies. It provides some examples of good practice in researching children, as well as specific guidance and a short summary checklist.

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security Ethics
The Engine Room and Oxfam. Biometrics in the Humanitarian Sector. 2018.

Produced by The Engine Room, this report is intended to provide Oxfam with evidence-based information to make decisions about how to engage with biometrics in its programs. The report is organized into sections that consist of background knowledge, understanding biometrics, especially in the humanitarian context, and potential benefits and harms. Biometrics is assumed to be qualitatively different than other kinds of personal data. In the humanitarian field, biometrics are used through two main systems: foundational systems, which supply general identification for official uses and functional systems, which are used for demands for particular services. In these ways, biometrics can be used for verification through one-to-one authentication or identification, via one-to-many authentication. Benefits of biometrics include identifying people who need assistance (identifiability and traceability), reducing fraud and duplication (accuracy and integrity) and simplifying registration and identification (simplicity and efficacy). Risks of biometrics include false matches (reliability), reusability for unknown reasons, theft, loss or misuse (security), and potential for exclusion (societal impacts).

Non-Governmental Organizations and Academia

Humanitarian ICT & Social Media
Journal of Intervention and Statebuilding. “On Humanitarian Refugee Biometrics and New Forms of Intervention.” 2017.

This article traces the development of UNHCR’s use of biometrics, starting initially with a few pilot projects (in the early-to-mid-2000s) to the emergence of a policy in which biometric registration is considered a “strategic decision.”

Non-Governmental Organizations and Academia

Humanitarian
ICRC. Handbook on Data Protection in Humanitarian Action. Geneva. 2017.

The Handbook, updating the 2012 edition above, seeks to raise awareness and assist humanitarian organizations in ensuring that they comply with personal data protection standards in carrying out humanitarian activities, by providing specific guidance on the interpretation of data protection principles in the context of humanitarian action, particularly when new technologies are employed. Part I of this Handbook applies generally to all types of Personal Data Processing. It contains general information such as basic data protection concepts, data processing principles, data retention principles, and data sharing principles. Part II deals with specific types of technologies and data Processing situations, and contains a more specific discussion of the relevant data protection issues. This part contains principles for methods such as drones/UAVS and remote sensing, biometrics, cash transfer programs, cloud services, and many others.

Non-Governmental Organizations and Academia

Humanitarian Privacy & Security
UNICEF. Child Privacy in the Age of Web 2.0 and 3.0: Challenges and Opportunities for Policy. 2017.

The author argues that the greater flow of information in the digital environment has enhanced people’s lives everywhere and at the same time exposed the society, both adult and children, to new challenges, such as those related to privacy. The piece aims to “address the challenges posed to child privacy online and the impact that these challenges might have on other rights such as freedom of expression, access to information and public participation.” It analyzes the current and foreseen threats to child privacy online and approaches that have been adopted to tackle this issue. It also examines whether “children’s perspectives and needs are considered in international debates on technology regulation, including in regard to the so-called ‘right to be forgotten’.” Further, it contextualizes the protection of data privacy protection to other fundamental rights, meaning that “the enforcement of the right to privacy serving to protect other rights.” The paper concludes by proposing some policy recommendations on how to better address the protection of children’s online privacy, such as: “Business models pursued by OSPs, and regulatory frameworks applicable to them, should include “transparency in methods of data collection and clear explanations of how the resulting data will be used” (Brown and Pecora, 2014). They should also be adapted to meet children’s information needs and understanding. “Rules on consent for the processing of children’s personal data should consider their age and should take into account developmental differences and special vulnerabilities (OECD, 2012). For instance, parental consent may be required to process the personal data of children below a certain age (e.g. 13 years); above this age threshold, parental intervention may be replaced by specific safeguards that reflect children’s age of capacity (EDPS, 2012; Article 29 Working Party, 2008).”

Focus on Children’s Data & Responsibility (Cross-Sector)

Privacy & Security
WFP, in collaboration with IDRG and Leiden University Centre for Innovation. Conducting Mobile Surveys Responsibly: A Field Book for WFP Staff. May 2017.

The field book outlines the main risks for staff engaged in mobile data collection and helps promote responsible data collection/storage/sharing in the complex environments in which the WFP operates. WFP and other humanitarian agencies can gather more information than ever before due to mobile technology. However, these new capabilities also involve privacy and security risks for people and the communities where mobile surveys are conducted. WFP circulated a corporate policy on data privacy and issued this guide for field staff in collaboration with IDRG in order to activate this policy through practical guidance at the field level.

