ICTworks

In recent months, there have been an increasing number of questions among cash and voucher assistance (CVA) actors about data sharing with government authorities in fragile settings or conflict environments. The growing emphasis on linking humanitarian cash and voucher assistance and government-led social protection systems has contributed to an increase in concerns about data sharing with governments.

The COVID-19 digital response has further accelerated interest in the links between CVA and social protection due to the increasing use of cash assistance in the face of widespread economic downturns and loss of formal and informal employment. Quarantines and lockdowns have also pushed humanitarians to incorporate more digital modalities into their work.

Concerns on Sharing Data with Governments

While many humanitarian actors recognize the importance of working in collaboration with and strengthening government systems, concerns persist over the sharing of detailed CVA recipient data with governments, especially in contexts where authorities are unfriendly toward segments of the population, for example, where refugees may be at risk of forcible removal or where governments are actively taking sides in a conflict.

Both humanitarian CVA and social protection are activities that necessitate the handling of high quantities of personal and sensitive data. Effective linkages between the two require that clear data governance and data-sharing arrangements exist across the entire intervention life cycle. It is critical that agencies uphold the best interests of affected populations when making decisions about data sharing.

However, operating contexts are varied and often require CVA actors to use creative strategies to negotiate multiple challenges in determining which decisions will lead to the greatest benefit and the least harm for crisis-affected persons.

The Responsible Data Sharing with Governments Case Study looks at different strategies that CVA actors could implement to mitigate real and potential harms that sharing CVA beneficiary data with governments could cause for crisis-affected populations.

Sharing beneficiary data can be extremely useful for programme planning and budgeting, avoiding duplication, supporting linkages between CVA and social protection, and ultimately achieving greater efficiencies and impact in people’s lives. However, data on religion, political affiliation, ethnicity, or other demographic data can also be used to harm individuals or groups.

A 2020 paper produced for the International Committee of the Red Cross (ICRC) Data Protection Office identified key risks with humanitarian engagement in social protection programming, including:

• low data protection infrastructure and standards in some governments;
• the limited ability of humanitarian organizations to monitor onward data sharing and processing, including sharing with other bodies and use of data for purposes other than social protection;
• social protection data being combined with other datasets to reveal sensitive information;
• potential changes in future data sensitivity and technology.

Strategies to Manage Government Data Sharing

1. Put the best interests of CVA recipients first

Where possible, agencies should advocate for clear frameworks that articulate the conditions under which government authorities could ask for data and that specify any checks and balances or countervailing factors that may empower them to refuse a data-sharing request if it were deemed inappropriate or against the interests of the beneficiary.

In the absence of these frameworks, CVA implementing agencies will have to determine whether they are willing to share data, depending on their mandate and role and their arrangement for being in a country or for collecting data as part of a CVA programme.

2. Know your organization’s status and principles

National data privacy laws, if they exist, will likely regulate what data can be shared under what circumstances. Some organizations have established privileges and immunities that are determined through an agreement with a country government. Many organizations have their own established data-protection principles that should be followed, but in the absence of such organization-specific principles, existing sector standards can be used.

For example, OCHA’s Data Responsibility Guidelines stipulate principles including:

• fair and legitimate processing of data;
• purpose specification that is consistent with mandate and balanced with relevant rights, freedoms and interests;
• necessity, relevancy and adequacy of data processing as related to the purpose that has been identified;
• clear and reasonable retention periods;
• accuracy of data;
• confidentiality of data;
• security of data;
• transparency to data subjects, including why information is being shared and how to raise complaints or retract data;
• data transfers only where appropriate protection is ensured;
• and accountability mechanisms that can assure adherence to the above.

3. Have a plan for managing data-sharing situations

Based on the above status and principles, organizations should put in place and adhere to robust, rehearsed policies and procedures with strong governance that provide guidance on how to handle data-sharing requests. These can help an organization to determine how to approach requests for data sharing with governments.

The GSMA’s Mobile Policy Handbook, for example, sets out restrictions on, and checks and balances for, government access requests for Mobile Network Operators to adhere to when laws and/or licence conditions require them to support law enforcement and security activities in countries where they operate.

Role-playing the implementation of such policies helps staff and management to hone the art of making difficult moral decisions in real time. Rehearsing or conducting simulations that guide staff through the process of managing different types of data-sharing situations, including moving through an escalation matrix, can build reactive skills and improve staff capacity to conduct assessments in real time, even in the middle of a high-stress situation. Pre-establishing thoughts, redlines, strategies and escalation paths help staff to interpret and implement principles.

4. Establish data-sharing policies and agreements

Establishing a data-sharing policy and data-sharing agreements can help to set parameters for what data can be shared with governments and how. These can serve as a baseline or starting point for legitimate data-sharing requests from governments and they can also help with negotiation positions, should semi-legitimate or illegitimate data-sharing demands be made. Additionally, inserting notification clauses into agreements with Financial Service Providers (FSPs) can help in situations where FSPs may be obliged to provide data to a central bank.