Data Responsibility Approaches and Models

Humanitarian Privacy & Security ICT & Social Media
Center for Democracy & Technology. Responsible Data Frameworks: In Their Own Words. 2018.

This paper reviews 18 frameworks to map the work that academics, civil society, and government agencies have done to develop principles for responsible data use in the nonprofit sector. The paper organizes principles from the 18 data use frameworks into six common themes that exist across the frameworks: Respect for individual rights and autonomy, which includes concepts such as consent and access to one’s personal information; Fairness or justice, as in distribution of resources; Beneficence and the necessity of assessing the risks and benefits of collecting or using data; FIPs-based privacy and data protection principles, including data minimization; Transparency and accountability for information practices; and Information security.

Comparative Review of Domestic Data Responsibility Frameworks

Privacy & Security
USAID. Identity in a Digital Age: Infrastructure for Inclusive Development. 2017.

This document introduces two conceptual frameworks that distinguish the different approaches in developing identity (ID) document for development. The first describes the instrumental approach of ID “as a tool with which to accomplish the goals of a specific development project.” The second describes the infrastructural approach, where ID is an important enabler of a modern economy. This paper recommends that donors make investments in a more sustainable, interoperable ID systems; prioritize privacy and security of ID data; and establish a future-oriented partnership with digital ID experts as to ensure that this innovation provides benefit even to the most underserved communities.

Donor Organizations

Development Privacy & Security

selected readings

Global Kids Online. Using Research Findings for Policy Making. 2016.

World Vision International. Data Protection, Privacy and Security for Humanitarian & Development Programs. 2017.

UNOCHA and PIM. A Framework for Data Sharing in Practice: Part One. May 2017.

PIM Working Group. Working Meeting Outcome Document. Second Protection Information Management. 2015.

Global Kids Online. Researching the Benefits and Opportunities for Children Online. 2016.

UNICEF. The State of the World’s Children 2017: Children in a Digital World. 2017.

UNHCR. Model agreement on the sharing of personal data with Governments in the context of hand-over of the refugee status determination process.

Center for Global Development. “Privacy and Biometric ID Systems: An Approach Using Fair Information Practices for Developing Countries.” 2013.

UNICEF. Policy guide on children and digital connectivity. 2018.

UNICEF. Module 1 - Child Rights in the ICT Sector.

UN Office for Outer Space Affairs. International Charter for Space & Major Disasters. 2000.

UNOCHA. Building data responsibility into humanitarian action. 2016.

Global Kids Online. Understanding Children’s Well-Being and Rights in the Digital Age. 2016.

UNICEF. Children’s Online Privacy and Freedom of Expression. 2018.

DIAL, Gates Foundation, SIDA, UNICEF, UNDP, USAID, WHO and World Bank. Principles for Digital Development.

UNDG. Data Privacy, Ethics, and Protection. 2017.

Technical Working Group on Data Collection on Violence against Children. "Ethical principles, dilemmas and risks in collecting data on violence against children: A review of available literature." 2012.

IOM. “IOM Data Protection Manual.” 2009.

Center for Global Development. 2017. “Identification Revolution: Can Digital ID Be Harnessed for Development?”

Center for Global Development. “Identification for Development: The Biometrics Revolution.” 2013.

UNOCHA and PIM. Framework for Data Sharing in Practice. May 2018.

Oxfam. Responsible Data at Oxfam: translating policy into practice. 2017.

Security Dialogue. “Experimentation in Humanitarian Locations: UNHCR and Biometric Registration of Afghan Refugees.” 2015.

World Bank Group. “Identification in the Context of Forced Displacement.” 2016.

Centre for Innovation, Leiden University, and GovLab. Mapping and Comparing Responsible Data Approaches. 2016.

WEF. Principles on Public-Private Cooperation in Humanitarian Payments. 2017.

UNICEF. Data for Children Strategic Framework. 2017.

Just Peace Labs. Ethical Guidelines for Peace Tech. 2017.

UN Global Pulse, UNHCR Innovation Service. Social Media and Forced Displacement: Big Data Analytics & Machine Learning. 2017.

UNICEF. Good Practice Principles on Information Handling and Management in Child Protection Information Management Systems. 2016.