5. Use data minimization, data security and privacy

The less data collected; the less data can be shared. While personal and sensitive data are needed to deliver CVA programming, practising data minimization (e.g. collecting the least amount of data possible, retaining it for the least amount of time necessary, de-identifying data as soon as possible) is one way to help minimize the potential impact of data sharing, whether legitimate, semi-legitimate or illegitimate. Data-security measures, such as encryption, tokenization or pseudonymization can also help protect data, especially in cases of illegitimate data-sharing requests.

6. Use technologies that preserve privacy

Privacy preserving design of data collection will minimize the amount of data that can be shared, because the data simply will not be accessible for unintended or unauthorized use. Moving data off local devices and into the cloud is one option (assuming this is feasible, and that the risks of data in the cloud are lower than the risks of data on a local device).

Encrypting phones and devices is another way to protect data. Some organizations are exploring the use of distributed ledger technologies and blockchain for storing personal data for CVA programming. Personal financial data on the blockchain would be under the control of the CVA recipient, enabling data portability. This could mitigate some of the challenges of data sharing in CVA programming. There are many challenges that are yet to be resolved in relation to these emerging technologies, however.

7. Offer choice of modalities

When there are concerns that data shared with governments could lead to harm, affected people need to be fully and transparently informed as part of the consent process. While CVA processes are becoming increasingly digital, it is possible to reduce the amount of data that is required by offering alternatives.

CVA recipients should be given a choice of whether they want to provide their data and, if not, there should be an option to enrol in a CVA programme under a mechanism that requires minimal data collection, or to receive assistance that does not require Know Your Customer (KYC) or similar kinds of data.

In Libya, for example, the ICRC negotiated an agreement with an FSP to use sub-accounts where the due diligence and KYC are completed only on the main account holder, and not on those accessing sub-accounts.

Sub-accounts are then accessed through, for example, smart cards (e.g. pre-paid or ATM cards) that only have reference numbers attached to them, and no personal details. Beneficiaries are then able to withdraw cash without their personal data being provided to the FSP. Only the main account holder has access to the information linking the card or account to the beneficiary.

Another option is to use FSPs where individuals already have accounts, meaning that the KYC process has already been conducted. Not all agencies are able to offer these options, however, due to structure, size and dependencies on other agencies for systems and funding.

8. Establish secure systems with limited access

System design can help to reduce the amount of data shared with governments, whether legitimate, semi-legitimate or illegitimate. In Yemen, for example, a database was designed that only authorized persons can access based on their role. District level managers cannot access global level data. Enumerators can only upload data into the system, they cannot download it.

The system has triggers and safety measures designed into it, for example, time stamps and tracking of what an individual does and looks at within the system. Access levels are controlled by the Cash Consortium of Yemen. Information is unified and security is set so that no one can download data without approval.

9. Protect frontline staff and enumerators

Sometimes frontline staff and enumerators must field a great deal of illegitimate data-sharing requests. It is important to help keep them safe by designing data collection in ways that reduce their direct access to personal or sensitive data.

In Iraq, household-level data is collected using a mobile data collection app, and as soon as an enumerator hits ‘send’ the data goes to the cloud and nothing is saved onto the phone. If a phone is stolen or an enumerator is threatened, they cannot provide any data even if the phone is unlocked or they are forced to show the phone’s contents.

Where frontline staff are under pressure or need to negotiate and deter illegitimate data sharing with local government entities, training and support will be required. (It should be noted, however, that when cloud services are used, data crosses international boundaries, which may create other challenges related to cross-border data transmission.)

In some cases, it is better for international staff to take on the role of negotiation, as they might be less vulnerable to retributory responses than national staff. Conditions might be such that local staff should not operate in their home communities, where they can be identified and pressured or intimidated in various ways to share data, or even harmed.

10. Work as a united front within humanitarian systems

Formal and informal humanitarian coordination bodies such as Cash Working Groups (CWG), Humanitarian Country Teams (HCT) or the Inter-Cluster Coordination Group (ICCG) can play a role in helping to align positions and provide guidance to individual members. They can, for example:

• Work to raise awareness and understanding of data responsibility among members;
• Discuss scenarios in which governments might ask for data and determine which of those scenarios are legitimate, semi-legitimate or illegitimate;
• Agree on a coordinated approach and united message at national level on data sharing with governments;
• Provide ‘soft governance’ by directing policymakers to established guidelines;
• Support Country Humanitarian Teams to take a position and establish red lines around data sharing with governments;
• Agree standards and consistency across actors.

11. Keep other organizations informed

Individual organizations should:

• Inform the humanitarian coordination body (CWG, ICCG, HCT) if they already share data with governments or are planning to;
• Inform the coordination body if they are approached and asked to share data;
• Work within humanitarian principles and protection guidelines, for example, the core principle of ‘do no harm’, and follow principles for ethical and responsible data management (your own or borrowed from another organization with strong policies such as the ICRC or OCHA);
• Be transparent about government requests for information. Mobile network operators (MNOs) in particular report that they regularly have to deal with multiple government requests for customer information. While MNOs may have no option other than compliance with such requests, they are increasingly in need of greater transparency about the nature and scale of government access.