UNICEF. Digital Contact Tracing and Surveillance during COVID-19: General and Child-Specific Ethical Issues

UNICEF. Information Disclosure Policy. 2011.

OECD. The OECD Privacy Guidelines. 2013.

Oxfam. Responsible Program Data Policy. 2015.

Interaction. Protection Working Group: Data Collection in Humanitarian Response - A Guide for Incorporating Protection. 2003.

UNOCHA. Humanitarian Data Exchange Terms of Service

UNFPA. Information Disclosure Policy.

Conflict and Health. Ethical considerations for children’s participation in data collection activities during humanitarian emergencies: A Delphi review. 2017.

ILO. Is biometric technology in social protection programmes illegal or arbitrary? An analysis of privacy and data protection.

UNICEF. Children and the Data Cycle: Rights and Ethics in a Big Data World. 2017.

ICRC. Handbook on Data Protection in Humanitarian Action. Geneva. 2012.

Privacy International. The Keys to Data Protection: A Guide for Policy Engagement on Data Protection. 2018.

World Vision International. World Vision International Child Protection Standards. 2012.

ICRC. Rules on Personal Data Protection. Geneva. 2017.

LIRNEasia. Draft Guidelines for Third-Party Use of Big Data Generated by Mobile Network Operators. 2014.

The Engine Room. Shooting our drive into space and other ways to practise responsible development data. 2014.

Oxfam. Responsible Data Management (RDM) Training Pack. 2017.

UNICEF, UNHCR, and ICRC. Information and Communication Technology for Child Protection Case Management in Emergencies: A Framework for Design, Implementation, and Evaluation. Prepared by the mHELP/HealthEnabled Research Team for UNICEF, UNHCR, and ICRC.

GSMA. Guidelines on the protection of privacy in the use of mobile phone data for responding to the Ebola outbreak. 2014.

UNHCR. Privacy Impact Assessment of UNHCR Cash Based Interventions. 2015.

DLA Piper. Data Protection Laws of the World. 2017.

Center for Global Development. “Birth Registration, Legal Identity, and the Post-2015 Agenda." 2014.

ICRC. Professional Standards for Protection Work. Geneva. 2013.

World Vision International. Open Information Policy. 2010.

Responsible Data. Responsible Development Data Book. 2014.

UNOCHA. Humanitarian Principles. 1991, 2004.

Terres des hommes and CartONG. Data Protection Starter Kit. 2017.

Netherlands Red Cross. 510 Data Responsibility Policy

UNICEF. A Global Agenda for Children’s Rights in the Digital Age. 2014.

UKAN. The Anonymisation Decision-Making Framework. 2016.

UNHCR. Policy on the Protection of Personal Data of Persons of Concern to UNHCR. 2015.

ICRC and Red Crescent Movement Family Links Network. Code of Conduct on Data Protection. 2015.

USAID. ADS Chapter 508: Privacy Program. 2014.

UNICEF. Child Protection Working Group (CPWG). Minimum standards for child protection in humanitarian action. 2012.

ICDPPC. Resolution on Privacy and International Humanitarian Action. 2015.

Bloomberg Law. Privacy Laws Around the World 2016.

The GovLab. Fair Information Practice Principles 101 (and their relevance to Humanitarian Data) (Not published)

UNICEF. Ethical Considerations when Using Geospatial Technologies for Evidence Generation. 2018.

Harvard Humanitarian Initiative. The Signal Code. 2016.

Privacy International. Aiding Surveillance. 2013.

UN PPG Members. Principles on Personal Data Protection and Privacy. United Nations System: Chief Executives Board of Coordination.

ICRC and Privacy International. The Humanitarian Metadata Problem: “Doing No Harm” in the Digital Era. 2018.

European Union. General Data Protection Regulation. 2016.

UN Global Pulse. UN Global Pulse Privacy and Data Protection Principles.

UNICEF. Ethical Considerations When Using Social Media for Evidence Generation. 2018.

UNICEF. Discussion Paper Series: Children’s Rights and Business in a Digital World. Privacy, Protection of Personal Information and Reputation Rights. Managed by Patrick Geary and Amaya Gorostiaga of the UNICEF Child Rights & Business Unit.

Medecins Sans Frontieres. MSF Data Sharing Policy. 2013.

Global Kids Online. Ethical Considerations for Research with Children. 2016.

Global Kids Online. Researching Online Child Sexual Exploitation and Abuse: Are there Links between Online and Offline Vulnerabilities? 2016.